venerdì 28 dicembre 2007
gmail.com 50% spammers ?!
with a mysql select on my forum db for @gmail users, it seems, that 50% are spammers, and only the other 50% are regular accounts.
Spam came back!
New kind of spam is hiting my forum.
The mail server is everytime the same "gmail.com". Language and time are correct for my italian forum. No other informations are provided in the user account. No websites, no signatures. I can't block this recognizing user infos.
I must have an idea!
The mail server is everytime the same "gmail.com". Language and time are correct for my italian forum. No other informations are provided in the user account. No websites, no signatures. I can't block this recognizing user infos.
I must have an idea!
sabato 24 novembre 2007
A spammer is breaking the wall
This morning, after an entire month of serenity, a spammer breaks the MSW and my forum. His mail server is gmail.com and i cannot stop it. In the next days i will study this case to fix this bug in my precious forum.
giovedì 25 ottobre 2007
blacklist.php - update 08 - 25/10/2007
fromru.com today added to the list. will this be the last update?
Here you can read the updated blacklist.php file content:
// ---------------------------------------
function isSpam($eml)
{
$retVal = false;
$blackList = array( '1gb.info',
'2000lv.com',
'acceptcredit4u.info',
'achlan.cn',
'acquireton.com',
'adof.biz',
'ajrq.info',
'allandsads.cn',
'allandsmovies.cn',
'allcarehome.org',
'allfarm.cn',
'allsexmovie.info',
'amorki.pl',
'asff.info',
'atlaskit.com',
'autogid.org',
'avrilka.net',
'axigenmail.com',
'bestcarehome.org',
'bestcarhireforu.biz',
'bestfarmshop.cn',
'bigmir.net',
'bimgir.net',
'bk.ru',
'bljat.info',
'bluebottle.com',
'bonbon.net',
'bulk-actionz.info',
'buy-24h.net.ru',
'buziaczek.pl',
'chineseplugins.org',
'chukcarbo.com',
'clipssite.cn',
'clxub.com',
'cvportal.net',
'dfm.com',
'diet-us.info',
'dkblog.org',
'doge7k.com',
'dorspaceebook.com',
'downloadcrackfreesoftware.com',
'e-nation.ee',
'ebookcomspace.com',
'elfox.net',
'elovejob.info',
'erositaly.org',
'farminlive.cn',
'fda-medications.com',
'fene4ek.net',
'fola.biz',
'forward-privacy.org',
'fromru.com',
'fvoe.biz',
'gaohgy.com',
'gawab.com',
'gerop.cn',
'goak.info',
'goldwarez.org',
'goodnesss.com',
'goolook.ru',
'greatfarm.cn',
'greatwall36.org',
'healthinsurance4u.biz',
'hhwntai.cn',
'hhrntai.cn',
'hhrntaiccc.cn',
'homeallhome.org',
'homehome.org',
'hotpop.com',
'hotsearchusa.com',
'hyipprogram.org',
'i.ua',
'idbud.info',
'idlyn.info',
'ihan.info',
'inbox.ru',
'inet.ua',
'izmail.net',
'jetfix.ee',
'jrobi.info',
'kdmf-division.info',
'kinozal.tv',
'kqtr.info',
'kremenchug.ws',
'krim.ws',
'kzro.net',
'lipetsk.in',
'list.ru',
'lugarus.com',
'lviv.in',
'lvovs.com',
'macb-download.info',
'mail.by',
'mail.com',
'mail.health-ua.com',
'mail.ru',
'mail.saratov.com',
'mail333.com',
'mainru.com',
'medmail.info',
'metaping.com',
