Site Security Keeping Your Community Safe from Hackers and Other Unwelcome Visitors.

Reply
 
Thread Tools

  #1  
Old 09-05-2006, 03:18 PM
shellspeare's Avatar
shellspeare shellspeare is offline
Adminstein
 
Real Name: Shell
Join Date: Feb 2005
Admin Experience: Advanced
Location: Notts UK
Age: 43
Posts: 2,561
shellspeare will become famous soon enough
 
Please add your findings to this list to help admins combat this latest influx of spam

@cashette.com
@gawab.com
@mail.ru
@freestuffo2.com
@freestuffo1.com
@freestuffo3.com
@freestuffo4.com
@cash.com
@tradedoubling.co.uk

Last edited by PalePhoenix; 01-27-2007 at 02:37 AM.. Reason: inclusion
Reply With Quote
  #2  
Old 09-05-2006, 08:50 PM
Pygor Pygor is offline
TAZ Regular
 
Join Date: Sep 2006
Location: Scotland
Posts: 36
Pygor will become famous soon enough
Default
*@users.1go.dk
*@one.lt
*@isuisse.com
*@iespana.es
*@mytrashmail.com
*@bigmir.net
*@pornoroxx.net
*@freenet.de
*@mail15.com
*@fromru.com
*@hotpop.com
*@cashette.com
*@*.ru
*@ukr.net
*@sibmail.com
*@thecannabishunter.com
*@advertfast.com
*@gawab.com

Some more to watch out for, some old some new.

*@163.com
*@aichyna.com
*@berahe.info
*@bi-dating.info
*@bk.ru
*@bookee.com
*@cashette.com
*@ccxt.info
*@chcb.info
*@corsa-tuning.
*@deo-vindice
*@domain141.com
*@europe.com
*@fanaticars.info
*@faza.ru # masterhost.ru
*@find-love.info
*@for-fun.info
*@foteret.info
*@freefreemail.info
*@gawab.com
*@gold2world.biz
*@grifon.info
*@inbox.ru
*@korsun.pp.ru
*@list.ru
*@mail.ru
*@mail333.com
*@moyareklama.ru
*@msk.su
*@muuh.info
*@myxost.com
*@ne-quid-nimis.info
*@nil-admirari.info
*@octivian.com
*@pisem.net
*@pochta.ru
*@pooperduperz@gmail.com
*@porn.com
*@portsaid.cc
*@prescrip.pl
*@punkass.com
*@qlfg.com
*@rambler.ru
*@sibmail.com
*@skim.com
*@smeh.info
*@spambob.net
*@tele-vision.info
*@tut.by
*@ukr.net
*@vxaz.com
*@yandex.ru
*@yufz.com

Last edited by PalePhoenix; 02-18-2007 at 04:12 AM..
Reply With Quote
  #3  
Old 09-05-2006, 11:04 PM
Moparx's Avatar
Moparx Moparx is offline
GNU/Linux Inside
 
Join Date: May 2004
Admin Experience: Advanced
Posts: 675
Moparx will become famous soon enough
Default
purple_lover_04 @msn.com
hollie.smith @yahoo.com
hollister.susan @gmail.com
alexptre @gmail.com
@6url.com
@bumpymail.com
@cashette.com
@centermail.com
@centermail.net
@discardmail.com
@dodgeit.com
@e4ward.com
@emailias.com
@fakeinformation.com
@front14.org
@gawab.com
@ghosttexter.de
@gishpuppy.com
@greensloth.com
@inbox.ru
@jetable.org
@kasmail.com
@link2mail.net
@mail.ru
@mailexpire.com
@mailmoat.com
@mailinator.com
@mailnull.com
@messagebeamer.de
@mytrashmail.com
@nervmich.net
@netmails.net
@netzidiot.de
@nurfuerspam.de
@pookmail.com
@portsaid.cc
@privacy.net
@punkass.com
@sneakemail.com
@sofort-mail.de
@sogetthis.com
@spam.la
@spambob.com
@spambob.net
@spambob.org
@spamday.com
@spamex.com
@spamgourmet.com
@spamhole.com
@spaminator.de
@spammotel.com
@spamtrail.com
@tempinbox.com
@trash-mail.de
@trashmail.net
@ukr.net
@xents.com
@wuzup.net
@zoemail.com
__________________

Last edited by PalePhoenix; 01-27-2007 at 02:31 AM..
Reply With Quote
  #4  
Old 09-07-2006, 07:03 AM
Leilani Leilani is offline
Tazmanian
 
Real Name: ???
Join Date: Oct 2005
Admin Experience: Advanced
Posts: 373
Leilani will become famous soon enough
Default
Specifically targeting YaBB boards with pr0n, as reported at the YaBB Support Forum:

alexcoppa @mail.ru
donald92139 @yahoo.com
donald92137 @yahoo.com
donald92135 @yahoo.com
donald92137 @yahoo.com
donald9251 @hotmail.com

Last edited by PalePhoenix; 02-23-2007 at 06:19 AM..
Reply With Quote
  #5  
Old 09-08-2006, 01:31 PM
AutoKathy AutoKathy is offline
Tazmanian
 
