PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : spambots / www.wwwmagazine.com



cycomate
06.06.2002, 18:34
(zweiter Versuch)

Habe bei einem bug report Formular eine meiner individuellen email Adressen vergeben (hash_33885 [at] cycdolphin.net), die jetzt auf der entsprechenden Seite prangt und von einem spambot gefunden wurde. Da diese individuelle Adresse nur einmal vergeben wurde, ist die Herkunft eindeutig feststellbar.
Hier der header:

<pre>
From - Fri Jun 7 xx:xx:xx 2002
X-UIDL: [UID filtered]
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <Promotions [at] ebay.com>
Delivered-To: <meine echte email Adresse>
Received: by intra.cycdolphin.net (Postfix, from userID: [ID filtered]
ID: [ID filtered]
X-Scanned-By: AMaViS
Received: from relay2.novani.com (relay2.novani.com [66.28.83.125])
by intra.cycdolphin.net (Postfix) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 7 Jun 2002 xx:xx:xx +0200 (CEST)
Received: from ebay.com ([66.28.83.121]) by relay2.novani.com
(Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
with SMTP ID: [ID filtered]
Thu, 6 Jun 2002 xx:xx:xx -0700
From: <Promotions [at] ebay.com>
To: poor [at] spamvictim.tld
Subject: Ebays magazine promotion
Date: Thu, 6 Jun 2002 xx:xx:xx
Message-ID: [ID filtered]
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
</pre>
Der header ist teilweise gefälscht, so gehört die IP 66.28.83.121 nicht ebay.com, sondern mail1.novani.com - daher auch das relay, welches verhindern sollte, daß mein mailserver diese falsche Angabe erkennt.
Wer sich damit herumschlagen möchte, kann gern in meinem Namen eine abuse mail schreiben, ich beschränke meine Tätigkeit darauf, die o.g. email Adresse stillzulegen (dafür hab ich die ja) und den Absender zu blocken.
Body folgt im zweiten Teil.

___________________________
http://www.uni-karlsruhe.de/~unuu/cycomate.gif
Disclaimer:This post is for educational and entertainment purpose only
http://www.quarantine.de

cycomate
06.06.2002, 18:37
übrigens, liebes antispam.de team - wenn Ihr den HTML "bug" behebt, dann stellt doch bitte den Interpreter so ein, daß er innerhalb der <pre> tags nicht selbstständig noch <br> setzt.

hier der body (auf <pre> verzichte ich diesmal):


<HTML>
<HEAD>
<TITLE>bizmagoffer</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF>
<center>
<TABLE WIDTH=392 BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR>
<TD COLSPAN=3>
<h1 align="center"><font color="#FF0000" face="Verdana">Knowledge Is Power!</font></h1>
</TD>
</TR>
<TR>
<TD COLSPAN=3>
<center><font face="Verdana" color="#0000FF" size="4">So Get Yours At A Savings Up To 78%</font></center>
</TD>
</TR>
<TR>
<TD COLSPAN=3>
<center><font face="Verdana" color="#000000">On The Top Informative Business Magazines</font></center>
</TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_02.jpg" WIDTH=392 HEIGHT=137></TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_03.gif" WIDTH=392 HEIGHT=17></TD>
</TR>
<TR>
<TD COLSPAN=3>
<p align="center"><font color="#FF0000" face="Verdana" size="4"><b>
Any
3 Magazine $50 </b></font><font color="#FF0000" face="Verdana" size="2">DETAILS</font> (http://www.wwwmagazine.com/buy3)

</TD>
</TR>
<TR>
<TD COLSPAN=3>
<p align="center"><b><font color="#0000FF" size="2" face="Verdana">Small Price To
Pay For The Business Edge</font></b>

</TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_06.jpg" WIDTH=392 HEIGHT=133></TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_07.jpg" WIDTH=392 HEIGHT=18></TD>
</TR>
<TR>
<TD ROWSPAN=2 WIDTH=319 HEIGHT=32>
<p align="center"><font color="#FF0000" face="Verdana" size="4"><b>
All
6 Magazine $99 </b></font>

</TD>
<TD>
<font face="Verdana" size="2" color="#FF0000">DETAILS (http://www.wwwmagazine.com/buy3)</font></TD>
<TD ROWSPAN=2>
<font face="Verdana" size="2">
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_10.jpg" WIDTH=29 HEIGHT=32></font></TD>
</TR>
<TR>
<TD>
<font face="Verdana" size="2">
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_11.jpg" WIDTH=44 HEIGHT=4></font></TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_12.gif" width=392 height=23></TD>
</TR>
<TR>
<TD COLSPAN=3>
<IMG SRC="http://www.global2000.com/creatives/mag/images/bizmag_13.gif" width=392 height=100></TD>
</TR>
<TR>
<TD COLSPAN=3>
<p align="center"><font face="Verdana" size="1">An Enormous Selection of
Magazines to choose from...<br>
Always a deal... in addition to our daily specials come<br>
check us out at</font><font face="Verdana" size="2"> www.wwwmagazine.com (http://wwwmagazine.com).</font></TD>
</TR>
<TR>
<TD COLSPAN=3>
</TD>
</TR>
<TR>
<TD COLSPAN=3><div align="center"><br>
<br>
<a href="#" onClick=self.close()><font face="Arial"size=-1">Click here to close
this window</font></a>
<script language="JavaScript">

<!--

if (navigator.appName == `Microsoft Internet Explorer` && parseInt(navigator.appVersion) >= 4)

{

function click() {

if (event.button==2) {

open("http://www.pointcom.com","_top");}

}

document.onmousedown=click



}

// -->

</script>
</div>
<center>
<font face="Times New Roman, Times, serif" size="2">Note: this is not a spam
email. This email was sent to you because your email was entered in on a website
<br>
requesting to be a registered subscriber. If you would would like to be removed
from our list,<br>
abuse [at] global2000.com<br><font color="#999999">CLICK
HERE</font> TO CANCEL YOUR ACCOUNT and you will *never* receive another
email from us! </font>
</center>
</TD>
</TR>
</TABLE>
</center>
</BODY>
</HTML>


___________________________
http://www.uni-karlsruhe.de/~unuu/cycomate.gif
Disclaimer:This post is for educational and entertainment purpose only
http://www.quarantine.de