'moviesandklips.cn',
'mykqtr.info',
'mykqtr.info',
'mymail-in.net',
'mysspaccedorr.com',
'mysspaccedorrr.com',
'mysspaccedorrrr.com',
'mytop-in.net',
'neo-explode.org',
'nightmail.ru',
'o2.pl',
'onet.eu',
'onlinebetter.org',
'online-webportal.biz',
'orkeor.cn',
'penispillsenlargement.co.uk',
'peugeot-club.org',
'phreaker.net',
'playstationcrack.com',
'pmrmail.com',
'pozitifff.com',
'qwoe.biz',
'ramireschat.com',
'refinancce.biz',
'rfbjr.info',
'safebox.ru',
'saginaw-home-buyers-agent.com',
'sdfl.biz',
'sevastopol.in',
'simferopol.krim.ws',
'soccer-league.biz',
'spyslay.com',
'stylebrand.com',
'sweetville.net',
'tenbit.pl',
'terbuny.net',
'thesitelink.biz',
'tlen.pl',
'topmagic.org',
'trivas.cn',
'tyrists.info',
'tut.by',
'ua-news.net',
'ua.fm',
'uaclub.net',
'uastar.net',
'ukr.net',
'ukrmail.org',
'uncaf.cn',
'vilip.info',
'webcivil.org',
'webforpeople.org',
'wels.com',
'wp.pl',
'wpof.biz',
'yalta.krim.ws',
'yandex.ru',
'yardsormeters.info',
'yellow-jackets.com',
'youriloan.com',
'yourkqtr.info',
'zadonsk.net',
'zaraq.cn',
'zelmira.cn',
'zenxengine.cn',
'zeos.net',
'zinsco.cn',
'zirkon.cn',
'zoomers.cn',
'zubba.cn',
'zukav.cn',
'zuzanna.cn');
$eml = substr($eml, strrpos($eml, "@")+1);
$retVal=in_array($eml,$blackList);
if ($retVal==FALSE){
$dBlackList=array('.cn','.ru');
$eml=substr($eml,-3);
$retVal=in_array($eml,$dBlackList);
}
return $retVal;
}
?>
Here you can read the updated blacklist.php file content:
// ---------------------------------------
function isSpam($eml)
{
$retVal = false;
$blackList = array( '1gb.info',
'2000lv.com',
'acceptcredit4u.info',
'achlan.cn',
'acquireton.com',
'adof.biz',
'ajrq.info',
'allandsads.cn',
'allandsmovies.cn',
'allcarehome.org',
'allfarm.cn',
'allsexmovie.info',
'amorki.pl',
'asff.info',
'atlaskit.com',
'autogid.org',
'avrilka.net',
'axigenmail.com',
'bestcarehome.org',
'bestcarhireforu.biz',
'bestfarmshop.cn',
'bigmir.net',
'bimgir.net',
'bk.ru',
'bljat.info',
'bluebottle.com',
'bonbon.net',
'bulk-actionz.info',
'buy-24h.net.ru',
'buziaczek.pl',
'chineseplugins.org',
'chukcarbo.com',
'clipssite.cn',
'clxub.com',
'cvportal.net',
'dfm.com',
'diet-us.info',
'dkblog.org',
'doge7k.com',
'dorspaceebook.com',
'downloadcrackfreesoftware.com',
'e-nation.ee',
'ebookcomspace.com',
'elfox.net',
'elovejob.info',
'erositaly.org',
'farminlive.cn',
'fda-medications.com',
'fene4ek.net',
'fola.biz',
'forward-privacy.org',
'fromru.com',
'fvoe.biz',
'gaohgy.com',
'gawab.com',
'gerop.cn',
'goak.info',
'goldwarez.org',
'goodnesss.com',
'goolook.ru',
'greatfarm.cn',
'greatwall36.org',
'healthinsurance4u.biz',
'hhwntai.cn',
'hhrntai.cn',
'hhrntaiccc.cn',
'homeallhome.org',
'homehome.org',
'hotpop.com',
'hotsearchusa.com',
'hyipprogram.org',
'i.ua',
'idbud.info',
'idlyn.info',
'ihan.info',
'inbox.ru',
'inet.ua',
'izmail.net',
'jetfix.ee',
'jrobi.info',
'kdmf-division.info',
'kinozal.tv',
'kqtr.info',
'kremenchug.ws',
