Spam J-3

Pavyzdys... 188.165.192.90 ?

http://www.senderbase.org/senderbase...188.165.192.90
http://www.spamcop.net/w3m?action=ch...88.165.195.199

804 N Sep 20 23:30:46 5217492847@repo ( 68) [SpamCop (188.165.195.199) id:5217492847]It is the chance o =?iso-88..
2327 N Sep 23 01:46:16 Sergey Gorovoy ( 61) [SpamCop (188.165.195.199) id:5220330235]Reliable online ph =?iso-88..
4196 N Sep 26 14:27:42 5225062129@repo ( 60) [SpamCop (188.165.195.199) id:5225062129]What is your healt =?iso-88..
4532 N Sep 26 19:03:02 5226070613@repo ( 79) [SpamCop (188.165.195.199) id:5226070613]Reveal the secret =?iso-88..
5182 N Sep 26 03:22:08 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5227605200]Hi, take health pi =?iso-88..
7073 N Sep 29 10:10:04 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5231568740]Life health in you =?iso-88..
7635 N Sep 29 21:54:05 Simon Hova ( 35) [SpamCop (188.165.195.199) id:5232785775]\/\/\/NUMBER ONE ONLINE DRUG-STORE!\/\/\
9030 N Oct 01 19:41:02 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5236118942]Become a real expe =?iso-88..
9902 N Oct 03 20:17:35 Roanan ( 66) [SpamCop (188.165.195.199) id:5238547171]Be proud of what y =?iso-88..
13994 N Oct 08 23:33:52 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5247626051]Just live a full l =?iso-88..
14359 N Oct 09 02:27:38 Stephen Ermann ( 69) [SpamCop (188.165.195.199) id:5248453071]Anxiety, stress, d =?iso-88..
14468 N Oct 10 03:53:02 blackhole@abuse ( 138) ARF report from TDC regarding IP 188.165.195.199, report id 4711043
15830 N Oct 11 10:10:23 Minoru TODA ( 76) [SpamCop (188.165.195.199) id:5251407819]1
16808 N Oct 12 22:33:59 Mister Dave ( 75) [SpamCop (188.165.195.199) id:5253656555]Let them call you =?iso-88..
16809 N Oct 13 02:33:59 Mister Dave ( 61) [SpamCop (188.165.195.199) id:5253657095]Drive your problem =?iso-88..
17514 N Oct 13 10:43:56 5255286955@repo ( 81) [SpamCop (188.165.195.199) id:5255286955]Life health in you =?iso-88..
17633 N Oct 14 02:08:34 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5255698447]Make women dream a =?iso-88..
18826 N Oct 15 07:58:29 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5258630197]Make women dream a =?iso-88..
19123 N Oct 16 11:57:28 Spam Hater ( 52) [SpamCop (188.165.195.199) id:5259895793]This is your fair =?iso-88..
19182 N Oct 16 04:56:06 Karen Bagnall ( 44) [SpamCop (188.165.195.199) id:5260183071]Your wife will nev =?iso-88..
19810 N Oct 18 01:19:06 WeFrySpam ( 65) [SpamCop (188.165.195.199) id:5262476429]What is your healt =?iso-88..
20145 N Oct 18 02:06:11 WeFrySpam ( 60) [SpamCop (188.165.195.199) id:5263711880]Let your potency d =?iso-88..
21362 N Oct 20 02:48:38 Simeon Tankard ( 65) [SpamCop (188.165.195.199) id:5266781485]Let your men?s pow =?iso-88..
22500 N Oct 21 17:23:14 blackhole@abuse ( 119) ARF report from TDC regarding IP 188.165.195.199, report id 4916609
23840 N Oct 24 12:26:55 Gankoj Samurai ( 63) [SpamCop (188.165.195.199) id:5274073894]Join those who liv =?iso-88..

serveryje:

