New porn page.

Announcement - Help us fight the BOTS! Please report all spam including stuff in your inbox!

hbpowerwall

Administrator
Joined
Oct 7, 2016
Messages
2,000

ng.sa

Member
Joined
Apr 4, 2017
Messages
91
G'Dat ITUser

You know that it is very unusual to have an inbound USSR IPV4 ?

I have been building a IPV4 database for more than 20 years mainly from port 25 attempts.

These guys are usually using T O R, which I use myself daily to try and cover their tracks, are you checking if these are exit points ?

Usually I ban a 255 class range if I find two or more IPs where only last number changes.

I have been blocking ranges for 20 + years and would suggest you block 176.59.0.0 - 176.59.255.255 = 65,536

This is the allocation that contains these few IPV4 you listed.

You are better wasting their time than blocking, a couple of my mates and I have been setting up port 80 servers that do not have a .php server and creating files like admin.php or login.php this wastes a lot of time on their side with no return. We are currently using 100 of these honey pot domains.

Just my 2c worth !!!
 

italianuser

Member
Joined
Feb 25, 2020
Messages
374
In the early days of RBLs I used to use zen.spamhaus.org it was quite good for email filtering.
Spamhaus is good. On mail servers it's a good idea to use at least four or five of them, overhead is only a few seconds.
Keeps our spam load down next to nothing.
In Italy, by law, all emails must be delivered because they have the same legal value as ordinary post. I mark it as spam in the subject.
 

italianuser

Member
Joined
Feb 25, 2020
Messages
374
G'Dat ITUser

You know that it is very unusual to have an inbound USSR IPV4 ?
Hey there ng.sa!

I get quite a lot of connections from east Europe, Russia and asian IPs. Eastern hacking groups have huge botnets.

1627294580278.png

Today's SMTP in sessions on main MX server; i could say 90% or maybe more is just spam and connection checks

I have been building a IPV4 database for more than 20 years mainly from port 25 attempts.

These guys are usually using T O R, which I use myself daily to try and cover their tracks, are you checking if these are exit points ?
It could be a russian provider connected to spam/hacking activities, a serious provider wouldn't allow all of that spam activity; I mean the provider should receive alerts from monitoring and anti abuse systems... if they ignore them (or don't have them) they are not serious.

I have been blocking ranges for 20 + years and would suggest you block 176.59.0.0 - 176.59.255.255 = 65,536
Uhm, I normally never block a whole class B network. Could be worth it in this case but their IP space should be analyzed before blocking.

You are better wasting their time than blocking, a couple of my mates and I have been setting up port 80 servers that do not have a .php server and creating files like admin.php or login.php this wastes a lot of time on their side with no return.
Yeah! Expecially if you have a nice server-side 5 second delay before giving the response hahaha!
 

italianuser

Member
Joined
Feb 25, 2020
Messages
374
As you all know, I think, to mark a message as spam a multiple factor score is computed.

On mail server I use a threshold of 6.6 point to mark a message as spam; DNSBL give a +3.0 points to the score. Spam Assassin has a full set of rules for this.

For a forum it could be more difficult to make a score system, maybe something like this:

+1.0 points for a message with short URL (bit.ly or similar)
+1.0 point for given words or strings (sexy, sex, russian girls, ecc)
-100.0 for messages from well-known users
if (any positive condition is satisfied) then
+1.0 point for message if new user
etc.

Maybe a plugin like Askimet (available for Wordpress) could be good, too.
 

hbpowerwall

Administrator
Joined
Oct 7, 2016
Messages
2,000
Top