Sometimes, I stumble on interesting documents that I want to share with the world. This random Focus On The Family document deals with domains they don't want their people e-mailing because of 'delivery issues' in the past. Archived here just in case the original disappears. Interesting how they claim its for 'legislative compliance'.
Monday, March 8. 2010
An Interesting Focus On The Family Document
Friday, July 31. 2009
Spammed by US Rep Scott Garrett
As head of The Abusive Hosts Block List, I'm always amused when a public official spams me.
I'm no longer a resident of NJ, and I certainly did not give any congress member or republican (for that matter) permission to e-mail me.
As one of those people who isn't lucky enough to have health insurance (beyond what Medicare covers, which is some but not all of the medical bills I have, such as medications), it angers me when I see members of our govt doing their best to sabatoge the efforts of our President to make sure everyone in this country gets the medical coverage they need.
Yes, I added them to the AHBL for spamming. It's important to hold our public officials to the same standards that the rest of us have to follow.
Sunday, April 19. 2009
Some DNS Query Statistics From The AHBL
Although the AHBL is no longer the huge and popular list it used to be, we still have many faithful and large users. We run two different DNS daemons to handle queries, depending on what type of query is being done. Queries against ahbl.org itself are handled by our BIND9 Linux server. Queries for the various DNSbl lists are handled by rbldnsd, a piece of software specifically designed for serving up DNSbl queries.
Last time I checked, we were handling around 25-30 million DNS queries daily just on the BIND9 server alone. I would have thought that our poor little Cisco 2621XM would be crying, but it's perfectly happy.
Tuesday, July 8. 2008
Solving the no-upnp on Cisco issue
So, I've been thinking about this for a while... I really would like a upnp option for cisco, but what about a workaround?
My idea is simple:
A daemon that sits on a linux box or something similar, pretends to be a upnp IGD, and sends console commands to create/delete ports on the actual Cisco device?
Yeah, kinda ugly, but I've seen worse. Anyone got any ideas on how to do this, or how feasable this may be?
Tuesday, November 6. 2007
Interesting reverse DNS patterns on spam sending hosts
Over the past few weeks, there has been a spam run directed at the SOSDG's role accounts. We've used the chance to greatly improve our spam detection methods and blocking patterns. I did notice through much of this, that there is an interesting pattern seen on some of the IPs with reverse DNS:
In that chunk, we see the first part is the first 3-5 characters of the domain name pasted in front of the domain name.
Above, we see the spammer uses a variation of that, sometimes using part of the domain first word, sometimes the last... Sometimes part of the last only.
As much as the idiot spammers may think this helps them avoid filters, in reality, its just flagging the domains for us to find easier.
208.66.70.241 => roa.roadpurple.com
208.66.70.242 => roc.rockpurple.com
208.66.70.243 => purp.purpleyard.com
208.66.70.244 => purpl.purplemice.com
208.66.70.245 => fas.fastpurple.net
208.66.70.246 => may.mayotwo.com
208.66.70.247 => sou.sourmayo.com
208.66.70.248 => abo.aboutmayo.com
208.66.70.249 => fir.firemustard.com
208.66.70.250 => get.getmustard.net
208.66.70.251 => big.bigmustard.net
In that chunk, we see the first part is the first 3-5 characters of the domain name pasted in front of the domain name.
208.75.188.70 => forces.finderforces.net
208.75.188.71 => fun.finderfun.com
208.75.188.72 => pent.finderfun.net
208.75.188.73 => type.findertypes.com
208.75.188.74 => find.findertypes.net
208.75.188.75 => keep.keeperfinds.com
208.75.188.76 => keeper.keeperfinds.net
208.75.188.77 => rate.ratingfinds.com
208.75.188.78 => rating.ratingfinds.net
208.75.188.79 => run.runningfinds.com
208.75.188.80 => running.runningfinds.net
208.75.188.81 => ship.shipfinds.com
208.75.188.82 => finds.shipfinds.net
Above, we see the spammer uses a variation of that, sometimes using part of the domain first word, sometimes the last... Sometimes part of the last only.
As much as the idiot spammers may think this helps them avoid filters, in reality, its just flagging the domains for us to find easier.
Wednesday, April 25. 2007
FunWebProducts
I've noticed an increased amount of people visiting my blog with the FunWebProducts string in their User-Agent. This little piece of adware/spyware comes in the form of a toolbar and bundled with some applictions.
I'm debating blocking users with the FunWebProducts tag in their user-agent out of principal, and direct them to another site so they can learn how to get it removed...
Thoughts anyone?
I'm debating blocking users with the FunWebProducts tag in their user-agent out of principal, and direct them to another site so they can learn how to get it removed...
Thoughts anyone?
Referrer spam, rewrite rules
Okay, so i've gotten completely sick of those stupid referrer spams. Lately I've been seeing more and more spams with embedded comma characters with multiple sites in the referrer field. So, with a little bit of work, I figured, why not write a mod_rewrite apache rule to block them.
Pretty simple, and works with a properly configured .htaccess file.
CODE:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*,.*$ [OR]
RewriteCond %{HTTP_REFERER} ^.*(poker|cialis|porn|holdem|casino).*$
RewriteRule .* - [F]
RewriteCond %{HTTP_REFERER} ^.*,.*$ [OR]
RewriteCond %{HTTP_REFERER} ^.*(poker|cialis|porn|holdem|casino).*$
RewriteRule .* - [F]
Pretty simple, and works with a properly configured .htaccess file.