Real Name: Kathy
Join Date: Nov 2005
Admin Experience: Advanced
Posts: 109
AutoKathy is on a distinguished road
Default
*@mail.ru
*@cashette.com
avatarofgrowth27 @aol.com
loginrtsma @land.ru
*@*.ru
lihach111 @mail.ru
*@fromru.com
*@xoxma.net
deus_ex_m4china @hotmail.com
marjohn1a4 @hotmail.com
*@marketingops.com
*@pisem.net
*@pleasantphoto.com
*@reitkopf.com
*@inbox.ru
*@mail333.com
*@mail.ru
*@list.ru
*@mail15.com
*@minelab.ru
593593 @hotmail.com
*@bk.ru
bread38 @hotmail.com
agapingmaw @yahoo.com
*@yandex.ru
*@kefir.000buy.com
*@bigfreemail.info
loginen @cashette.com
qwertyu88 @mail333.com

*@casino-poker-web.com

jasonwitch @thecannabishunter.com
amandakreek @thecannabishunter.com

umaxikus
umaxikus @businessvoc.com

Birthday: 1983-03-28

This was on a YaBB board, and the software didn't pick up the IP.

Anyone seen spammers from this address:
@naebal.info

(Yes, I know it's an info address, but not all info are spammers, one of my email addresses is an info one).

We've had two join within 24 hours and I'm pretty sure it's spam but can't find any evidence.

Quote:
Originally Posted by Ondemannen View Post
Anyone seen spammers from this address? It is not a free e-mail service, it is paid and the site owner frown upon spammers after complaints.

Until recently my problem has mainly been the .info, added the wildcard address *.*info and the spamming has diminshed quite a bit.
Yes, we've had:

mikegladsz
mikegsz @runbox.com

He didn't post on our forum, but a google search shows his first post to be:
Quote:
Hi! I signed up here just this week.

Sorry for my laziness, but I wanted to ask if anyone could point me to any particularly relevant posts that I should check out first, so I can get up to speed here?

Thanks, Mike
Quote:
Originally Posted by AutoKathy View Post
Anyone seen spammers from this address:
@naebal.info

(Yes, I know it's an info address, but not all info are spammers, one of my email addresses is an info one).

We've had two join within 24 hours and I'm pretty sure it's spam but can't find any evidence.
Yep, they are spambots, the Botmaster/Xrumer bots. I ran another google search today and this time they showed up - we must have been hit in 'round 1' and google hadn't had time to pick them up when i first searched.

Yes, it's spam.

A google search of 'babyfons.com' brings up several pages of the website appearing in profiles. A name which keeps appearing is 'vpromtek' - they don't post but have a wide taste in forums, registering on many, all around 18th Feb.

All typical spammy behaviour.

vpromtek also uses '@avrilka.net' as an email in one 'silent spam' profile - and a google search of that brings up some spam post in vpromtek's name.

I won't repeat it here - just google 'vpromtek' or '@avrilka.net' if you want to see it for yourself.

Just for information, babyfons traces back to:

Quote:
Domain Name: BABYFONS.COM

Registrant:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. +45.36946676

Creation Date: 01-Nov-2006
Expiration Date: 01-Nov-2007
__________________
Kathy

Last edited by PalePhoenix; 02-23-2007 at 06:18 AM..
Reply With Quote
  #6  
Old 09-09-2006, 07:50 AM
Lightning Lightning is offline
Tazmanian
 
Join Date: May 2005
Admin Experience: Advanced
Posts: 196
Lightning has a spectacular aura about
Default
Mine's fairly comprehensive, but one occaisonally still gets in and it seems they're always using a Yahoo or Hotmail address.

@mailinator.com
@pornobilder-mal-gratis.com
yamaha_raptor_80 @hotmail.com
Carved_bench93 @hotmail.com
@cashette.com
@mail.ru
@spambob
@gawab.com
@bumpymail.com
@centermail.com
@centermail.net
@discardmail.com
@dodgeit.com
@e4ward.com
@emailias.com
@fakeinformation.com
@front14.org
@ghosttexter.de
@jetable.net
@kasmail.com
@link2mail.net
@mailexpire.com
@mailinator.com
@mailmoat.com
@messagebeamer.de
@mytrashmail.com
@nervmich.net
@netmails.net
@netzidiot.de
@nurfuerspam.de
@privacy.net
@punkass.com
@sneakemail.com
@sofort-mail.de
@sogetthis.com
@spam.la
@spamex.com
@spamgourmet.com
@spamhole.com
@spaminator.de
@spammotel.com
@spamtrail.com
@trash-mail.de
@trashmail.net
@wuzup.net
@portsaid.cc
@sriaus.com
@ukr.net
@pisem.net
@mail333.com
@gold-profits.info
@sibmail.com
hollister.susan @gmail.com
@algerie.cc
@blida.info
@mascara.ws
@oran.cc
@oued.info
@oued.org
@bahraini.cc
@manama.cc
@cameroon.cc
@djibouti.cc
@timor.cc
@alex4all.com
@alexandria.cc
@aswan.cc
@banha.cc
@giza.cc
@ismailia.cc
@mansoura.tv
@portsaid.cc
@sharm.cc
@sinai.cc
@suez.cc
@tanta.cc
@zagazig.cc
@eritrea.cc
@guinea.cc
@najaf.cc
@amman.cc
@aqaba.cc
@irbid.ws
@jerash.cc
@karak.cc
@urdun.cc
@zarqa.cc
@kuwaiti.tv
@safat.biz
@safat.info
@safat.us
@safat.ws
@salmiya.biz
@kyrgyzstan.cc
@baalbeck.cc
@hamra.cc
@lebanese.cc
@lubnan.cc
@lubnan.ws
@agadir.cc
@jadida.cc
@jadida.org
@maghreb.cc
@marrakesh.cc
@meknes.cc
@nador.cc
@oujda.biz
@oujda.cc
@rabat.cc
@tangiers.cc
@tetouan.cc
@dhofar.cc
@gabes.cc
@ibra.cc
@muscat.tv
@muscat.ws
@omani.ws
@salalah.cc
@seeb.cc
@pakistani.ws
@falasteen.cc
@hebron.tv
@nablus.cc
@quds.cc
@rafah.cc
@ramallah.cc
@yunus.cc
@abha.cc
@ahsa.ws
@albaha.cc
@alriyadh.cc
@arar.ws
@buraydah.cc
@dhahran.cc
@jizan.cc
@jouf.cc
@khobar.cc
@madinah.cc
@qassem.cc
@tabouk.cc
@tayef.cc
@yanbo.cc
@dominican.cc
@khartoum.cc
@omdurman.cc
@sudanese.cc
@hasakah.com
@homs.cc
@latakia.cc
@palmyra.cc
@palmyra.ws
@siria.cc
@tajikistan.cc
@bizerte.cc
@gafsa.cc
@kairouan.cc
@nabeul.cc
@nabeul.info
@sfax.ws
@sousse.cc
@tunisian.cc
@ajman.cc
@ajman.us
@ajman.ws
@fujairah.cc
@fujairah.us
@fujairah.ws
@khaimah.cc
@sanaa.cc
@yemeni.cc
@zambia.cc
@au.ru
@bk.ru
@fromru.ru
@front.ru
@go.ru
@halyava.ru
@hotmail.ru
@id.ru
@inbox.ru
@land.ru
@list.ru
@mailgate.ru
@newmail.ru
@nextmail.ru
@nm.ru
@notmail.ru
@ok.ru
@pochta.ru
@rambler.ru
@ru.ru
@sendmail.ru
@yandex.ru
@zmail.ru
@gomail.com.ua
@mail15.com
afixphone @icerocket.com
*phone*

The last one is present because I get a ton of the cell phone spammers and for some reason, about 1/3 of them have the word phone in their email address. I figure adding it wouldn't hurt too much given that not one of my real members has phone in their email address.

Last edited by PalePhoenix; 01-27-2007 at 02:34 AM..
Reply With Quote
  #7  
Old 09-09-2006, 09:08 PM
Bill Archibald's Avatar
Bill Archibald Bill Archibald is offline
TAZ Rookie
 
Join Date: Sep 2006
Admin Experience: Intermediate
Location: Norfolk,MA
Posts: 9
Bill Archibald is on a distinguished road
Default
Well this might as well be my first post
No need to welcome me, it's understood, and if you knew me, you wouldn't

Found this forum while looking EXACTLY for this kind of list, thanks.

I had an inclination to do just what PalePhoenix says, especially with all .info e-addresses.

Another clue we are noticing is that the birthday of January 1, 1980 are all non-legit regs.

AND here are a few more to the list (I'm sure there is at least one already listed, but I'm too lazy to check again
)
@brainyonline.info
@burnacouplemore.com
@list.ru
@alertonline.info
@onlinehoster.com
@abilityonline.info
@camefromblue.info

again, much thanks for the list.

-bill
Reply With Quote
  #8  
Old 09-09-2006, 09:28 PM
Mephisto's Avatar
Mephisto Mephisto is offline
Pharaoh
 
Real Name: Juan
Join Date: Jul 2006
Admin Experience: Intermediate
Location: Mexico City
Age: 30
Posts: 87
Mephisto is on a distinguished road
Default
I had no problem with spammers until this one

*@free.familybrutal.com
Reply With Quote
  #9  
Old 09-11-2006, 11:33 AM
Wile E Wile E is offline
TAZ Rookie
 
Join Date: Jun 2006
Admin Experience: Beginner
Posts: 15
Wile E is on a distinguished road
Default
I didn't see this one listed so I'll add
xkje.com

I recently had one register with a link and email address with xkje.com. So I googled xkje.com and I got tons of links to profiles on other message boards that all had xkje.com links as their website, no posts and "real" sounding names. The website link always has different words after the xkje.com, that are joined by hyphens. Some of the additional words seem fairly innocuous but others are obvious spam.

I had one get through today and post about 12 spam threads, fortunately one of my mods was on and rapidly deleted the threads. I banned the iqsearch.org domain after this.

Username: smashxfbqueen
Email: sixthnhorion at iqsearch.org

I had another iqsearch.org spammer join at the same time but they did not post yet, so I deleted them.


