Searching \ for '[ot]: Spamfest? New assault?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=spamfest+new+assault
Search entire site for: 'Spamfest? New assault?'.

Exact match. Not showing close matches.
PICList Thread
'[ot]: Spamfest? New assault?'
2006\10\01@010410 by Robert Rolf

picon face
Is it just me, or have the spammers suddenly found a way through the
antispam filters? Or have they just increased their barrage?
I am getting 10 times the usual numbers of 'PHAabnRMA' drug promos (and others),
on MOST of my non disposable e-mail accounts (work/home).
Yahoo and hotmail seem to have the usual levels.

Robert


2006\10\01@022645 by Philip Pemberton

face
flavicon
face
Robert Rolf wrote:
> Is it just me, or have the spammers suddenly found a way through the
> antispam filters? Or have they just increased their barrage?
> I am getting 10 times the usual numbers of 'PHAabnRMA' drug promos (and others),
> on MOST of my non disposable e-mail accounts (work/home).
> Yahoo and hotmail seem to have the usual levels.

Looks like they've found a way through - image spam. I'm using a homebrew spam
filter (HAMster), but it can't cope with image spam because it has no OCR
support (and my NSLU2 probably won't be able to handle running jOCR on every
piece of image spam that arrives. I might add support for 'image
fingerprinting' ("how close is this image to a known spam image?"), but I
suspect that'll eat even more RAM and CPU time. On a 233MHz ARM9 with 32MB of
RAM, that's rarely a good thing.

Once I get Segment BV to refund the £48.80 they double-charged me (or file a
fraud report with my bank if they refuse), I might get another NSLU2 and give
it a RAM upgrade and install one of my PowerMods. 128MB (or even 256MB.. hmm)
should be enough for some decent spam filtering software, and might stop it
paging to disc as much when the MRTG update rolls around...

--
Phil.                         |  (\_/)  This is Bunny. Copy and paste Bunny
spam_OUTpiclistTakeThisOuTspamphilpem.me.uk         | (='.'=) into your signature to help him gain
http://www.philpem.me.uk/     | (")_(") world domination.

2006\10\01@080149 by Howard Winter

face
flavicon
picon face
Robert,

On Sat, 30 Sep 2006 23:04:05 -0600, Robert Rolf wrote:

> Is it just me, or have the spammers suddenly found a way through the
> antispam filters? Or have they just increased their barrage?
> I am getting 10 times the usual numbers of 'PHAabnRMA' drug promos (and others),
> on MOST of my non disposable e-mail accounts (work/home).
> Yahoo and hotmail seem to have the usual levels.

I'm getting these too, but more worrying is that I'm getting a lot of "mail delivery failed" messages that are for spam that I didn't send, but which has
spoofed my domain name as the sender.  I think it's time the authorities started enforcing the Computer Misuse Act - surely they can't all be based in
countries which don't have laws against this sort of thing?

Cheers,


Howard Winter
St.Albans, England


2006\10\01@090737 by peter green

flavicon
face
> Is it just me, or have the spammers suddenly found a way through the
> antispam filters? Or have they just increased their barrage?
> I am getting 10 times the usual numbers of 'PHAabnRMA' drug
> promos (and others),
> on MOST of my non disposable e-mail accounts (work/home).
> Yahoo and hotmail seem to have the usual levels.
btw if you haven't done so already set up greylisting, it will keep the bulk
of the spam out.

2006\10\01@100403 by John Ferrell

face picon face
Me too!

John Ferrell    W8CCW
"My Competition is not my enemy"
http://DixieNC.US

{Quote hidden}

> --

2006\10\01@100554 by Philip Pemberton

face
flavicon
face
Howard Winter wrote:
> I'm getting these too, but more worrying is that I'm getting a lot of "mail delivery failed" messages that are for spam that I didn't send, but which has
> spoofed my domain name as the sender.  I think it's time the authorities started enforcing the Computer Misuse Act - surely they can't all be based in
> countries which don't have laws against this sort of thing?

The problem lies in finding the source of the spam. These days, spammers are
using virus-infected 'zombie' machines and compromised (i.e. hacked) servers
to send out spam anonymously. First example - a virussed PC:

Received: from [125.230.14.102] (helo=bird-x.com)
       by serenity.castlecore.com with smtp (Exim 4.52)
       id 1GTsRD-0007D4-TQ
       for .....usenet06KILLspamspam@spam@philpem.me.uk; Sun, 01 Oct 2006 04:56:24 +0100

And a hacked machine with an open SMTP relay running on it:

Received: from [201.1.176.82] (helo=201-1-176-82.dsl.telesp.net.br)
       by serenity.castlecore.com with smtp (Exim 4.52)
       id 1GTmpL-00028P-37
       for *******@philpem.me.uk; Sat, 30 Sep 2006 22:56:57 +0100
Received: from 201.1.203.85 ([201.1.203.85]) by 201-1-176-82.dsl.telesp.net.br
with Microsoft SMTPSVC(5.0.2195.6713); Sat, 30 Sep 2006 19:59:11 -0200

Unfortunately posting on USENET, the SourceForge mailing lists or even the
PICLIST tends to provoke a large amount of spam. I posted a bug report to the
SDCC newsgroup last month, and my sfmail@ account is now reduced to unusability.

For extra grins, these viruses also harvest the Outlook and Thunderbird
address books and proceed to spam anyone on the list.

I've started setting up forwarders in cPanel for every site that requires an
email address for registration. At least that way I can trace back the leak
fairly easily, and delete any accounts that start receiving large quantities
of spam.

IMHO, anyone caught running a machine that's sending out spam should have
their internet connection terminated until a qualified technician has
certified (on penalty of perjury) that the machine has been disinfected,
any/all security patches installed, the firewall enabled and an antivirus has
been installed. Oh, and re-educate the users too, starting with The Basics of
Safe Hex.

But I suppose most *koff*idiots*koff* wouldn't pay any attention. As confirmed
by the fact I had someone bring me a PC *three times* for virus cleanup. On
the second and third callouts, I found that the owner had disabled the
antivirus and firewall "because [her] friend told [her] to". On the plus side
I made £100 out of those three jobs, but it hardly inspires confidence...

Can someone PLEASE pour some chlorine into the genepool?

--
Phil.                         |  (\_/)  This is Bunny. Copy and paste Bunny
piclistspamKILLspamphilpem.me.uk         | (='.'=) into your signature to help him gain
http://www.philpem.me.uk/     | (")_(") world domination.

2006\10\01@145636 by Sergey A.Dryga

face picon face
Howard Winter <HDRW <at> H2Org.demon.co.uk> writes:

>
> Robert,
>
> On Sat, 30 Sep 2006 23:04:05 -0600, Robert Rolf wrote:
>
> > Is it just me, or have the spammers suddenly found a way through the
> > antispam filters? Or have they just increased their barrage?
> > I am getting 10 times the usual numbers of 'PHAabnRMA' drug promos (and
others),
> > on MOST of my non disposable e-mail accounts (work/home).
> > Yahoo and hotmail seem to have the usual levels.
>
> I'm getting these too, but more worrying is that I'm getting a lot of "mail
delivery failed" messages that

I started to get a lot of these too, on my hosted account.  I do not have much
spam on my account with cable ISP, I wonder if they filter it out, and they do
whether I loose any emails.

Sergey

2006\10\02@033145 by Bob Axtell

face picon face
Robert Rolf wrote:
> Is it just me, or have the spammers suddenly found a way through the
> antispam filters? Or have they just increased their barrage?
> I am getting 10 times the usual numbers of 'PHAabnRMA' drug promos (and others),
> on MOST of my non disposable e-mail accounts (work/home).
> Yahoo and hotmail seem to have the usual levels.
>
> Robert
>
>
>  
I have found that my "learn" spam filter in thunderbird catches those
after teaching it that it is spam..

--Bob

2006\10\02@080929 by Larry G. Nelson Sr.

picon face
I have started using something called Catus Spam and have been very pleased with it. Still training it but after a few hundred messages I see very little spam in my in box and had only 1 or 2 in my spam box that were legit. It gets better every day at recognizing the crap from the good.
Larry

---- Bob Axtell <.....engineerKILLspamspam.....neomailbox.com> wrote:
{Quote hidden}

> --

2006\10\02@133022 by Roy

flavicon
face
Here is the link to the FREE Cactus Spam filter

http://www.codeode.com/spamfilter/index.html

_______________________________________

Feel the power of the dark side!  
Atmel AVR

Roy Hopkins
Tauranga
New Zealand
_______________________________________

> I have started using something called Catus Spam and have been very
> pleased with it. Still training it but after a few hundred messages I
see
> very little spam in my in box and had only 1 or 2 in my spam box that
were
> legit. It gets better every day at recognizing the crap from the good.
> Larry
>

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...