Spamhuntress

I must have ruffled a few feathers.

I noticed an insane spike in my bandwidth April 18, when I reviewed my traffic today.

Starting 18/Apr/2006:11:48:52 and stopping 18/Apr/2006:12:45:37, I had many hosts loading only the index page, all with the same user agent. In that time I hardly saw any legitimate looking requests in between all the phony ones.

There doesn’t seem to be a point to the barrage. The referrer is empty, and they only load the index page.

I started listing the participants, but gave up. There are just too many.

Update: I’m not the only one of the anti-spammers to be on the receiving end of DDOS attacks. One of my compatriotes is currently serving up 403’s if you click on a Google link to his site (yup, that’s exactly what I did…). I’d post the link, but he hasn’t gone public on this yet.

I got a slew of referrer spam from an outfit who’s trying to SELL people the secret behind promoting through blogging! I don’t get much referrer spam these days, so running this down was a worthy cause.

Get this, they send loads of referrers quickly, from the same IP address, using loads of different user agents, then switch to another IP address and then back.

The kicker is that one of those IP addresses are inside Google’s net block!

64.233.172.4

Matt, this isn’t good! Are they using the Google Web Accelerator, or Google wifi?

Oh, and this is so good I just have to show you exactly what they’re doing.

The spamvertized site is:
bloglegend.freewebteam.com
If you go to:
freewebteam.com
You’ll see that they think they can sell you the secret to SEO.

Hmmmm…. Wait a minute! This is the same outfit that’s spamming in such a way it’s glaringly obvious and just has to be spotted and banned?

And the Google cache of their site says there are data entry positions available… (dataentry.freewebteam.com)

Matt, get your red pencil out, these guys are too stupid to keep whatever Google mojo they’ve gained!

Whois:
Paragon Innovations Group
Domain Administrator (domains@ParagonIG.com)
638 Camino De Los Mares
Suite: H130A-240
San Clemente
CA,92673
US
Tel. +01.8007537784

If you follow the trail of Googling “Paragon Innovations Group” you’ll find they’re hawking all kinds of promotion stuff, and they’re none to discerning about what they make money on.

I just wanted to remind you all (for the nth time) that the time you could use catch all e-mail is past.

I had a domain I hadn’t done anything with. I had a one pager with an under construction sign or similar. No e-mail going in or out. And I’d forgotten to disable catch all. I found an inbox full of e-mail to the standard addresses - sales, webmaster etc. I was lucky spammers hadn’t started using it as a faked reply address yet!

Limit the number of addresses you use. The more addresses, the more chances you’ll get spam. You can of course retire an address once it gets intolerable amounts of spam. Just remember you shouldn’t do that unless you have a server that REJECTS e-mail (I’m talking big picture here, consumers will of course do whatever they like. But cancelling an e-mail address with a server that bounces e-mail to non-existent addresses adds to the spam problem). If you have a domain on an e-mail server that bounces mail to non-existent addresses, at the very least ask your postmaster why.

I was reading Richi’s tongue in cheek list of challenges to people who think they’ve got a solution to spam, and remembered all the people who wrote to me trying to get me to tout their solutions - usually along the lines of using catch all, using encoded addresses whenever you sign up for something new, then retire addresses that start to get spam.

Guys, using unique addresses for each place you sign up for comment is an excellent idea, if you WANT to receive lots of spam, and your shtick is to find out exactly what sites are used to feed spammer lists….

And please send out mail to all your friends (with all those addresses in the BCC fields), warning them NOT to forward the latest hoax to all their friends. All those addresses in those much forwarded messages eventually end up on spam lists, with no interaction from those who receive them. I got one of those Bill Gates is sharing his wealth e-mails THIS WEEK! Just forward this e-mail and he’ll pay out. Yeah, right… I can’t get past how gullible people are…

EDIT: An ex-spammer said they didn’t collect e-mail addresses that got into forwards. But he forgot one thing: Viruses that go through all received mail and extract addresses. I don’t know if these viruses go through the body of the mail, but if they do, they will get all those e-mail addresses in forwarded hoaxes.

Update: Yup, Valleywag can’t get a confirmation anywhere, and admits it probably wasn’t true.

Too bad…

———–

I’ve been only sporadically online lately, so I missed this one until today:

Valleywag: Scoop: DOJ jails Spam King! Alan Ralsky might rat out a massive hacker / spammer network

Follow the story as it unfolds in Valleywag

Looks like it hasn’t been confirmed by the DOJ yet. The only confirmation I’ve seen was one thread on NANAE with a little more information. The guy who broke it there was deemed a troll by the group, which means it’s by no means a sure thing yet.

In that same discussion, Steve Linford of Spamhaus was quoted as saying Alan Ralsky was NOT under arrest at the time.

The unconfirmed troll also posted:

Some info I’ve been cleared to post:

* Ralsky’s associate Scott Bradley has also been taken into custody
along with the operators of Optigate Networks.
* Much of the bust info came from the raid of the One Wilshire
datacenter in LA a couple months ago.

Slashdot also covered the story

Spamhaus ROKSO listing

But….

I guess the proof is in the pudding. Has the Ralsky related spam stopped?

I’ve been invited to speak at the first spam symposium in Europe. I just took a look at the website, and they’re planning on having a live webcast, so you guys can listen in, even if you can’t come! They’ll even keep the archive online for a while.

EU Spam Symposium 2006

I’ll be tackling spammer tracking, for e-mail spam!

Be sure to tune in!