I've also had the atlas one mentioned above. I've banned the email domains he uses.

I had no email bans when I took over as admin a couple months ago, I know have about 2 dozen and add more everyday

Okay, add this guy to your bans. I googled his username and he's making the rounds on numerous boards within the past couple days.
username: DoctAlex
dralex AT andgarden.org

he's promoting a "news" site and I noticed it comes up #1 on a search for his user name.

I have had a rash of names joining in the past few days that are similar. None of them have links in their profile which I find odd, and none have posted anything yet. They all have email domains that look like they would be spammer email domains. I have done some google searches on the usernames and I get no hits on the names. Most of my spammers seem to show up on dozens of MB profiles when I google the user names, but not these guys.

My theory is that either they are waiting and plan to spam the forums at some point or they are testing my email domain bans since I have banned numerous spammer domains. I did delete one of these names that contained the words "teen" and the nickname for Richard, I knew it couldn't possible be good. My gut says delete them all but I was curious to see if anyone here has seen these names or emails. Note they all follow a similar pattern and some contain the same words.

Basan
Basan @ youremailsoftware.org

Terhatedder32
Terhatedder32 @ superemailfree.org

Tedtardup91
Tedtardup91 @ dotfreeemail.org

Teentardtedan5
Teentardtedan5 @ emailmandirect.org

Mosterteenup3
Mosterteenup3 @ greatemailaccount.org

Tardanup56
Tardanup56 @ emailmandirect.org

Basanteen59
Basanteen59 @ totalemaildirect.org

We just got hit by a new wave of .ru spammers tonight and @web.de. The second one included someone who managed to post porm spam.

Here's a list:
Mariax1988
marix99 @ web.de < -this was the porn spammer

Ramstor
bigbloger @ web.de

loanjfcs
fwfxan @ xatqcxox.com

supermailler
nep1924 @ pochta.ru

russkoepivo
rapor1817 @ smtp.ru

mobman
opus490 @ pochta.ru

ruscash
faza1717 @ fromru.com

ksanaksalman
rapor1819 @ hotbox.ru

zemfalman
opus489 @ mail15.com

ksanaksalman11
rapor1818 @ land.ru

abcandx
abcand @ inmail24.com

AmericaAirline 111
tom @ xxx-search.info

I had a suspicious poster named dara join and post a thread titled: My Las Vegas Vacation!?. The text started out like this:

I had no luck searching the name or domain but when I searched for the text of the post I found the exact same thing all over the place but with different usernames. There were no links in the post so I'm not sure how they are actually spamming, unless the plan was to come back and add links. The email was

ebani AT thatsthegame DOT com


I have also recently had two porn spammers from this domain:
o2.pl

I have blocked all .info and .biz links, in the way you have it written. I don't think it's bad to do because I couldn't find a single legit poster who used those domains. I still get lots of spam, but I at least don't get those ones you all have posted that use info or biz domains.

I don't know if this has been posted but our old spammer friends at gawab.com have started using gawab.comi.

I am also getting a lot of Italian and/or Spanish porn spammers lately. Everything is posted in Italian or Spanish but the links are pretty obvious what they are referring to, apparently "masturbate" is the same word in English and Italian.
here's a recent one;
onefortwotwentytwo AT yahoo.co.uk <-I'm seriously considering banning this domain.

And yet another penis enlargement spammer:
HerbalPeniss penispils AT tlen.pl

Last edited by PalePhoenix; 02-23-2007 at 06:25 AM..
Reply With Quote
  #10  
Old 09-11-2006, 12:55 PM
TopHatter TopHatter is offline
TAZ Rookie
 
Join Date: Sep 2006
Admin Experience: Beginner
Posts: 5
TopHatter is on a distinguished road
Default
I know that plenty of these have been mentioned but I'll put it up here anyway.

@gawab.com
@cashette.com
@mail.ru
@list.ru
@advertfast.com
@portsaid.cc
@ukr.net
@globalsources.com
@tradedoubling.co.uk
@wasphawk.ru
@giza.cc
@cute-boys.orga.cc
@sanaa.cc
@myway.com
@inbox.com
Reply With Quote
  #11  
Old 09-11-2006, 04:20 PM
Bill Archibald's Avatar
Bill Archibald Bill Archibald is offline
TAZ Rookie
 
Join Date: Sep 2006
Admin Experience: Intermediate
Location: Norfolk,MA
Posts: 9
Bill Archibald is on a distinguished road
Default
I figure if I add another one today:

iqsearch.org (online casino search)

I can use it as a launch platform to take exception to this
Quote:
Originally Posted by PalePhoenix
even if I haven't considered Subaru a legitimate company since 1982.
HEY, I own a 97 Legacy Brighton Wagon. and I still love it.



