On Tue, 23 Dec 2003, Greg Webster wrote:
> We're getting a TON of these, all of similar format.
>
> <html><body>
> <center><!--2rdxveiyf7a8--><a
> href="http://www.mdv678.com?rid=1098";><!--srz4f4qaLBUw--><img
> src="http://www.whosout.com/c2.gif"; border=0></a></center>
> </html></body>
>
> The '2rdxveiyf7a8' and 'srz4f4qaLBUw' some random string of characters
> in the same place all the time. The domains are completely random it
> appears - sometimes with words (like whosout.com) or a random set of
> characters.
>
> Suggestions on how to block them? I've been adding the domains to a
> special rule, but they must own hundreds of them.
One clue, all those domains are hosted by a registrar in China,
"XIN NET CORP" with a whois server of: whois.paycenter.com.cn.
They're all served out of a few DNS servers:
NS0.DNSIN.COM
NS1.DNSIN.COM
DNS & whois based clues could be used to automate the adding of
domains to a special rule or filter list.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
![http://www.whosout.com/c2.gif"](http://www.whosout.com/c2.gif"){kind=link}