JD's Brain: January 2005 Archives

« December 2004 | Main | February 2005 »

January 27, 2005

Upgraded to MT 3.15

Movable Type 3.15 adds a few goodies like the "nofollow" tag proposed by Google (to fight spam--yay!) and a fix for a hole that allowed people to send mail using your forms (yes, spammers). I've just upgraded so dunno if anything broke, but it looks fine so far.

The sad part about it is that basically anything being done to improve email and blog products these days seems to be trying to prevent spam. I hope the "spam bubble" burst pretty soon and that spammers go back to their trailler parks (as opposed to the current mansions). At least I'd expect them to come from trailler parks and guettos. You wouldn't think that well educated American college kids would be the world's biggest spammers, right? Nah.

Posted by jdrowell at 10:54 AM | Comments (1)

January 10, 2005

simply-rx.com sucks!

simply-rx.com is the first entry in my new category, "This Sucks!". Everyone knows that I just _hate_ spam (uh, I said the "H" word, sue me!), and some spammers are just a lot more annoying than others. So to the proud owner of simply-rx.com, let me just say: YOU SUCK!

It's impossible to know for sure if any of the information collected by registars about the domains they get paid to register is true, but for whatever it's worth, here's some interesting info.

simply-rx.com

::Registrant::

Name      : Francisco Sneed
Email     : admin@simply-rx.com
Address   : La Mina No. 55, Cantabria
Zipcode   : 39478
Nation    : ES
Tel       : +34-942589889

This guy apparently hires some teenage punk to send all different kinds of spam using various methods. These spam messages point to bogus domains, which redirect (and presumably even account for - wow, spam affiliates!!!) back to simply-rx.com. Here are some of these bogus domains:

iazy.com
domain:       iazy.com
status:       lock
owner:        Mohammad Khan
email:        admin@taiwanmedialtd.com
address:      Kizilelma Caddesi No
address:      Findikzade
city:         Istanbul

Try visiting "http://Mohammad-eats-shit-for-breakfast.iazy.com" to see where you end up :)

Domain Name: NEATA.COM
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Surely "Bee Aa" is a real name!

Domain Name: KEEJ.COM
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Wooho corporation was really busy on Nov-11-04 :D. Goes to show that this information is pretty recent. I'm sure there are hundreds of others. Maybe spamhaus already has a lead on this guy, I surely hope so.

Feel free to block all the domains listed above, there's no chance in hell you'll ever get any legitimate email from them.

Peace.

Edited on 2005-01-13: Removed links, to prevent simply-rx from increasing its PageRank™. Duh! :P

Posted by jdrowell at 09:44 AM | Comments (84)

January 06, 2005

My own DNSBL

My trash folder used to hold about 2,000 spam (and non-spam) messages. Any mail older than 7 days is automatically deleted. Most of what was there never got to my email client, because I use bogofilter to do bayesian spam filtering.

That worked well on its own until I started getting _tons_ of spam. I wrote a bunch of scripts to identify the offending IPs and compile them into my own DNSBL (DNS Block List). It is publicly available at dnsbl.jdrowell.com. That's not a homepage, but a domain for the reverse IP lookups.

Since I started using this DNSBL, my trash folder trimmed down to about 200 messages (for the week). That includes my legitimate email (which I read and then delete). Not bad :) It also unloads my mail server, and, most importantly, makes spammers really angry. And poor. And suicidal (I wish).

The current count for dnsbl.jdrowell.com is about 70,000 IPs. I don't add blocks, only single IPs. I don't remove IPs unless I feel like it. I don't recommend that anyone use this DNSBL to actually block messages, but instead to flag spam as part of some greater process, such as using SpamAssassin or another similar tool.

That's about it. At a rate of about 2,000 new IPs every day (boy do I get spammed!), I'll probably have over 100,000 spam sources identified by the time you read this! Bring on the zombie botnets!

Posted by jdrowell at 04:13 AM | Comments (1)

JD's Brain

Where I try to organize my ideas. And rants. And everything else.