-Bill
Reply With Quote
  #12  
Old 09-13-2006, 12:57 AM
basskiller basskiller is offline
TAZ Rookie
 
Join Date: Jul 2004
Posts: 5
basskiller is on a distinguished road
Default
the BURNACOUPLEMORE.COM guy just hit me also with his pump and dump stocks bullcrap



Registration Service Provided By: NameCheap.com
Contact: support @NameCheap.com
Visit: namecheap.com

Domain name: BURNACOUPLEMORE.COM

Registrant Contact:
EphedraMax
George Wells (leadkid11@yahoo.com)
+1.7122440948
Fax: +1.5555555555
3000 Stone Park Blvd
Sioux City, IA 51104
US

Administrative Contact:
EphedraMax
George Wells (leadkid11@yahoo.com)
+1.7122440948
Fax: +1.5555555555
3000 Stone Park Blvd
Sioux City, IA 51104
US

Technical Contact:
EphedraMax
George Wells (leadkid11@yahoo.com)
+1.7122440948
Fax: +1.5555555555
3000 Stone Park Blvd
Sioux City, IA 51104
US

Status: Locked

Name Servers:
ns1.freeseriously.info
ns2.freeseriously.info

Creation date: 23 May 2006 18:08:28
Expiration date: 23 May 2007 18:08:28

Last edited by PalePhoenix; 02-23-2007 at 05:45 AM..
Reply With Quote
  #13  
Old 09-16-2006, 03:07 PM
Cyburbia's Avatar
Cyburbia Cyburbia is offline
Tazmanian
 
Real Name: Dan
Join Date: Jan 2004
Admin Experience: Advanced
Location: Upstate New York
Age: 48
Posts: 352
Cyburbia is just really niceCyburbia is just really nice
Default
I try to break down my banned email list into seven categories:

1) Free email providers that are unlikely to be used by legitimate forum members, but are frequently used among spammers (mail.ru, cashette.com, gawab.com, etc.)

35.ru
3fn.net
3gcare.com
56.com
a.org.ua
abha.cc
adtoad.com
agadir.cc
ahsa.ws
ajman.cc
ajman.us
ajman.ws
albaha.cc
alex4all.com
alexandria.cc
algerie.cc
allspaces.com
alriyadh.cc
amman.cc
aqaba.cc
arar.ws
aswan.cc
baalbeck.cc
bahraini.cc
banha.cc
beep.ru
bizerte.cc
bk.ru
bobidiko.com
bonbon.net
buffnet.net
buraydah.cc
cameroon.cc
cashette.com
chat.ru
ciber.com
cnuninet.com
crestorbanda.net
dbzmail.com
dhahran.cc
dhofar.cc
djibouti.cc
dominican.cc
eastday.com
email.ru
e-mail.ru
emails.ru
e-mails.ru
eritrea.cc
ezmail.ru
falasteen.cc
freemail.ru
fromru.com
fromru.ru
front.ru
fujairah.cc
fujairah.us
fujairah.ws
gabes.cc
gafsa.cc
gala.net
gals4all.com
gamebox.net
gawab.com
giza.cc
gmx.net
go.ru
guinea.cc
hamra.cc
harvestfee.com
hasakah.com
hebron.tv
homs.cc
hotbox.ru
hotmail.ru
hotpop.com
ibra.cc
i-connect.ru
ifrance.com
imail.ru
inbox.ru
irbid.ws
ismailia.cc
isuisse.com
jadida.cc
jadida.org
jerash.cc
jizan.cc
jouf.cc
kairouan.cc
karak.cc
khaimah.cc
khartoum.cc
khobar.cc
khv.ru
kuwaiti.tv
kyrgyzstan.cc
land.ru
latakia.cc
lcgrowth.com
lebanese.cc
libero.it
list.ru
lubnan.cc
lubnan.ws
madinah.cc
maghreb.cc
mail.by
mail.ru
mail15.com
mail2k.ru
mail333.com
mailgate.ru
mailpuppy.com
manama.cc
mansoura.tv
marrakesh.cc
mascara.ws
masterhost.ru
meknes.cc
muscat.tv
muscat.ws
nabeul.cc
nabeul.info
nablus.cc
nador.cc
najaf.cc
narol.ru
nefigasebe.com
newmail.ru
nextmail.ru
nightmail.ru
nm.ru
null.com
nxt.ru
omani.ws
omdurman.cc
online.ru
oran.cc
oued.org
oujda.biz
oujda.cc
pakistani.ws
palmyra.cc
palmyra.ws
phreaker.net
pisem.net
pochta.ru
pochtamt.ru
portsaid.cc
punkass.com
qassem.cc
quds.cc
rabat.cc
rafah.cc
ramallah.cc
rambler.ru
safat.us
safat.ws
sahyog.com
salalah.cc
sanaa.cc
scut.edu.cn
seeb.cc
sexmagnet.com
sfax.ws
sharm.cc
sify.com
sina.com
sinai.cc
siria.cc
smtp.ru
sousse.cc
spb.ru
sudanese.cc
suez.cc
supermail.ru
tabouk.cc
tajikistan.cc
tangiers.cc
tanta.cc
tayef.cc
teghhu.com
terrgfhu.com
terru.com
tetouan.cc
timor.cc
tma.ru
toughguy.net
tunisian.cc
tut.by
tyt.by
ua.fm
ukr.net
ukrtop.com
urdun.cc
usa.com
valentinno.com
vipmail.ru
wwwomen.ru
xoxma.com
yahoo
yanbo.cc
yandex
yemeni.cc
yuhknow.com
yunus.cc
zagazig.cc
zambia.cc
zarqa.cc
zmail.ru
zonnewater.net


Yes, I ban Yahoo addresses. If a Yahoo user wasn't a spammer, there were more often than not problems with validation emails ending up in junk mail boxes, full mailboxes, inactive accounts, and other things causing bounces and general mayhem. It was just too much work. Banning Yahoo eliminated Nigerian 419, cell phone/Nokia and private message spam. Most of my users have access to alternative email addresses -- their work or ISP address -- so they have options. Blocking Yahoo didn't hurt membership; the rate of new members remained about the same both pre-ban and post-ban.