Niglos 30683 0.0 0.0 5172 500 ? S Jun23 0:00 /usr/bin/perl inbox.pl
Niglos 30717 0.0 0.0 5172 500 ? S Jun22 0:00 /usr/bin/perl inbox.pl
Niglos 30815 0.0 0.1 4944 3460 ? Ss Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30859 0.0 0.1 5164 3788 ? S Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30952 0.0 0.0 4944 1048 ? Ss Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 30953 0.0 0.1 5176 3800 ? S Oct09 0:02 /usr/bin/perl inbox.pl
Niglos 30956 0.0 0.0 4944 1048 ? Ss Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 30970 0.0 0.1 4944 3460 ? Ss Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 30976 0.0 0.0 4944 404 ? Ss Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 30988 0.0 0.1 5172 3796 ? S Oct09 0:01 /usr/bin/perl inbox.pl
Niglos 30990 0.0 0.0 4944 1048 ? Ss Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 30991 0.0 0.0 5164 500 ? S Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 31027 0.0 0.0 5164 1296 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31065 0.0 0.0 5168 1324 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31071 0.0 0.0 5172 1300 ? S Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 31113 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31118 0.0 0.1 5176 3800 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31166 0.0 0.1 5172 3796 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31175 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31196 0.0 0.0 5176 1332 ? S Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 31234 0.0 0.0 5164 1300 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31245 0.0 0.0 5164 1296 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31266 0.0 0.0 4944 404 ? Ss Jul17 0:00 /usr/bin/perl inbox.pl

tcp 0 0 188.165.195.199:37417 89.167.219.1:25 ESTABLISHED 15160/perl
tcp 0 0 188.165.195.199:37040 89.167.219.1:25 ESTABLISHED 3616/perl
tcp 0 0 188.165.195.199:43671 89.167.219.1:25 ESTABLISHED 26116/perl
tcp 0 0 188.165.195.199:60018 89.167.219.1:25 ESTABLISHED 4571/perl
tcp 0 0 188.165.195.199:44990 89.167.219.1:25 ESTABLISHED 24511/perl
tcp 0 0 188.165.195.199:41900 89.167.219.1:25 ESTABLISHED 18319/perl
tcp 0 0 188.165.195.199:44189 210.145.113.10:25 ESTABLISHED 21621/perl
tcp 0 0 188.165.195.199:58052 89.167.219.1:25 ESTABLISHED 20858/perl
tcp 0 0 188.165.195.199:35796 89.167.219.1:25 ESTABLISHED 11028/perl
tcp 0 0 188.165.195.199:37043 89.167.219.1:25 ESTABLISHED 16731/perl
tcp 0 0 188.165.195.199:34803 89.167.219.1:25 ESTABLISHED 13643/perl
tcp 0 0 188.165.195.199:37344 89.167.219.1:25 ESTABLISHED 973/perl
tcp 0 0 188.165.195.199:58165 89.167.219.1:25 ESTABLISHED 4768/perl
tcp 0 0 188.165.195.199:49812 89.167.219.1:25 ESTABLISHED 2114/perl
tcp 0 0 188.165.195.199:58141 89.167.219.1:25 ESTABLISHED 23610/perl
tcp 0 0 188.165.195.199:36088 89.167.219.1:25 ESTABLISHED 24483/perl
tcp 0 0 188.165.195.199:57828 89.167.219.1:25 ESTABLISHED 22184/perl
tcp 0 0 188.165.195.199:42590 89.167.219.1:25 ESTABLISHED 22212/perl
tcp 0 0 188.165.195.199:51452 89.167.219.1:25 ESTABLISHED 23516/perl
tcp 0 0 188.165.195.199:48609 89.167.219.1:25 ESTABLISHED 19231/perl
tcp 0 0 188.165.195.199:48024 89.167.219.1:25 ESTABLISHED 27181/perl
tcp 0 0 188.165.195.199:38390 210.145.113.10:25 ESTABLISHED 18690/perl
tcp 0 0 188.165.195.199:54245 89.167.219.1:25 ESTABLISHED 15935/perl
tcp 0 0 188.165.195.199:56757 89.167.219.1:25 ESTABLISHED 30988/perl
tcp 0 0 188.165.195.199:38066 210.145.113.10:25 ESTABLISHED 29321/perl
tcp 0 0 188.165.195.199:35592 89.167.219.1:25 ESTABLISHED 17304/perl
tcp 0 0 188.165.195.199:38764 89.167.219.1:25 ESTABLISHED 2479/perl
tcp 0 0 188.165.195.199:34920 89.167.219.1:25 ESTABLISHED 14353/perl


[root@ns310321 root]# lsof -n |grep 21621
inbox.pl 21621 Niglos cwd DIR 9,2 4096 23093250 /home/Niglos/cgi-bin
inbox.pl 21621 Niglos rtd DIR 9,1 4096 2 /
inbox.pl 21621 Niglos txt REG 9,1 708188 41456 /usr/bin/perl
inbox.pl 21621 Niglos mem REG 9,1 90006 124422 /lib/ld-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 7867 66655 /usr/lib/perl5/5.6.0/i386-linux/auto/Sys/Hostname/Hostname.so
inbox.pl 21621 Niglos mem REG 9,1 86812 124429 /lib/libnsl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 13966 124427 /lib/libdl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 174032 124428 /lib/libm-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 1363451 124425 /lib/libc-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 25283 124426 /lib/libcrypt-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 95207 66496 /usr/lib/perl5/5.6.0/i386-linux/auto/POSIX/POSIX.so
inbox.pl 21621 Niglos mem REG 9,1 18333 66482 /usr/lib/perl5/5.6.0/i386-linux/auto/IO/IO.so
inbox.pl 21621 Niglos mem REG 9,1 19591 66651 /usr/lib/perl5/5.6.0/i386-linux/auto/Socket/Socket.so
inbox.pl 21621 Niglos mem REG 9,1 45283 124436 /lib/libnss_files-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 46697 124439 /lib/libnss_nisplus-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 15888 124435 /lib/libnss_dns-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 65212 124440 /lib/libresolv-2.2.5.so
inbox.pl 21621 Niglos 0r CHR 1,3 93524 /dev/null
inbox.pl 21621 Niglos 1w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 2w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 3u IPv4 92836087 TCP 188.165.195.199:44189->210.145.113.10:smtp (ESTABLISHED)
inbox.pl 21621 Niglos 8u REG 9,1 1024 229927 /var/webmin/sessiondb.pag
inbox.pl 21621 Niglos 9u REG 9,1 0 229926 /var/webmin/sessiondb.dir

Laba diena,
Baigiame kurti sistemà, skirtà SPAM sumaþinimui mûsø tinkle. Manome, kad mechanizmà paleisime ðia savaitæ. Kûrimas buvo inicijuotas prieð 9 mënesius ir truks dar 2 mënesius.

SPAM siunèianèiø IP 25 prievadas bus blokuojamas. Kitaip sakant, jeigu pastebësime, kad serveris siunèia SPAM, sustabdysime tai. Visos kitos paslaugos, áskaitant ir laiðkø gavimà, toliau veiks.

Remsimës skundais, kuriuos gauname ið ávairiø svetainiø, pavyzdþiui, http://www.spamcop.net. Klientas turës sutvarkyti problemà ir kai jos nebeliks, OVH atblokuos IP ir bus galima vël siøsti laiðkus ið serverio. Kol problema nebus iðspræsta, klientas negalës uþsakyti nei naujo serverio, nei naujo IP.

Visas procesas bus automatiðkas ir vieðas. Tai ppat vieðinsime spameiø tinklus (jeigu tokie egzistuos) ir praneðime, kà bei kodël blokuoja OVH. Taip pat paskelbsime ir kà OVH atblokavo bei kodël. Visiðkai skaidriai. Tiksliai þinosite, kà OVH daro (arba nedaro), kad savo tinkle panaikintø SPAM siuntimà.

Taigi, jeigu gausite SPAM ið mûsø tinklo, nereikës siøsti nusiskundimo á abuse@ovh.net, tiesiog deklaruokite SPAM siuntimà http://www.spamcop.net... Visai paprasta. Jie mums perduos duomenis ir mes atliksime, kà reikia...

Tokie pat metodai bus naudojami phishing, malware ir botnetams. Taip pat pavieðinsime SPAM siunèianèius IP ir pateiksime árodymus (ið savo pusës) tinklø, kurie tame specializuojasi... Kalbant techniðkai, pradinis kodas evoliucionavo ir perëmë „cabinet tokyo“ bei „kyoto“ savybes, kurias jau ðiuo metu naudojame anti-phishing projektui (galëjote 1 savaitæ bandyti jo greitá). Visiðkai pakanka „privateCloud“, kad sukurtas produktas bûtø paskelbtas ir visiðkai paprastai, vos keliais spragtelëjimais evoliucionuotø á infrastruktûrà... Èia mes praradome ðiek tiek laiko ruoðdami „sysadmin-1999-like“...

Daugiau informacijos:
http://fallabs.com/tokyocabinet/
http://fallabs.com/kyotocabinet/

Linkëjimai,
Octave