Fight spam! Gain life satisfaction!

2011-10-21

in Geek stuff, Internet matters, Security

Spammers are getting especially annoying these days, with targeted messages.

I have been striking back, though. My honey pot has recently caught a few of them red-handed, to be reported to such authorities as there are for such things.

If you run a web server and you want to help combat the scourge of spam, consider joining Project Honeypot.

You get a certain definite measure of satisfaction when they email you to let you know that your honeypot has helped to identify a server contributing to spam, such as by harvesting email addresses.

So far, I have contributed to the identification of a few dozen malicious IP addresses, hopefully preventing quite a lot of spam.

Report a typo or inaccuracy

{ 7 comments… read them below or add one }

Milan October 21, 2011 at 8:12 pm

Here are some of the most recent IP addresses I have collected:

Note: they may not stay malicious forever. The IP address used by a wicked spam server today might be used by an innocent grandmother tomorrow. This complicates the implementation of defences against spam.

. October 21, 2011 at 11:27 pm

There is a new worm circulating right now that is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet. The worm also attempts to install a remote access tool in order to give the attacker control over the newly infected server. The worm has been circulating for a couple of days at least, and it’s not clear right now how many servers have been compromised or what the origins of it are. It apparently exploits an old vulnerability in the JBoss Application Server, which was patched in April 2010, in order to compromise new machines. Once that’s accomplished, the worm begins a post-infection routine that includes a number of different steps.

oleh October 22, 2011 at 12:36 am

I understand that the spam filters where I work block 93% of emails that come in.

In the last year I have been receiving taped phone messages. At this time it is about once per week. I am concerned about their potential growth. Is there some way to block those without blocking real phone calls?

Milan October 22, 2011 at 7:32 pm

Telephones are unsophisticated when it comes to filtering. I think you can ask the phone company to block a specific number from calling you, but telephone spammers use VoIP systems and probably change their numbers all the time.

For now, there is probably no defence against voicemail spam that you can implement.

dp October 23, 2011 at 12:30 pm

Is the next step aggressive counterattacks against these servers? :)

It’s a shame the good guys have to play by so many rules.

Anon March 22, 2012 at 6:56 pm

Regardless of how the rest of your day goes, here’s something to be happy about — today a honey pot you installed successfully identified a
previously unknown email harvester (IP: 41.132.149.244). The
harvester was caught by your honey pot installed at:

http://www.sindark.com

You can find information about your newly identified harvester here:

http://www.projecthoneypot.org/ip_41.132.149.244

Info on all the harvesters that have been spotted by your honey pots is
also available here:

http://www.projecthoneypot.org/list_of_ips.php?t=h&m=usr_hp.h.60455

. April 6, 2012 at 1:39 pm

Milan —
Regardless of how the rest of your day goes, here’s something to be happy
about — today a honey pot you installed successfully identified a
previously unknown email harvester (IP: 112.2.255.241). The
harvester was caught by your honey pot installed at:

http://www.sindark.com

You can find information about your newly identified harvester here:

http://www.projecthoneypot.org/ip_112.2.255.241

Info on all the harvesters that have been spotted by your honey pots is
also available here:

http://www.projecthoneypot.org/list_of_ips.php?t=h&m=usr_hp.h.60455

Don’t forget to tell your friends you made the Internet a little better
today. You can refer them to Project Honey Pot directly from our
website:

http://www.projecthoneypot.org/refer_a_friend.php

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: