This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > November 2006 > Re: Poss OT:bizarre spam(bacon)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Poss OT:bizarre spam(bacon)
|
|
| Chris Beall 2006-11-19, 7:58 pm |
| Paul Watt wrote:
> Hi
> I've been getting loads of bacon related spam. How bacons made,where bacon
> comes from,how to cook bacon. Anyone else getting any?
Paul,
Yes.
The first one was Oct 25th, although there was an earlier one that I
believe is related on Aug 29.
The spammer is trying to do header injection on a contact form on a site
I maintain. The spam seems to come in pairs, with one of the pairs
containing sentence fragments (often with the first letters of words
omitted) related to bacon or ham. I traced some of the verbiage to a
Wikipedia article on bacon. The other message in the pair contains only
a single (spurious) e-mail address.
The injected headers usually contain an X-Mailer: entry with a different
value each time.
I've never had more than one hit a day.
Which leads to a question. Which, if any, of the ENV variables I'm now
collecting would be:
- unspoofable and
- useful in tracking down the spammer?
My concern is that the 'bacon' messages may simply be for testing
purposes, with the real payload to be delivered later...
Regards,
Chris Beall
| |
| William Tasso 2006-11-19, 7:58 pm |
| Fleeing from the madness of the SBC http://yahoo.sbc.com jungle
Chris Beall <Chris_Beall@prodigy.net> stumbled into news:alt.www.webmaster
and said:
> Paul Watt wrote:
>
> Paul,
>
> Yes.
>
> The first one was Oct 25th, although there was an earlier one that I
> believe is related on Aug 29.
>
> The spammer is trying to do header injection on a contact form on a site
> I maintain. The spam seems to come in pairs, with one of the pairs
> containing sentence fragments (often with the first letters of words
> omitted) related to bacon or ham. I traced some of the verbiage to a
> Wikipedia article on bacon. The other message in the pair contains only
> a single (spurious) e-mail address.
>
> The injected headers usually contain an X-Mailer: entry with a different
> value each time.
>
> I've never had more than one hit a day.
>
> Which leads to a question. Which, if any, of the ENV variables I'm now
> collecting would be:
> - unspoofable and
> - useful in tracking down the spammer?
FWIW: I take the view that the device connecting to my mail server is
either managed by incompetants or owned by a miscreant - in either case I
want nothing to do with it/them. Where the mail originated from is none of
my concern - life is too short.
The good & kindly folk over at news:alt.spam may be able to assist.
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp
| |
| Chris Beall 2006-11-19, 7:58 pm |
| William Tasso wrote:
> Fleeing from the madness of the SBC http://yahoo.sbc.com jungle
> Chris Beall <Chris_Beall@prodigy.net> stumbled into news:alt.www.webmaster
> and said:
(snip)
>
> FWIW: I take the view that the device connecting to my mail server is
> either managed by incompetants or owned by a miscreant - in either case
> I want nothing to do with it/them. Where the mail originated from is
> none of my concern - life is too short.
You are probably right. Sometimes I just get caught up in the technical
challenge of things...
>
> The good & kindly folk over at news:alt.spam may be able to assist.
Thank for the pointer.
Chris Beall
| |
| John Bokma 2006-11-19, 7:58 pm |
| Chris Beall <Chris_Beall@prodigy.net> wrote:
> Which leads to a question. Which, if any, of the ENV variables I'm
> now collecting would be:
> - unspoofable and
> - useful in tracking down the spammer?
You can't trust any generated by the browser, and you can trust the one
generated by your webserver.
REMOTE_ADDR, REMOTE_HOST, and REMOTE_PORT are the ones that the server
sets. *However* the values can be a proxy.
Dump all ENV vars, some proxies do add additional headers (HTTP_VIA for
example). I often complain with the abuse address I get from looking up
REMOTE_ADDR in SpamCop, see:
http://johnbokma.com/mexit/2006/01/23/
When you report, make sure to include
grep <REMOTE_HOST_VALUE> your/access/log
some ISPs insist on this.
--
John Need help with SEO? Get started with a SEO report of your site:
--> http://johnbokma.com/websitedesign/seo-expert-help.html
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|