I hate spam, don't you?
17-08-2010: Server crash
I have had a terrible server crash. An overheated harddrive was completely erased! I failed to make backups so everything I collected is lost.
But I won't give up. Fix my server and continue. Most of the old data is recovered but I have to peace them together. So please be patient when you can't find what you're looking for
For now, everyting runs in a virtual environment (virtualbox.org) but that will change.
To be continued...
Facts:
Most of the spam is sent to my info-account, wich I don't have (and never had)!
So anyone who is sending mail there is put on my personal blacklist immediately.
Also most of my attacks come from China and Taiwan, they are also blocked (I don't know anyone there, except for Jackie Chan and Bruce Lee?!?)
Domains like "myfirstmail.com" are used a lot. If you check there website you probably understand why...
I consider my self lucky, I only receive spam about every 15 minutes. But I feel sorry for others out there who receive spam every minute!
Blocking spam to a 99.99% is really easy if you know what to look for! Some details I have to keep secret, but you can contact me if you want more info.
Actions:
On june 17 2007 I installed a fake SMTP, FTP and a DMZ honeypot server to log foreign activities.
And, slow these bastards down!
Let's see what happens...
Results:
Who is spamming me (check my logs)?
What can you do:
- NEVER put your emailaddress on your website, use a fill-in.
- Make sure you're address is not hidden in the fill-in (form), they will find it.
- Don't use opt-out's, they know for sure it's a valid address.
- Don't turn your PC into a zombie, install a proper firewall. Even the Windows firewall is better then nothing. Shut your PC down when you don't use it.
- If you have to register for something on the internet with your emailaddress, use a fake. See www.spam.la for example.
- When you send an email to all your friends at once, use the BCC (Blind Carbon Copy). They can't see the other addresses you used, and also a virus can't!
- If you own a mailserver (part I), find out if you can hook it up to an online blacklist, google for DNSBL
or go to sites like: www.spamhaus.org to get more information. I connected the Exchange server at work, the spam dropped by 85%!
- If you own a mailserver (part II) and it's posible to block sending hosts, block the following (responsible for about 70% of my spam!)
- HINET-IP.hinet.net (Taiwan)
- dynamic.hinet.net (Taiwan)
- dynamic.163data.com.cn (China)
- dynamic.so-net.net.tw (Taiwan)
- res.rr.com (United States)
- user.ono.com (Spain)
- If you own a mailserver (part III) and it's posible to block faked domains, block the following sender domains (responsible for about 60% of my spam!)
- @123.com
- @myfirstmail.com
- @delphi.com
- @rocketmail.com
- @juno.com
- @fastmail.fm
- And last but not least: DON'T use old versions of WinGate, it's not secure and an open invitation to scum.
Maybe your emailaddress is listed in an other spam database and you get other readings, let me know!
11-11-2009:
Strategies are changed. I get a lot more spam than 2 years ago.
Also the botnets are changed and the countries of origin change all the time.
But the spam is the same and still perfectly detectable.
Upcoming countries like China are now targets for spammers to create a botnet.
Lots of badly secured computers because of the use of illegal Windows and lack of security updates.
What wonders me also is that i still get the same kind of FTP attacks as more then 2 years ago.
I would have thought that worm or whatever would have died by now but it is still active (google "ftp sarcaxxo" to get more info).
People just don't seem to check there pc's and servers for any malware.
So, keep your PC up-to-date, install security updates. And get a good anti-virus solution. You can't do without it.
If you don't know how to implement a blacklist server like spamhaus.org check my DLL with a demo written in Delphi,
you can download it here: DEMO
Also let me know if you want the DLL code (also written in Delphi).
Links:
Good sites against spam:
www.spamhaus.org
www.spamcop.net
www.dnsbl.org
Other:
www.maxmind.com thanks for sharing there GeoIP lite database!
Final:
Wanna have a good laugh?
Check this out, great stuff! Alex Polyakov, one of the biggest spammers in the world get's it in the face:
Alex Polyakov calling/begging SpamSlayer
When they know that you own a smtp-server, this is the result:
port-scannes,
dictionary attacks, relay attempts, etc...