Disclaimer: Most gawab.com and mail.ru users are legitimate, but the likelihood of one of those non-spamming registering on an English-language board are probably rare. If you run a Russian language-based forum, you'll probably have a much higher ratio of legitimate users to spammers with the Russian, Belarusian and Ukranian free email providers. Relative to new members, the number of spammers registering from mail.ru may seem small. If you run an Arabic site, blocking gawab.com and its associated addresses may hurt your prospective membership.

If you run a non-English site outside of an English-speaking country and you find that everyone that registers from aol.com is a spammer, it makes sense to ban the address, even though most AOL users that register on US boards will be legitimate.

2) Disposable spamhole-type accounts (dodgeit.com, sneakemail.com, spamgourmet.com, etc.) While these are only occasionally used by spammers, the main reason for banning them is that they are quickly forgotten by those using them for forum registration. If you're trying to contact a user with a spamhole address a year after they registered, they're probably not going to see your mail.

bumpymail.com
centermail.com
centermail.net
discardmail.com
dodgeit.com
e4ward.com
emailias.com
front14.org
ghosttexter.de
jetable.net
jetable.org
kasmail.com
link2mail.net
mail333.com
mailblocks.com
maileater.com
mailexpire.com
mailinator.com
mailmoat.com
mailnull.com
mailshell.com
mailzilla.com
messagebeamer.de
mytrashmail.com
nervmich.net
netmails.net
netzidiot.de
nurfuerspam.de
pookmail.com
portsaid.cc
privacy.net
punkass.com
shortmail.net
sibmail.com
sneakemail.com
sofort-mail.de
sogetthis.com
spam.la
spambob.com
spambob.net
spambob.org
spamex.com
spamgourmet.com
spamhole.com
spaminator.de
spammotel.com
spamtrail.com
tempinbox.com
trash-mail.de
trashmail.net


3) Spammer-owned domains that don't provide free email to the general public. This includes sites like burnacouplemore.com, freestuffo1.com, tradedoubling.co.uk, and the like. Addresses like this make up only a very small percentage of the users that register just to spam. The goofy domains like drugs-pills-casinos-wet-asian-teens-mortgage-refinancing-oem-software.biz and the like are usually only used once; I can't add every known domain like this to the list.

4) Top-level domains where there have been many spam-related registrations, and few no legitimate user registrations. For me, this includes:

.biz
.info
.lv


The list of banned TLDs may vary from board to board, and country to country. Many ban .cn, .ph and .kr, but my site gets quite a few legitimate users from China, the Philippines and South Korea, with few spammers.

Yes, I know there's a few legitimate .biz and .info users. Still, why put up with the hundreds of spammers that will register from such domains, just to the convenience of the one legitimate user with such an address that may or register five years from now?

5) Email address keywords.
These are words you see in an address or domain name that have a high correlation with spammers. The short list includes:

asdf
azer
business
casino
cialis
dating
drug
financial
hydrocodone
instant
levitra
marketing
mortgage
nobody
nomail
noresponder
phentermine
pills
poker
promote
qwer
refinanc
sales
tramadol
xanax
xfactor
viagara
zxcv


The last two categories are a personal email address blacklist, and a personal domain blacklist; people who aren't spammers, but still don't want around. These lists are fairly small.

Last edited by Cyburbia; 09-17-2006 at 01:46 PM..
Reply With Quote
  #14  
Old 09-16-2006, 09:22 PM
Cyburbia's Avatar
Cyburbia Cyburbia is offline
Tazmanian
 
Real Name: Dan
Join Date: Jan 2004
Admin Experience: Advanced
Location: Upstate New York
Age: 48
Posts: 352
Cyburbia is just really niceCyburbia is just really nice
Default
Quote:
Originally Posted by PalePhoenix
Any suggestions--for IPB in our case--how we might incorporate those lists into a single file and ban them all at once? It's great as a glossary reference, but I'd like to stamp them out completely, and for most of the reasons you already provided.
For vBulletin, it's address-space-address-space-... or address-space-return-address-space-return-... . For IPB, I really don't know. Sorry.

The list won't stop most astroturfing/ashleeturfing-type spam ("Hey, check out this kewl band!!!11!!"). Much of that kind of spam comes from the unpaid "street teams" of Fanscape and other guerilla marketing firms. Users posting a certain number of verifiable messages to bulletin boards are rewarded with t-shirts, CDs, and other schwag. The street teamers usually register from their normal email accounts.

http://www.fanscape.biz/site.aspx?section=1&item=7

For that type of spam, you have to be savvy; look for new users hyping some band, TV show or Web site, but in an almost conversational style.

