suppliers to script kiddies are registered in Seattle america so lets extend a warm helllo to and i am wary as to who they are,  I appear to just get script kiddies testing things here say.

smtpd[24268]: warning: Connection rate limit exceeded: 23 from[] for service smtp

It is not the first time i have noticed them and they come in bulk, and so i have blocked them as if you inform them nothing happens – so if your using them to send stuff to the zoo i suggest you get a better provider.

If your looking for a extremely scammy isp seems a good mafiia owned one.

If the zoo needs its security testing then you too might end up with your own blog entry.

upsetting the indian from the ‘phone company’

kkaran bahree my number one go to indian outsourcing crook

I get a call from zoo reception here in the monkey house  – somebody wants to talk about something ‘technical’.  I wonder what i will be told is broken – Weee…

me: hello

indian guru:(my blog) are you x

me: no i am bananas

indian guru: I’m from the technical bit of the phone company and have detected a problem with your router

me: we dont have internet** just a phone line

indian guru: how do you connect your ipad?

me: we dont have an ipad – is that a notepad with the letter i written on a pad of paper ?

indian guru: click

Problem solved apparently.- do not have either an ipad (my blog) or apple products, or pad of paper* with the letter i written on it and things are fine.

Another problem ‘fixed’.  I deserve a new title or another banana.- suggest one in the comments.  Feel free to ask us questions – satisfaction guaranteed.

*i guess you need 26 pads of paper to write a note, or perhaps at least a noun pad and a consonant pad – joke ** the zoo has internet not me.

the return of the webform bot

The zoo has a web form bot lookup from years and years ago to be honest i not sure it was working since it does not see any action until it caught some web bots trying to send us messages of no value which a script reports to me daily.

Not sure if they got past our captcha either.

It has been a while but i am glad i did not dump that feature.even with the settings we had.

even more Microsoft viruses from india

Kkaran Bahree

The zoo does get viruses from people sending bad microsoft [microshit] products and recently most of them have come from india so come and meet

BANNED (.asc,CCE28122017_009107.vbs) []:52331 [] <> -> <x@>, quarantine: J/banned-Jfl4doEQpwiO, Queue-ID:x, Message-ID: <>

who is

% []
% Whois data copyright terms

% Information related to ‘ –’

% Abuse contact for ‘ –’ is ‘’

inetnum: –
admin-c: AN486-AP
tech-c: SA823-AP
country: IN
last-modified: 2015-08-26T06:43:16Z
source: APNIC

address: SHOP NO 242, 2ND FLOOR,SARDAR COMPLEX,KADODARA,Surat,Gujarat-394327
e-mail: mastermind@
abuse-mailbox: mastermind@
admin-c: AN486-AP
tech-c: SA823-AP
auth: # Filtered
last-modified: 2015-08-26T06:41:04Z
source: APNIC

Now i have also read that the world has got wise to Indian it ‘experts’ be they technical  support fraudsters, and the disingenuous seo and website developers in which you have to give them a a+ rating or you never see the thing to rate its quality.

I am amused that these it professionals use hotmail or whatever the Microsoft free internet email name is these days to send these requests to do ‘business’.   The zoo has it’s own mail server

Had the zoo’s rules not have been triggered then no doubt some scammer from india would probably be thinking about ringing us up and fixing our computers he/she intentionally tried to broke.- something to look forward to.

The poster boy for inidian it is no doubt Kkaran Bahree who was caught selling your bank details some years ago revisited

that shit hacker from the core

In this (my blog) i set up automated reporting and it works well. Despite the zoo warning ssh probers they still visit.

Postfix 3 (my blog) means postfix rate limits itself a lot of bad email servers and isps and so ssh attempts are the majority of reports sent. I suppose the idea works as most sites appear once or twice and then never reappear so it depends on if the isp is receptive to such reports so it still means your going to see a lot china attempting to steal our public domain banana smoothie recipe.

blocklist’s reports are not particularity good bit since i get a copy as well i have no gripes about not getting those and tools do exist to do it yourself [grep and wc].

I assume most attempts are windows bots or the odd typo by a real user although i am sure sure a non caring isp who allows complete subnets to abuse could be malice.

Since this data becomes available to all and usable in multiple formats you might be benefiting from my reporting and not know it.

Overall it seems to do good rather than bad.

Is spamcop tracked by spammers via reporting addresses?

lets poison the gin

lets poison the gin

The zoo reports spam to spamcop not much since a lot is prefiltered and automatically deleted.  However i do wonder if spamcop is tracked by spammers. I say this as i have new spam definitions and when i report the small number of spam to the addresses on spamcop.

I do think much of spamcop is genuine and spamcop is worth supporting be it with our submissions or other ways  but maybe reporting spam to spammers is still not a good idea.

Its not a horrid problem for us but some abuse spamcop.  I guess they want reports if they do spam us again and i am happy to oblige.- after all the more the merrier. in debian stretch

scumbag spammer Robert Soloway

Bananas likes to collect data for blocking be dmarc rejects and even lists of bad ranges so i decided to collect data and pass it on that spammers and probers made without me – seems only fair to pass it on to a wider audience.

The attempt was a bit botched and confusing with api keys and email.  I also wanted reports and so i had an hour of woe and really odd error messages, i even had to adjust postfix to let it send email out rather than just be a local affair on our internal instance.

citizen may the children’s entertainer

The site needed config details and once you have ‘servers’ things it kind of make more sense.  The client software is horrible and they suggest reconfiguring it there way rather than adapting what i know works.  That probably did not help but it is good to know how it works rather than have it working and consider it magical or religious with ‘faith’.

In the end i gave up with .local config files and made backups and put the revised files where the debian os put them – it probably makes nightmares for me down the road** but it sent mail.

tube recycle those 1’s and 0’s

Api keys are confusing there are two – each ‘server’ has a unique key* and a user has a key (five digits) of which one exists that is api key the config files appear to like rather than the per server thing in this regard i am just a submitter of data.

The action for blocklist_de i did not use but I kept my existing email report, whether that sends via an http(s) api rather than email was something i never quite got figured out although the log file had some interesting stuff in for a change.

Email reporting appears to work for me as well as well as the blocklist and once i provided postfix with a gateway setting [not needed until now] mail was routed rather than remain undelivered.   Oddly most of the ssh attempts we usually get appear to have dried up after all its good to tell the probers as to how there data will be shared.

It appears setup – time will tell if it makes a difference.

*remember the zoo has four domains **time for dpkg.dist files


.win tld

scumbag spammer Robert Soloway

Bananas was reading the mail logs one morning when a .win domain caught our attention for being deened spam. I was sure it was but knowing where it was i unzipped and read it in console.

.win is for

There is a vast array of global online gaming opportunities to suit all tastes. The new .WIN generic Top Level Domain (TLD) contains online gaming resources

no i did not know that either.

But the email was for spamming life insurance and more html than text.

The moral was .win tld is very deserving of its spam rating.


secondhand busses – too much email fun

metz bus

You may remember the zoo’s secondhand bus email address (my blog) which is advertised if you scalp something but does not work although it looks genuine.

Well it is still active as which is in Metz, France (at time of writing)  had a serous go at trying to send the zoo something about second hand buses.  If you bought that list of spammer leads then you made me laugh and fulfilled my desire to see what a public transport bus in Metz looks like.  Pink!

The whois is a bit sparse but seem to be an isp.  I am amused and pleased to see idiots exist.

Do you like to see what a bus looks like worldwide – you know what you have to do and your regional bus brand might be featured.


seo and webdesigner spammers are weird

Kkaran Bahree indian crook of well know ill repute

Strange bunch – I would like to know

why send via outlook,com – microsoft free email it is not like microsoft are writing ie6 compatible sites for us, I hate microsoft and report it as spam and i can fuck up microsoft free email that way too..

I am amused to read (if it gets past the spam filter) that microshit only employ 10 people.  Are these indians doing this too incompetent to have a domain themselves ?

Use of return receipts  – so first thing it does is ask for a confirmation and them ….

Asks for another human reply -you just got one so what was wrong with the one from above ? you demanded .

no checking of websites – The monkey house does not give a shit that we are not number 1, and yes our design is mobile friendly.

Forward of the original email.  – er why would i reply to that ?