Welcome to Geeklog, Anonymous Friday, May 03 2024 @ 06:18 pm EDT
Geeklog Forums
Outgoing SPAM
Status: offline
ronack
Forum User
Full Member
Registered: 05/27/03
Posts: 612
I'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL. The message is in Spanish, a few weeks ago I received a good 20 or 30 failure notices which indicate to me that SPAM is outgoing from my server. I did find this in my GL log which looks rather dubious. But since none of this is in Spanish I don't think this is it. Any ideas?
( I tried to include the log file but it detected it as spam)
Here is a link to a txt file
( I tried to include the log file but it detected it as spam)
Here is a link to a txt file
1
1
Quote
ironmax
Anonymous
Quote by: ronack
I'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL. The message is in Spanish, a few weeks ago I received a good 20 or 30 failure notices which indicate to me that SPAM is outgoing from my server. I did find this in my GL log which looks rather dubious. But since none of this is in Spanish I don't think this is it. Any ideas?
( I tried to include the log file but it detected it as spam)
Here is a link to a txt file
Your link does not resolve from my end. Nor do I get any DNS lookup info on it. Well atleast at the time of this posting.
Michael
1
1
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: ronack
I'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL.
With "account" you mean the email address? You realize that this can easily (trivially, even) be faked? Happens to everyone eventually ...
If you mean something else, we would need to be able to see that text file you linked to, but it's giving me a 404 ...
bye, Dirk
1
1
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: ronack
( I tried to include the log file but it detected it as spam)
Found it in our logs (slightly censored):
Text Formatted Code
04/29/08 10:42:25 - Error communicating with SLV: RPC server did not send response before timeout.; Message was (@xml version="1.0" encoding="UTF-8"@)<methodCall>
<methodName>slv</methodName>
<params>
<param>
<value><string>http://groups.google.ru/group/buy_ambien_online/...
http://groups.google.ru/group/.../best-ambien-prices-free-overnight-shipping</string></value>
</param>
</params>
</methodCall>
But that's just a notification that Spam-X was unable to contact SLV to see if those URLs should be considered spam (obviously, they are).
Looks fine to me: Someone tried to post spam on your site. Spam-X tried to get SLV's opinion on those URLs but SLV was unreachable or at least did not respond in time, so that problem was logged and the processing of the post continued without SLV's input. If it didn't show up on your site, then some other Spam-X module caught it. Check your spamx.log, you should have an entry there with the same timestamp.
bye, Dirk
0
2
Quote
Status: offline
ronack
Forum User
Full Member
Registered: 05/27/03
Posts: 612
So that's not it. Frankly I can't determine how their doing it. Can't find anything in the logs either GL or server.
This is the header of the message.
laudinha@telefonica.net
Return-Path: <Masked My Email Address>
Message-ID: <BAY0-MC2-F5mzfYuYyF002029c3@bay0-mc2-f5.bay0.hotmail.com>
X-OriginalArrivalTime: 29 Apr 2008 04:15:45.0789 (UTC) FILETIME=[B26C92D0:01C8A9AF]
This is the header of the message.
laudinha@telefonica.net
Return-Path: <Masked My Email Address>
Message-ID: <BAY0-MC2-F5mzfYuYyF002029c3@bay0-mc2-f5.bay0.hotmail.com>
X-OriginalArrivalTime: 29 Apr 2008 04:15:45.0789 (UTC) FILETIME=[B26C92D0:01C8A9AF]
1
1
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
What makes you think the spam was even sent through your site? As I said, it's easy to fake the reply address and you would get the bounces even if you didn't send anything.
Having said that: We had an embarrassing case recently where a Nigerian scam artist used geeklog.net to send their stuff via the "Send email" link from the profile. Those should show up in your logfiles, though.
Oh, and if those bounces contain the original spam text, feed some of the keywords to Spam-X and see if it catches anything (enable notifications or keep an eye on your spamx.log).
bye, Dirk
Having said that: We had an embarrassing case recently where a Nigerian scam artist used geeklog.net to send their stuff via the "Send email" link from the profile. Those should show up in your logfiles, though.
Oh, and if those bounces contain the original spam text, feed some of the keywords to Spam-X and see if it catches anything (enable notifications or keep an eye on your spamx.log).
bye, Dirk
1
1
Quote
All times are EDT. The time is now 06:18 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content