'krim.ws',
'kzro.net',
'lipetsk.in',
'list.ru',
'lugarus.com',
'lviv.in',
'lvovs.com',
'macb-download.info',
'mail.by',
'mail.com',
'mail.health-ua.com',
'mail.ru',
'mail.saratov.com',
'mail333.com',
'mainru.com',
'medmail.info',
'metaping.com',
'moviesandklips.cn',
'mykqtr.info',
'mykqtr.info',
'mymail-in.net',
'mysspaccedorr.com',
'mysspaccedorrr.com',
'mysspaccedorrrr.com',
'mytop-in.net',
'neo-explode.org',
'nightmail.ru',
'o2.pl',
'onet.eu',
'onlinebetter.org',
'online-webportal.biz',
'orkeor.cn',
'penispillsenlargement.co.uk',
'peugeot-club.org',
'phreaker.net',
'playstationcrack.com',
'pmrmail.com',
'pozitifff.com',
'qwoe.biz',
'ramireschat.com',
'refinancce.biz',
'rfbjr.info',
'safebox.ru',
'saginaw-home-buyers-agent.com',
'sdfl.biz',
'sevastopol.in',
'simferopol.krim.ws',
'soccer-league.biz',
'spyslay.com',
'stylebrand.com',
'sweetville.net',
'tenbit.pl',
'terbuny.net',
'thesitelink.biz',
'tlen.pl',
'topmagic.org',
'trivas.cn',
'tyrists.info',
'tut.by',
'ua-news.net',
'ua.fm',
'uaclub.net',
'uastar.net',
'ukr.net',
'ukrmail.org',
'uncaf.cn',
'vilip.info',
'webcivil.org',
'webforpeople.org',
'wels.com',
'wp.pl',
'wpof.biz',
'yalta.krim.ws',
'yandex.ru',
'yardsormeters.info',
'yellow-jackets.com',
'youriloan.com',
'yourkqtr.info',
'zadonsk.net',
'zaraq.cn',
'zelmira.cn',
'zenxengine.cn',
'zeos.net',
'zinsco.cn',
'zirkon.cn',
'zoomers.cn',
'zubba.cn',
'zukav.cn',
'zuzanna.cn');
$eml = substr($eml, strrpos($eml, "@")+1);
$retVal=in_array($eml,$blackList);
if ($retVal==FALSE){
$dBlackList=array('.cn','.ru');
$eml=substr($eml,-3);
$retVal=in_array($eml,$dBlackList);
}
return $retVal;
}
?>
An easy antispam for phpBB
An easy antispam for phpBB, is what Davide Denicolo wrote on OntITSecurity .
This tool and my MSW will block all kind of spammers.
This tool and my MSW will block all kind of spammers.
mercoledì 24 ottobre 2007
blacklist.php - update 07 - 22/10/2007
trivas.cn, zuzanna.cn, hhrntaiccc.cn, gaohgy.com, metaping.com, axigenmail.com, lugarus.com and siteformovies.cn today added to the list. cinese and russian servers will automatically denied in user's email.
Here you can read the updated blacklist.php file content:
// ---------------------------------------
function isSpam($eml)
{
$retVal = false;
$blackList = array( '1gb.info',
'2000lv.com',
'acceptcredit4u.info',
'achlan.cn',
'acquireton.com',
'adof.biz',
'ajrq.info',
'allandsads.cn',
'allandsmovies.cn',
'allcarehome.org',
'allfarm.cn',
'allsexmovie.info',
'amorki.pl',
'asff.info',
'atlaskit.com',
'autogid.org',
'avrilka.net',
'axigenmail.com',
'bestcarehome.org',
'bestcarhireforu.biz',
'bestfarmshop.cn',
'bigmir.net',
'bimgir.net',
'bk.ru',
'bljat.info',
'bluebottle.com',
'bonbon.net',
'bulk-actionz.info',
'buy-24h.net.ru',
'buziaczek.pl',
'chineseplugins.org',
'chukcarbo.com',
'clipssite.cn',
'clxub.com',
'cvportal.net',
'dfm.com',
'diet-us.info',
'dkblog.org',
'doge7k.com',
'dorspaceebook.com',
'downloadcrackfreesoftware.com',
'e-nation.ee',
'ebookcomspace.com',
'elfox.net',
'elovejob.info',
'erositaly.org',
'farminlive.cn',
'fda-medications.com',
'fene4ek.net',
'fola.biz',
'forward-privacy.org',
'fvoe.biz',
'gaohgy.com',
'gawab.com',
'gerop.cn',
'goak.info',
'goldwarez.org',
'goodnesss.com',
'goolook.ru',
'greatfarm.cn',
'greatwall36.org',
'healthinsurance4u.biz',
'hhwntai.cn',
'hhrntai.cn',
'hhrntaiccc.cn',
'homeallhome.org',
'homehome.org',
'hotpop.com',
'hotsearchusa.com',
'hyipprogram.org',
'i.ua',
'idbud.info',
'idlyn.info',
'ihan.info',
'inbox.ru',
'inet.ua',
'izmail.net',
'jetfix.ee',
'jrobi.info',
'kdmf-division.info',
'kinozal.tv',
'kqtr.info',
'kremenchug.ws',
'krim.ws',
'kzro.net',
'lipetsk.in',
'list.ru',
'lugarus.com',
'lviv.in',
'lvovs.com',
'macb-download.info',
'mail.by',
'mail.com',
'mail.health-ua.com',
'mail.ru',
'mail.saratov.com',
'mail333.com',
'mainru.com',
'medmail.info',
'metaping.com',
'moviesandklips.cn',
'mykqtr.info',
'mykqtr.info',
'mymail-in.net',
'mysspaccedorr.com',
'mysspaccedorrr.com',
'mysspaccedorrrr.com',
'mytop-in.net',
'neo-explode.org',
'nightmail.ru',
'o2.pl',
'onet.eu',
'onlinebetter.org',
'online-webportal.biz',
'orkeor.cn',
'penispillsenlargement.co.uk',
'peugeot-club.org',
'phreaker.net',
'playstationcrack.com',
'pmrmail.com',
'pozitifff.com',
'qwoe.biz',
'ramireschat.com',
'refinancce.biz',
'rfbjr.info',
'safebox.ru',
'saginaw-home-buyers-agent.com',
'sdfl.biz',
'sevastopol.in',
'simferopol.krim.ws',
'soccer-league.biz',
'spyslay.com',
'stylebrand.com',
'sweetville.net',
'tenbit.pl',
'terbuny.net',
'thesitelink.biz',
'tlen.pl',
'topmagic.org',
'trivas.cn',
'tyrists.info',
'tut.by',
'ua-news.net',
'ua.fm',
'uaclub.net',
'uastar.net',
'ukr.net',
'ukrmail.org',
'uncaf.cn',
'vilip.info',
'webcivil.org',
'webforpeople.org',
'wels.com',
'wp.pl',
'wpof.biz',
'yalta.krim.ws',
'yandex.ru',
'yardsormeters.info',
'yellow-jackets.com',
'youriloan.com',
'yourkqtr.info',
'zadonsk.net',
'zaraq.cn',
'zelmira.cn',
'zenxengine.cn',
'zeos.net',
'zinsco.cn',
'zirkon.cn',
'zoomers.cn',
'zubba.cn',
'zukav.cn',
'zuzanna.cn');
$eml = substr($eml, strrpos($eml, "@")+1);
$retVal=in_array($eml,$blackList);
if ($retVal==FALSE){
$dBlackList=array('.cn','.ru');
$eml=substr($eml,-3);
$retVal=in_array($eml,$dBlackList);
}
return $retVal;
}
?>
Here you can read the updated blacklist.php file content:
// ---------------------------------------
function isSpam($eml)
{
$retVal = false;
$blackList = array( '1gb.info',
'2000lv.com',
'acceptcredit4u.info',
'achlan.cn',
'acquireton.com',
'adof.biz',
'ajrq.info',
'allandsads.cn',
'allandsmovies.cn',
'allcarehome.org',
'allfarm.cn',
'allsexmovie.info',
'amorki.pl',
'asff.info',
'atlaskit.com',
'autogid.org',
'avrilka.net',
'axigenmail.com',
'bestcarehome.org',
'bestcarhireforu.biz',
'bestfarmshop.cn',
'bigmir.net',
'bimgir.net',
'bk.ru',
'bljat.info',
