rpz zones for the few not the many

Bananas was interested in rpz zones which nothing to do with car parking or planning regulations but dns zones, they look quite simple until you try and get one.

seocrookHowever with a bit searching rpz zones could be manually created and work but then its a little out of date, most threat zones are small rather than large so having a good mail server is way more important than a rpz zone blocking a specific url sent in a scammy email say.

bank.barclays.co.uk.olb-auth-loginlink.action. asdasd45.as4d56asdas.da 4s65d46asdasdsd. ta77lia. com _b

Whois says Egypt owner and hosted in DE  and  I guess it depends on how dumb your network users are, how money grabbing and unethical an ssl certificate provider is and how long it takes them to ignore abuse emails to the hosting provider to shutdown something.

Getting bad site data is quite easy once you start but making it rpz friendly is another  Theme and user content directories are popular for bad permissions and like the link above look shady.

Some malware domains just use an ip address so whether or not an rpz zone would work is a little more questionable.  A general and unscientific match of mail server abuse to phlishing domains (a grep) seems that these are tasked to one job only so there is no overlap by domain name.

rpz’s sound great but with freshness and everybody playing catch up perhaps its best that there left as something that just cisco users have.

Email for imaginary zoo staff

portal2melstoriesThe monkey houses email server is quite busy and to keep it that way the website has some famous video game characters  listed in a comment in html so your usually a robot extracting them rather than a carbon based lifeform with a computer.

It amazes me that people actually email these addresses which do not exist but might because there ‘listed’.

China seems to like them and these captains of banana management, and who am i not to keep the spammers happy?  Have no idea what was sent to these imaginary zoo employees but you too can buy them from spammers.

Some spammers get close but make the most amusing mistakes, you know who to email, our imaginary zoo staff will be happy to get your email honest.

Shodan.io’s beachhut in the Seychelles.

seuchelles-dumpAnother sighting for you (my blog) from the unbeautiful Seychelles this time.  It is 89.248.172.16 from an isp i have mentioned for dns probers quasinetworks.com (my blog)and its a house..

connect from house.census.shodan.io[89.248.172.16]

picardSo one more to crimson firewall.  I like blocking shodan.io ip addresses and you should too.

I like writing posts about shodan.- come on send me more shodan this is fun.

 

Facebook spammers

portal2melstoriesI was looking at the zoo’s mailserver logs (hint really exciting) and saw facebook trying to connect to an unknown user. I decided to see more and got something like this.

66.220.155.142
66.220.155.145
66.220.155.147
66.220.155.151
69.171.232.128
69.171.232.130
69.171.232.136
69.171.232.139
69.171.232.142
69.171.232.155
69.171.232.162
69.171.232.164
69.171.232.165
69.171.232.168
69.171.232.170
69.171.232.178

I have printed the magic command somewhere on this blog so this is not impossible output.

69.171.232 Which is facebook and i decided that there no reason to tolerate this crap since no ape here in the zoo is officially on facebook or the new person they think exists.   I also made a cron job so the zoo can be alerted as to extra activity which i have not yet blocked it runs once a day.

Fuck off Facebook.

Keeping ghostforfacebook.com happy

portal2melstoriesRemember them ? (my blog)  well a new range of addresses was being used by them the assistant was not a spam target, the boss was.

It made me laugh while looking at the cron logs some months ago.

I blocked the range of new addresses.  Have not heard from them since.

I might unblock some spam ranges in a years time to further punish the isp who hopefully got paid but if they did not hey that’s not my problem if they sell crap to spammers and let me value your ranges as crap is my logic.

 

Fun blocking facebook mail

malletFacebook (or its ‘users’*) where trying to send something to an made up email address.  So i decided to block facebook mail.   Why ? – because i can

I deployed the mallet (my blog)

ip route show | grep 69.171;ip route show | grep 66.220
prohibit 69.171.232.128
prohibit 69.171.232.130
prohibit 69.171.232.135
prohibit 69.171.232.136
prohibit 69.171.232.139
prohibit 69.171.232.142
prohibit 69.171.232.143
prohibit 69.171.232.145
prohibit 69.171.232.147
prohibit 69.171.232.150
prohibit 69.171.232.151
prohibit 69.171.232.155
prohibit 69.171.232.162
prohibit 69.171.232.164
prohibit 69.171.232.165
prohibit 69.171.232.168
prohibit 69.171.232.170
prohibit 69.171.232.178
prohibit 66.220.155.141
prohibit 66.220.155.142
prohibit 66.220.155.143
prohibit 66.220.155.145
prohibit 66.220.155.147
prohibit 66.220.155.151
prohibit 66.220.155.152

toolsI hope you find this informative if your getting undeliverable crap from facebook via email.

Another facebook like name is ghostforfacebook (my blog) There worth banning too.

*i would guess crooks.

reporting spam and getting it reported as spam

laddete to lady

laddete to lady

I was in the zoo office with the email accounts for whois accounts open, there was spam, where human ladies wanted to go out with apes from the monkey house because eating fruit is cool or something – so i submit them to spamcop together and the email back never came.

Our spam filter (my blog) did not like that and decided to scrap the email. so one and then another was sent and those did return for reporting.

I looked into the problem which was with amavis (my blog) and whitelisting  fixed the issue

@bypass_spam_checks_maps = ([ qw( spam.spamcop.net ) ]);

I always take pleasure in ruining somebodies day in spammer land.

Your welcome.