Page 2 of 5 FirstFirst 1 2 3 4 5 LastLast
Results 11 to 20 of 41

Thread: Been Slammed with Spambots Today

  1. #11
    Join Date
    Jul 2009
    Location
    SE corner of the Ozark Redoubt
    Posts
    22,218
    Post Thanks / Like
    Blog Entries
    23
    Hmmm, Wikileaks exposes 20k Demoncrat Emails, and all of a sudden there is a terrorist attack and a spam attack.
    Hmmmm.
    I don't mind being called far right.
    I have been right so far.

  2. LOL The321 LOL'd at this post
  3. #12
    Join Date
    Oct 2015
    Posts
    180
    Post Thanks / Like
    We have our own email server, will this work for us as well? We had more than one day that we have received 46,000, yes forty six thousand emails. Most comming from Portland, Dallas, Austin, New Jersey and eastern Europe

  4. #13
    Join Date
    Jan 2009
    Location
    Killeen, Tx
    Posts
    26,929
    Post Thanks / Like
    Blog Entries
    2
    15 & 16. Vietnam!

  5. #14
    Join Date
    Jan 2009
    Location
    Killeen, Tx
    Posts
    26,929
    Post Thanks / Like
    Blog Entries
    2
    17. Vietnam.

    I made the changes that Shawn suggested, so we'll see if I did it right...lol

  6. #15
    Join Date
    Jan 2009
    Location
    Killeen, Tx
    Posts
    26,929
    Post Thanks / Like
    Blog Entries
    2
    For those of you who don't scroll to the bottom of the forum homepage, here's what they look like. All the ones in shocking pink are the now banned bots.
    Attached Images Attached Images

  7. #16
    Join Date
    Apr 2012
    Location
    Killeen Texas
    Posts
    2,526
    Post Thanks / Like
    Quote Originally Posted by mat View Post
    This quote is hidden because you are ignoring this member. Show Quote
    We have our own email server, will this work for us as well? We had more than one day that we have received 46,000, yes forty six thousand emails. Most comming from Portland, Dallas, Austin, New Jersey and eastern Europe
    In the .htaccess file in the root directory, you can isolate a range to include an entire continent or down to the individual IP addresses.

    We did all the work to organize upstream provider ISP ranges of IP addresses for most all US based ISP's, for a Government project.
    (((SAY THAT 3 TIMES)))

    They wanted to isolate the ISP's that authorized TOR endpoints for reasons I don't entirely agree with, but they paid well, so WTH?

    So yes, if you have spammers in Dallas, 1st check the IP to see if it traces to 100TB as an upstream provider.

    If so, its more convenient to block the range then the individual IP's.

  8. #17
    Join Date
    Apr 2012
    Location
    Killeen Texas
    Posts
    2,526
    Post Thanks / Like
    Here is how we track down spammers and network hackers for our business clients ...

    1) We setup honeypots designed to entice the spammer like a mouse trap.


    2) The honey pots are constructed to appear as legitimate URL's from a variety of partners.

    3) When the target clicks in and begins the port probe or whatever scan they are up to, we own them.

    Unless they take the target device outside and pop a few rounds into it, the forensics we embed on the target device are going to stay embedded like herpes.

    Here is a spammer / account probe that hit a hospital client of ours.



    A Russian TOR endpoint used a Frontier communication ISP to initiate their evil doings from a residential home in Holland.

    Most likely some kid wanting to hack the insurance Companies database to capture social security numbers, bank routing numbers and account numbers.
    Attached Images Attached Images
    Last edited by ClickaNerd; July 23rd, 2016 at 11:13 AM. Reason: spelling

  9. #18
    Join Date
    Apr 2012
    Location
    Killeen Texas
    Posts
    2,526
    Post Thanks / Like
    Hey Rick, you may want to add this to .htaccess as well.
    Many of the webs annoyances are hidden under this proxy.
    Additionally, HMA keep leased IP logs.



    # Hide my ass US servers and VPN proxy
    deny from 74.63.112.138-74.63.112.146
    deny from 67.159.56.162-67.159.56.166
    deny from 74.63.86.218-74.63.86.222
    deny from 74.63.112.147-74.63.112.156
    deny from 66.90.73.223
    deny from 67.159.36.18-67.159.36.30
    deny from 95.154.230.253-95.154.230.254
    deny from 95.154.230.191
    deny from 67.159.5.242
    deny from 93.174.93.145

  10. #19
    Join Date
    Jan 2009
    Location
    Killeen, Tx
    Posts
    26,929
    Post Thanks / Like
    Blog Entries
    2
    I had to stop allowing account creations yesterday. I wasn't near a computer yesterday since I was fishing in the morning and then took daughter car shopping in the afternoon which turned into half the damn night and I kept getting "new user" notifications. Maybe a couple of days of getting rejected will force them to look somewhere else. I have never had activity like this from one area.

    The Cpanel has an IP deny manager, so I ban the range like this, 118.70.0.0 - 118.70.255.255. I'll try to put together a list of IP's from this mess and see if there's a pattern of some sort. They all seem to be different and may be spoofing others in the US. I got one from Denver last night.

  11. #20
    Join Date
    Jan 2009
    Location
    Killeen, Tx
    Posts
    26,929
    Post Thanks / Like
    Blog Entries
    2
    Here's one that registered yesterday. The IP is Lufkin, Tx. Note the email address.

    There is a new user, Charlie Primero at CenTexTalk.com

    To view their profile, go here:
    http://www.centextalk.com/vb/member....harlie-Primero

    Email Address : charlieprime+centextalk.com@fastmail.fm
    Birthday : June 6, 1966
    Referrer: N/A
    IP Address: 74.196.196.30

Page 2 of 5 FirstFirst 1 2 3 4 5 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •