hi there
while analysing some bogus stuff i found out, that some strange requests where going to:
http://wm.maxysearch.info/cgi-bin5/repeaterm.fcgi?n=5&lastid= http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://traff-store.com/gallery20081/xpsystem/rxs.ini.php
especially the first link is very interesting. it generates (random?) e-mail adresses and the spamming text...
and also some nonworking (anymore) links: http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://clickonseek.com/gallery20081/xpsystem/rxs.ini.php http://www.student.ru.nl/markjansen/g2/bazooka.php?get=1&hostfile=1&... gnutella2&client=RAZA&version=2.2.0.0 http://twopi.no-ip.org/g2/bazooka.php?get=1&hostfile=1&net=gnutella2... ent=RAZA&version=2.2.0.0 http://rssfed23.angeltowns.com/g2/bazooka.php?get=1&hostfile=1&net=g... lla2&client=RAZA&version=2.2.0.0
what do you think about this? lets autogenerate filters? :-)
-steven
Nice links.
We've had a lot of success using a combination of
-Postfix greylisting -Brutally rate-limiting all APNIC IPs (we wouldn't get much traffic from there) -Spamsink to feed Spamassassin -Throttling anyone who gets more than x 550s per minute -Fairly tolerant blacklist rules
It's also hilarious watching the spambots get caught up in wpoison.
I've seen a combo of only #4 and #5 do a very good job at a big UK investment bank (with incidentally the biggest, most hilariously complicated Postfix config I have ever seen)
-John
On Nov 4, 2005, at 12:03 PM, Glogger Steven wrote:
hi there
while analysing some bogus stuff i found out, that some strange requests where going to:
http://wm.maxysearch.info/cgi-bin5/repeaterm.fcgi?n=5&lastid= http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://traff-store.com/gallery20081/xpsystem/rxs.ini.php
especially the first link is very interesting. it generates (random?) e-mail adresses and the spamming text...
and also some nonworking (anymore) links: http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://clickonseek.com/gallery20081/xpsystem/rxs.ini.php http://www.student.ru.nl/markjansen/g2/bazooka.php? get=1&hostfile=1&net= gnutella2&client=RAZA&version=2.2.0.0 http://twopi.no-ip.org/g2/bazooka.php? get=1&hostfile=1&net=gnutella2&cli ent=RAZA&version=2.2.0.0 http://rssfed23.angeltowns.com/g2/bazooka.php? get=1&hostfile=1&net=gnute lla2&client=RAZA&version=2.2.0.0
what do you think about this? lets autogenerate filters? :-)
-steven _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi Steven,
This is trojan activity:
http://vil.nai.com/vil/content/v_136735.htm
Notifying the users might be a good idea as well. :-)
Pierre.
On 11/4/05, Glogger Steven S.Glogger@cybernet.ch wrote:
hi there
while analysing some bogus stuff i found out, that some strange requests where going to:
http://wm.maxysearch.info/cgi-bin5/repeaterm.fcgi?n=5&lastid= http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://traff-store.com/gallery20081/xpsystem/rxs.ini.php
especially the first link is very interesting. it generates (random?) e-mail adresses and the spamming text...
and also some nonworking (anymore) links: http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php http://clickonseek.com/gallery20081/xpsystem/rxs.ini.php http://www.student.ru.nl/markjansen/g2/bazooka.php?get=1&hostfile=1&... gnutella2&client=RAZA&version=2.2.0.0 http://twopi.no-ip.org/g2/bazooka.php?get=1&hostfile=1&net=gnutella2... ent=RAZA&version=2.2.0.0 http://rssfed23.angeltowns.com/g2/bazooka.php?get=1&hostfile=1&net=g... lla2&client=RAZA&version=2.2.0.0
what do you think about this? lets autogenerate filters? :-)
-steven _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog