We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Spam J-3


oles@ovh.net
10-24-2010, 04:12 PM
example, I don't know ... 188.165.192.90 ?

http://www.senderbase.org/senderbase...188.165.192.90
http://www.spamcop.net/w3m?action=ch...88.165.195.199

804 N Sep 20 23:30:46 5217492847@repo ( 68) [SpamCop (188.165.195.199) id:5217492847]It is the chance o =?iso-88..
2327 N Sep 23 01:46:16 Sergey Gorovoy ( 61) [SpamCop (188.165.195.199) id:5220330235]Reliable online ph =?iso-88..
4196 N Sep 26 14:27:42 5225062129@repo ( 60) [SpamCop (188.165.195.199) id:5225062129]What is your healt =?iso-88..
4532 N Sep 26 19:03:02 5226070613@repo ( 79) [SpamCop (188.165.195.199) id:5226070613]Reveal the secret =?iso-88..
5182 N Sep 26 03:22:08 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5227605200]Hi, take health pi =?iso-88..
7073 N Sep 29 10:10:04 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5231568740]Life health in you =?iso-88..
7635 N Sep 29 21:54:05 Simon Hova ( 35) [SpamCop (188.165.195.199) id:5232785775]\/\/\/NUMBER ONE ONLINE DRUG-STORE!\/\/\
9030 N Oct 01 19:41:02 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5236118942]Become a real expe =?iso-88..
9902 N Oct 03 20:17:35 Roanan ( 66) [SpamCop (188.165.195.199) id:5238547171]Be proud of what y =?iso-88..
13994 N Oct 08 23:33:52 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5247626051]Just live a full l =?iso-88..
14359 N Oct 09 02:27:38 Stephen Ermann ( 69) [SpamCop (188.165.195.199) id:5248453071]Anxiety, stress, d =?iso-88..
14468 N Oct 10 03:53:02 blackhole@abuse ( 138) ARF report from TDC regarding IP 188.165.195.199, report id 4711043
15830 N Oct 11 10:10:23 Minoru TODA ( 76) [SpamCop (188.165.195.199) id:5251407819]1
16808 N Oct 12 22:33:59 Mister Dave ( 75) [SpamCop (188.165.195.199) id:5253656555]Let them call you =?iso-88..
16809 N Oct 13 02:33:59 Mister Dave ( 61) [SpamCop (188.165.195.199) id:5253657095]Drive your problem =?iso-88..
17514 N Oct 13 10:43:56 5255286955@repo ( 81) [SpamCop (188.165.195.199) id:5255286955]Life health in you =?iso-88..
17633 N Oct 14 02:08:34 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5255698447]Make women dream a =?iso-88..
18826 N Oct 15 07:58:29 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5258630197]Make women dream a =?iso-88..
19123 N Oct 16 11:57:28 Spam Hater ( 52) [SpamCop (188.165.195.199) id:5259895793]This is your fair =?iso-88..
19182 N Oct 16 04:56:06 Karen Bagnall ( 44) [SpamCop (188.165.195.199) id:5260183071]Your wife will nev =?iso-88..
19810 N Oct 18 01:19:06 WeFrySpam ( 65) [SpamCop (188.165.195.199) id:5262476429]What is your healt =?iso-88..
20145 N Oct 18 02:06:11 WeFrySpam ( 60) [SpamCop (188.165.195.199) id:5263711880]Let your potency d =?iso-88..
21362 N Oct 20 02:48:38 Simeon Tankard ( 65) [SpamCop (188.165.195.199) id:5266781485]Let your men?s pow =?iso-88..
22500 N Oct 21 17:23:14 blackhole@abuse ( 119) ARF report from TDC regarding IP 188.165.195.199, report id 4916609
23840 N Oct 24 12:26:55 Gankoj Samurai ( 63) [SpamCop (188.165.195.199) id:5274073894]Join those who liv =?iso-88..

and on the server:

Niglos 30683 0.0 0.0 5172 500 ? S Jun23 0:00 /usr/bin/perl inbox.pl
Niglos 30717 0.0 0.0 5172 500 ? S Jun22 0:00 /usr/bin/perl inbox.pl
Niglos 30815 0.0 0.1 4944 3460 ? Ss Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30859 0.0 0.1 5164 3788 ? S Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30952 0.0 0.0 4944 1048 ? Ss Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 30953 0.0 0.1 5176 3800 ? S Oct09 0:02 /usr/bin/perl inbox.pl
Niglos 30956 0.0 0.0 4944 1048 ? Ss Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 30970 0.0 0.1 4944 3460 ? Ss Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 30976 0.0 0.0 4944 404 ? Ss Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 30988 0.0 0.1 5172 3796 ? S Oct09 0:01 /usr/bin/perl inbox.pl
Niglos 30990 0.0 0.0 4944 1048 ? Ss Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 30991 0.0 0.0 5164 500 ? S Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 31027 0.0 0.0 5164 1296 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31065 0.0 0.0 5168 1324 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31071 0.0 0.0 5172 1300 ? S Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 31113 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31118 0.0 0.1 5176 3800 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31166 0.0 0.1 5172 3796 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31175 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31196 0.0 0.0 5176 1332 ? S Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 31234 0.0 0.0 5164 1300 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31245 0.0 0.0 5164 1296 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31266 0.0 0.0 4944 404 ? Ss Jul17 0:00 /usr/bin/perl inbox.pl

tcp 0 0 188.165.195.199:37417 89.167.219.1:25 ESTABLISHED 15160/perl
tcp 0 0 188.165.195.199:37040 89.167.219.1:25 ESTABLISHED 3616/perl
tcp 0 0 188.165.195.199:43671 89.167.219.1:25 ESTABLISHED 26116/perl
tcp 0 0 188.165.195.199:60018 89.167.219.1:25 ESTABLISHED 4571/perl
tcp 0 0 188.165.195.199:44990 89.167.219.1:25 ESTABLISHED 24511/perl
tcp 0 0 188.165.195.199:41900 89.167.219.1:25 ESTABLISHED 18319/perl
tcp 0 0 188.165.195.199:44189 210.145.113.10:25 ESTABLISHED 21621/perl
tcp 0 0 188.165.195.199:58052 89.167.219.1:25 ESTABLISHED 20858/perl
tcp 0 0 188.165.195.199:35796 89.167.219.1:25 ESTABLISHED 11028/perl
tcp 0 0 188.165.195.199:37043 89.167.219.1:25 ESTABLISHED 16731/perl
tcp 0 0 188.165.195.199:34803 89.167.219.1:25 ESTABLISHED 13643/perl
tcp 0 0 188.165.195.199:37344 89.167.219.1:25 ESTABLISHED 973/perl
tcp 0 0 188.165.195.199:58165 89.167.219.1:25 ESTABLISHED 4768/perl
tcp 0 0 188.165.195.199:49812 89.167.219.1:25 ESTABLISHED 2114/perl
tcp 0 0 188.165.195.199:58141 89.167.219.1:25 ESTABLISHED 23610/perl
tcp 0 0 188.165.195.199:36088 89.167.219.1:25 ESTABLISHED 24483/perl
tcp 0 0 188.165.195.199:57828 89.167.219.1:25 ESTABLISHED 22184/perl
tcp 0 0 188.165.195.199:42590 89.167.219.1:25 ESTABLISHED 22212/perl
tcp 0 0 188.165.195.199:51452 89.167.219.1:25 ESTABLISHED 23516/perl
tcp 0 0 188.165.195.199:48609 89.167.219.1:25 ESTABLISHED 19231/perl
tcp 0 0 188.165.195.199:48024 89.167.219.1:25 ESTABLISHED 27181/perl
tcp 0 0 188.165.195.199:38390 210.145.113.10:25 ESTABLISHED 18690/perl
tcp 0 0 188.165.195.199:54245 89.167.219.1:25 ESTABLISHED 15935/perl
tcp 0 0 188.165.195.199:56757 89.167.219.1:25 ESTABLISHED 30988/perl
tcp 0 0 188.165.195.199:38066 210.145.113.10:25 ESTABLISHED 29321/perl
tcp 0 0 188.165.195.199:35592 89.167.219.1:25 ESTABLISHED 17304/perl
tcp 0 0 188.165.195.199:38764 89.167.219.1:25 ESTABLISHED 2479/perl
tcp 0 0 188.165.195.199:34920 89.167.219.1:25 ESTABLISHED 14353/perl