'bluebottle.com',
'bonbon.net',
'bulk-actionz.info',
'buy-24h.net.ru',
'buziaczek.pl',
'chineseplugins.org',
'chukcarbo.com',
'clipssite.cn',
'clxub.com',
'cvportal.net',
'dfm.com',
'diet-us.info',
'dkblog.org',
'doge7k.com',
'dorspaceebook.com',
'downloadcrackfreesoftware.com',
'e-nation.ee',
'ebookcomspace.com',
'elfox.net',
'elovejob.info',
'erositaly.org',
'farminlive.cn',
'fda-medications.com',
'fene4ek.net',
'fola.biz',
'forward-privacy.org',
'fvoe.biz',
'gaohgy.com',
'gawab.com',
'gerop.cn',
'goak.info',
'goldwarez.org',
'goodnesss.com',
'goolook.ru',
'greatfarm.cn',
'greatwall36.org',
'healthinsurance4u.biz',
'hhwntai.cn',
'hhrntai.cn',
'hhrntaiccc.cn',
'homeallhome.org',
'homehome.org',
'hotpop.com',
'hotsearchusa.com',
'hyipprogram.org',
'i.ua',
'idbud.info',
'idlyn.info',
'ihan.info',
'inbox.ru',
'inet.ua',
'izmail.net',
'jetfix.ee',
'jrobi.info',
'kdmf-division.info',
'kinozal.tv',
'kqtr.info',
'kremenchug.ws',
'krim.ws',
'kzro.net',
'lipetsk.in',
'list.ru',
'lugarus.com',
'lviv.in',
'lvovs.com',
'macb-download.info',
'mail.by',
'mail.com',
'mail.health-ua.com',
'mail.ru',
'mail.saratov.com',
'mail333.com',
'mainru.com',
'medmail.info',
'metaping.com',
'moviesandklips.cn',
'mykqtr.info',
'mykqtr.info',
'mymail-in.net',
'mysspaccedorr.com',
'mysspaccedorrr.com',
'mysspaccedorrrr.com',
'mytop-in.net',
'neo-explode.org',
'nightmail.ru',
'o2.pl',
'onet.eu',
'onlinebetter.org',
'online-webportal.biz',
'orkeor.cn',
'penispillsenlargement.co.uk',
'peugeot-club.org',
'phreaker.net',
'playstationcrack.com',
'pmrmail.com',
'pozitifff.com',
'qwoe.biz',
'ramireschat.com',
'refinancce.biz',
'rfbjr.info',
'safebox.ru',
'saginaw-home-buyers-agent.com',
'sdfl.biz',
'sevastopol.in',
'simferopol.krim.ws',
'soccer-league.biz',
'spyslay.com',
'stylebrand.com',
'sweetville.net',
'tenbit.pl',
'terbuny.net',
'thesitelink.biz',
'tlen.pl',
'topmagic.org',
'trivas.cn',
'tyrists.info',
'tut.by',
'ua-news.net',
'ua.fm',
'uaclub.net',
'uastar.net',
'ukr.net',
'ukrmail.org',
'uncaf.cn',
'vilip.info',
'webcivil.org',
'webforpeople.org',
'wels.com',
'wp.pl',
'wpof.biz',
'yalta.krim.ws',
'yandex.ru',
'yardsormeters.info',
'yellow-jackets.com',
'youriloan.com',
'yourkqtr.info',
'zadonsk.net',
'zaraq.cn',
'zelmira.cn',
'zenxengine.cn',
'zeos.net',
'zinsco.cn',
'zirkon.cn',
'zoomers.cn',
'zubba.cn',
'zukav.cn',
'zuzanna.cn');
$eml = substr($eml, strrpos($eml, "@")+1);
$retVal=in_array($eml,$blackList);
if ($retVal==FALSE){
$dBlackList=array('.cn','.ru');
$eml=substr($eml,-3);
$retVal=in_array($eml,$dBlackList);
}
return $retVal;
}
?>
10 spammers came through the wall
10 spammers came through the Miccolis Spam Wall in 4 days with the registration moderation disabled. They are not too much... I guess. But a little rework of the wall is needed. With the next version, cinese and russian email servers will not be allowed for the registering member.
Iscriviti a:
Post (Atom)