Tag: spam

hn.kd.ny.adsl: Research, Ban

This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.

This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.

zomro.com Content Scraper: Research, Ban

midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.

There is a ransomware listing for crasher121.zomro.com 93.170.169.52. There are other comments such as “109.248.33.212 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.

Observation:
midex.zomro.com
178.159.39.142 anconsul.ru 2016-nov-06 zomro

Research:
midex.zomro.com 93.171.158.189 93.171.158.0 – 93.171.159.255 93.171.158.0/23
elk91.zomro.com 93.171.158.47

midex.zomro.com 93.170.141.97 93.170.141.0/24

zuahbbazek1.zomro.com 93.170.253.11 93.170.253.0/24

IPVNow.com Will Fool Anti-Bot Software

Fool, it would, an automated anti-bot system, because humans are more intelligent than bots. They are innovative, in their evil genius way. Computer security is all about the arms race. The better the methods, the better the counter measures, and then it repeats. No security measure is foolproof for very long.

IPVNow.com has a slew of host names that when you look them up, resolve successfully and all point to the same IP address, 103.224.182.241. This misdirection is what would fool the anti-bot software, because this IP is real and it points to a valid company, Trellian, which owns IPVNow.com. But banning this single IP does not stop the content scraping. Each host name has its own IP address that uses ISPs Ubiquity and Nobis. These are the IPs you need to ban.

customer.worldstream.nl: Banning Content Scraper

This host name is constantly scraping my site, but when I look it up it does not resolve. Searches on Google reveal that they seem to change their IP address very often. Many other sites are getting spammed and content scraped by this host. I have no alternative than to ban the whole IP range of customer.worldstream.nl.

I read my raw access log and the first column provides me with an IP address or host name. This first column is usually enough to target the specific IP that is errant, and I ban the last IP octet of 256 addresses.

Strange Host Names that I Cracked

These host names try hard to evade detection of their IP addresses, in order to scrape content and sometimes break into from web sites. They have specifically scraped mine and so I hunted them down and banished them. Often times the unix host command returns nothing, so research is required. This usually works.

Host Names I have Researched, Flummoxed

intra.cea.fr content scraped me, so I researched them.

is005045.intra.cea.fr 10.0.5.45
archie6420.intra.cea.fr 32.166.1.28

napsaci011.intra.cea.fr 132.166.177.50
napsaci012.intra.cea.fr 132.166.177.51
is151991.intra.cea.fr 132.166.118.1

kalahari.intra.cea.fr 132.167.4.137
aster.intra.cea.fr 132.167.197.147

gre018941.intra.cea.fr 132.168.11.11
gre019465.intra.cea.fr 132.168.11.112
gre045998.intra.cea.fr 132.168.11.183
grecfnimon01.intra.cea.fr 132.168.16.105
gre058496-24.intra.cea.fr 132.168.24.180
gre047417.intra.cea.fr 132.168.28.194
gre033069.intra.cea.fr 132.168.30.141
moises.intra.cea.fr 132.168.37.241
gre022491.intra.cea.fr 132.168.65.0
gre035045-160.intra.cea.fr 132.168.160.31

altairnew.intra.cea.fr 132.169.8.1
717rccair5235b.intra.cea.fr 132.169.13.1
aurel.intra.cea.fr 132.169.33.1
celaeno.intra.cea.fr 132.169.11.129

0x667.crypt.gy came back with a host lookup of 94.23.147.30, OVH. I cannot verify this IP address. Research is inconclusive. This guy uses a Microsoft server error code “1639 (0x667). Invalid command line argument” in his hostname.
server.crypt.gy 188.165.211.48

SeoOptimizedRankings SEORankingLinks Spam: How to Ban it

Pain in the butt, no doubt, is this spammer. He’s been spamming my blog for the last 6 months and whatever I did in my ban manager, it would not ban. I got mad enough to track him down, figure out how he does it, and hopefully ban him. Take a look at the audit trail he left me in my WordPress Akismet anti-spam filter. I am very thankful that Akismet stopped him from wrecking my blog, and I’ll be more careful and vigilant from now on.

seo plugin
SeoOptimizedRankings.com
ekmyds@gmail.com
107.172.198.171

SEORankingLinks.com
awssjhevf@gmail.com
107.172.206.7

SEORankingLinks.com
eyaqiuylmr@gmail.com
107.172.219.82

Email Phishing Scam: Online Air Canada Ticket Purchase

She phoned me in a tizzy: Someone had used her credit card to purchase an Air Canada ticket for $375CAD, and the flight was leaving in a couple of days. What to do? Firstly, is to calm down and not have a cow. To be safe, check your credit cards. The next step is to scrutinize the email to see if there are some illegitimate pieces of info in it. Is this really a risk or just a spam/phishing scam?

Here is her email:


From: Air Canada [mailto:tickets@aircanada.com]
Sent: February-17-14 9:05 AM
To: XXX XX
Subject: Your Order # FF6F57 - PROCESSED
Importance: High

Review of Funshion.com’s App: Parasitic

Looking for a way to stream HD news from China, I asked a Chinese friend for a recommendation. He said try Funshion.com. They have a downloadable program that I thought would facilitate streaming their movies. What I got was a program that was parasitic, spammy and hard to remove. If you are considering using Funshion, do not download this app.

The download went well, but at once I started getting a huge amount of popup boxes usually blocked by Adblock Plus. My bandwidth went up by a lot as well. Then I realized that the damn program installed not in my program files directory but in the main directory, all without asking. When I went to uninstall the program it said I had no access to do this.

Fine Tuning Access to your Web site

The web is said to be about free access, and I certainly agree. When China’s Great Firewall entered a more rigorous phase, and Google decided to leave China, some said that free access to information on the internet was a basic human right, I disagreed. Still, here in Toronto, Canada I do appreciate open internet access. There are limits, however, when certain people take advantage of your hospitality. People try to scrape your site to use for their purposes, they try to break in and use your site to launch their own malicious doings, they try to spam you so that your site’s comments increase their link and trackback stats. There are all kinds of schemes that cost the site owner bandwidth, and eventually money. The site owner is forced to increase his level of service from his ISP (or get kicked off of his shared service), or move to another ISP. This is not a zero sum issue: The site owner loses financially.