[root@ns310321 root]# lsof -n |grep 21621
inbox.pl 21621 Niglos cwd DIR 9,2 4096 23093250 /home/Niglos/cgi-bin
inbox.pl 21621 Niglos rtd DIR 9,1 4096 2 /
inbox.pl 21621 Niglos txt REG 9,1 708188 41456 /usr/bin/perl
inbox.pl 21621 Niglos mem REG 9,1 90006 124422 /lib/ld-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 7867 66655 /usr/lib/perl5/5.6.0/i386-linux/auto/Sys/Hostname/Hostname.so
inbox.pl 21621 Niglos mem REG 9,1 86812 124429 /lib/libnsl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 13966 124427 /lib/libdl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 174032 124428 /lib/libm-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 1363451 124425 /lib/libc-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 25283 124426 /lib/libcrypt-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 95207 66496 /usr/lib/perl5/5.6.0/i386-linux/auto/POSIX/POSIX.so
inbox.pl 21621 Niglos mem REG 9,1 18333 66482 /usr/lib/perl5/5.6.0/i386-linux/auto/IO/IO.so
inbox.pl 21621 Niglos mem REG 9,1 19591 66651 /usr/lib/perl5/5.6.0/i386-linux/auto/Socket/Socket.so
inbox.pl 21621 Niglos mem REG 9,1 45283 124436 /lib/libnss_files-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 46697 124439 /lib/libnss_nisplus-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 15888 124435 /lib/libnss_dns-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 65212 124440 /lib/libresolv-2.2.5.so
inbox.pl 21621 Niglos 0r CHR 1,3 93524 /dev/null
inbox.pl 21621 Niglos 1w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 2w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 3u IPv4 92836087 TCP 188.165.195.199:44189->210.145.113.10:smtp (ESTABLISHED)
inbox.pl 21621 Niglos 8u REG 9,1 1024 229927 /var/webmin/sessiondb.pag
inbox.pl 21621 Niglos 9u REG 9,1 0 229926 /var/webmin/sessiondb.dir

oles@ovh.net
10-24-2010, 03:04 PM
Hello,
We are currently completing developments related to the fight against spam generated by our network. We think we will run these mechanisms this week. Developments started 9 months ago and will take another 2 months to complete.

IPs that spam will be blocked on port 25 output. That is, if we consider that a server sends spam, we'll stop it. All the rest of the service, including receiving emails will continue to operate.

We will rely on complaints received by various sites such as http://www.spamcop.net. Customers must first fix the problem on these sites and see if there are more problems on the IP for Ovh to unblocked the sending of emails from the server. Meanwhile, the customer can not order a new server or have a new IP.

The entire process will be automatic and public. Thus, we will highlight networks of spammers (if any) but also say that OVH is currently blocking and why and then who Ovh unlocks and why. Total transparency. We know exactly what Ovh has done/do (or not) to prevent spam from our network.

So if you receive spam from our network, do not send complaints to abuse@ovh.net but simply report the spam to http://www.spamcop.net. They will send it to us and we will take the necessary actions ...

The same methods are used for phishing, malware and botnets. At the same time, we should also publicise IP's that are spam on our network and highlight (in turn) networks that specialise in this activity there ... Technically the code originally written is evolving to be based on "firm tokyo" and "Kyoto" that we already use for the proposed anti-phishing (you were able to test the speed approx 1 week ago). It only needs the "privateCloud" for a development to go directly to prod and we can change the project's flexible infrastructure with a few clicks ... There we again lost time doing "sysadmin-1999-like" ...

Find out more:

http://fallabs.com/tokyocabinet/
http://fallabs.com/kyotocabinet/

All the best

Octave