Last edited by Cyburbia; 09-16-2006 at 09:32 PM..
Reply With Quote
  #15  
Old 09-17-2006, 01:25 PM
Cyburbia's Avatar
Cyburbia Cyburbia is offline
Tazmanian
 
Real Name: Dan
Join Date: Jan 2004
Admin Experience: Advanced
Location: Upstate New York
Age: 48
Posts: 352
Cyburbia is just really niceCyburbia is just really nice
Default
Quote:
Originally Posted by Dragonlair
This is one that I cannot agree with. I cannot see the justification of banning an entire country.
The one problem with banning .ru is that if you're using vBulletin with the "Agressive Email Banning" enabled, you're going to ban anyone with an address that includes .ru, not just those with Russia TLDs.

I've got several users on my board with [something]@[department].rutgers.edu addresses; apparently students and faculty at Rutgers University in New Jersey. As an experiment, I added .ru to the banned email lists, with "Aggressive Email Banning" enabled, and tried to register a new account using "test@test.rutgers.edu address. The registration was blocked.

If you don't expect anyone from Rutgers to register, and you're unlikely to have any legitimate users from Russia, do a straight .ru block. Really, it stretches the bounds of political correctness to tolerate registration from hundreds of spammers, just to make it easy for that very rare Russian user that may or may not register for your board sometime in the next five years.

I catch hell over blocking Nigeria in my .htaccess file -- every IP range in the country, including satellite companies that serve Nigerian customers -- because "99% of all internet users in Nigeria are legitimate." That may be the case, but they're not the ones signing up on my message board; it's just the 419ers, private message spammers and Nokia spammers. I'm not going to deal with cleaning up hundreds of spam messages and banning hundreds of spammers just because someday, in the distant future, my site may see a legitimate user register from Nigeria.

Last edited by Cyburbia; 09-17-2006 at 01:37 PM..
Reply With Quote
  #16  
Old 09-17-2006, 01:45 PM
Bill Archibald's Avatar
Bill Archibald Bill Archibald is offline
TAZ Rookie
 
Join Date: Sep 2006
Admin Experience: Intermediate
Location: Norfolk,MA
Posts: 9
Bill Archibald is on a distinguished road
Default
Cyburia,

I hope not everyone takes your cue and bans all yahoo accounts. Real people with valuable contributions make up many of OUR users, hell I think I'm registered to this forum with my yahoo account.

Anyway, got a few more with similarities

@301boot.info
@301drush.info
@301azn.info

you all can make your own conclusions about what to ban.

-Bill
Reply With Quote
  #17  
Old 09-18-2006, 01:23 AM
Cyburbia's Avatar
Cyburbia Cyburbia is offline
Tazmanian
 
Real Name: Dan
Join Date: Jan 2004
Admin Experience: Advanced
Location: Upstate New York
Age: 48
Posts: 352
Cyburbia is just really niceCyburbia is just really nice
Default
Quote:
Originally Posted by Damian
Would you mind sharing this part of your .htaccess file?
Code:
# Block Nigeria.  Yes, the whole damn country.  
<limit GET HEAD POST PUT DELETE>
order allow,deny
# Nigerian/African 419 Scammers IP addresses
deny from 12.166.96.32/27 41.220.64.0/20 61.11.230.112/29 62.56.128.0/17 62.56.235. 62.56.236. 62.56.244.0/22 62.56.248. 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178. 63.73.58. 63.100.193. 63.103.138. 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.248.128/25 63.122.154. 64.110.30. 64.110.31. 64.110.64.16/28 64.110.76.0/23 64.110.81. 64.110.93.16/28 64.110.93.176/28 64.110.147. 64.201.33.0/24 65.209.91. 65.209.92. 66.18.64.0/19 66.110.31. 66.178.7.16/29 66.178.7.32/28 66.178.46.0/24 66.178.55. 66.178.62. 66.178.80.176/29 66.178.81.64/29 66.199.241.82 66.205.20. 80.87.64.0/19 80.88.128.0/20 80.88.129. 80.88.130. 80.88.131. 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.136. 80.88.137. 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140. 80.88.141.0/25 80.88.141.128/27 80.88.142. 80.88.143.128/24 80.88.144.0/23 80.88.146. 80.88.147. 80.88.148. 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150. 80.88.151. 80.88.152. 80.88.153. 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29
deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.43. 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.59.19 80.255.59.0/24 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 81.199.6.0/24 81.199.7.0/24 81.199.72.0/22 81.199.76.0/24 81.199.82.0/23 81.199.84.0/22 81.199.84. 81.199.85. 81.199.86. 81.199.87. 81.199.88. 81.199.89. 81.199.90.0/24 81.199.94.0/23 81.199.108.0/22 81.199.124.0/22 81.199.240.0/21 82.128.0.0/17 83.229.100.0/23 84.254.188.3 84.254.128.0/18
deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128. 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22. 195.44.168.0/21 195.44.176.0/21 195.137.13. 195.137.14. 195.166.224.0/19 195.166.237.40 195.166. 195.219.176. 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.29.208.0/20 196.38.110.0/23 196.45.192.0/18 196.46.240.0/21 196.46.144.0/22 196.200.0.0/20 196.200.64.0/20 196.200.112.0/20 196.201.64.0/19 196.201.64.128/25 196.201.65.0/24 196.202.160.0/19 196.202.224.0/21 196.207.0.0/20 196.207.128.0/18 196.207.192.0/18 196.207.247.0/24 196.220.0.0/19 204.118.170.0/24 209.88.163. 209.101.84. 209.159.164. 209.159.166.0/24 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.96.2.0/23 212.96.4. 212.96.28. 212.96.29. 212.96.30. 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135. 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24
deny from 213.136.96.0/24 213.136.116.0/24 213.140.62.0/23 213.150.192.0/23 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112. 213.185.113.0/26 213.185.124. 213.187.135. 213.187.145. 213.211.128.0/18 213.211.188.0/24 213.232.96. 213.255.193. 213.255.195.0/25 213.255.195.128/27 213.255.198. 213.255.199. 216.72.104.0/21 216.129.147.128/28 216.129.159. 216.133.174. 216.147.132.144/28 216.147.132.160/28 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.24/29 217.20.243.32/27 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5. 217.146.6.0/25 217.146.6.160/27 217.146.7. 217.146.8.0/25 217.146.9. 217.146.10.128/25 217.146.11.0/25 217.146.12. 217.146.13. 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.194.140.0/22 217.194.144.0/20 217.20.242.0/27 217.20.242.32/28 217.20.242.48/29
# Pan Am Sat: Nigeria
deny from 216.139.160.0/19 216.139.176.136/29
# New Skies Satellite Service: UK (provides service to Nigerian cybercafes)
deny from 66.178.0.0/17
# Versatel: Netherlands (provides service to Nigerian cybercafes)
deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 82.93. 82.168.0.0/14
# Goldenlines.net.il: Israel (provides service to Nigerian cybercafes)
deny from 80.179.244.0/24
# Teleglobe: Canada (reassigned IP blocks to Nigerian cybercafes)
deny from 64.86.155.0/24 64.201.33.0/24
# Sky-Vision: Cameroon
deny from 83.229.64.0/18 217.194.144.0/20
# Netdish S.p.A.L.: Italy (provides service to Nigerian cybercafes)
deny from 83.137.61.0/24
# Net Planet Earth Limited: Cyprus (provides service to Nigerian cybercafes)
deny from 82.211.128.0/18
allow from all
</limit>

Last edited by Cyburbia; 09-18-2006 at 12:39 PM..
Reply With Quote
  #18  
Old 09-18-2006, 09:17 PM
brew brew is offline
TAZ Rookie
 
Join Date: Sep 2006
Posts: 1
brew is on a distinguished road
Default
JaneLoan_B
logine @freefreemail.info
24.22.50.195

tramq0193
ii3 @ukr.net
203.190.250.104

Gurusha34
atlas34 @sibmail.com
200.107.54.7

this started hitting pretty badly within the past few weeks on 3.5.4
time to upgrade to the latest vbulletin.

user:ClubCont
email: frl @vaosoft.com

seems to be a variant of clubcontrol @vaosoft.com
which spams message boards advertising their internet cafe software.

69.31.86.134 (delaware, usa) - guessing it's a zombie pc

Last edited by PalePhoenix; 02-23-2007 at 08:42 AM..
Reply With Quote
  #19  
Old 09-19-2006, 02:09 PM
Cyburbia's Avatar
Cyburbia Cyburbia is offline
Tazmanian
 
Real Name: Dan
Join Date: Jan 2004
Admin Experience: Advanced
Location: Upstate New York
Age: 48
Posts: 352
Cyburbia is just really niceCyburbia is just really nice
Default
I'm seeing myway.com associated with a lot of Nigerian 419 and Nokia spam elsewhere online. I searched through my user database, and didn't find anyone with a myway.com address. I just added it to my ban list.
Reply With Quote
  #20  
Old 09-20-2006, 04:59 AM
Rednotdead Rednotdead is offline
TAZ Rookie
 
Join Date: Sep 2006
Admin Experience: Advanced
Posts: 3
Rednotdead is on a distinguished road
Default
ones that have been hitting our boards recnetly

datingservices.com
ukr.net
giza.cc
sibmail.com
sanna.cc
Reply With Quote
Reply

  Admin Zone Forums > The Community Zone > Managing an Online Community > Site Security





Currently Active Users Viewing this Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
.ru email addresses jcerious Members & Staff 71 12-20-2006 12:14 PM
Damage limitation from forged from: addresses in spam? Alex Apple Site Security 7 09-22-2006 07:58 PM
Spam email list rasp Members & Staff 10 06-01-2006 10:43 AM
Re-validating email addresses cinq Members & Staff 14 12-29-2004 11:09 PM


 

All times are GMT -4. The time now is 09:09 AM.


Powered by: vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Page generated in 0.15369797 seconds with 14 queries
The Admin Zone copyright 2003-2014 All Rights Reserved. Content published on The Admin Zone requires permission for reprint.