OVH Community, your new community space.

Spam J-3


oles@ovh.net
24-10-10, 17:12
por exemplo ... 188.165.192.90 ?

http://www.senderbase.org/senderbase...188.165.192.90
http://www.spamcop.net/w3m?action=ch...88.165.195.199

804 N Sep 20 23:30:46 5217492847@repo ( 68) [SpamCop (188.165.195.199) id:5217492847]It is the chance o =?iso-88..
2327 N Sep 23 01:46:16 Sergey Gorovoy ( 61) [SpamCop (188.165.195.199) id:5220330235]Reliable online ph =?iso-88..
4196 N Sep 26 14:27:42 5225062129@repo ( 60) [SpamCop (188.165.195.199) id:5225062129]What is your healt =?iso-88..
4532 N Sep 26 19:03:02 5226070613@repo ( 79) [SpamCop (188.165.195.199) id:5226070613]Reveal the secret =?iso-88..
5182 N Sep 26 03:22:08 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5227605200]Hi, take health pi =?iso-88..
7073 N Sep 29 10:10:04 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5231568740]Life health in you =?iso-88..
7635 N Sep 29 21:54:05 Simon Hova ( 35) [SpamCop (188.165.195.199) id:5232785775]\/\/\/NUMBER ONE ONLINE DRUG-STORE!\/\/\
9030 N Oct 01 19:41:02 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5236118942]Become a real expe =?iso-88..
9902 N Oct 03 20:17:35 Roanan ( 66) [SpamCop (188.165.195.199) id:5238547171]Be proud of what y =?iso-88..
13994 N Oct 08 23:33:52 Johnny Oesterga ( 69) [SpamCop (188.165.195.199) id:5247626051]Just live a full l =?iso-88..
14359 N Oct 09 02:27:38 Stephen Ermann ( 69) [SpamCop (188.165.195.199) id:5248453071]Anxiety, stress, d =?iso-88..
14468 N Oct 10 03:53:02 blackhole@abuse ( 138) ARF report from TDC regarding IP 188.165.195.199, report id 4711043
15830 N Oct 11 10:10:23 Minoru TODA ( 76) [SpamCop (188.165.195.199) id:5251407819]1
16808 N Oct 12 22:33:59 Mister Dave ( 75) [SpamCop (188.165.195.199) id:5253656555]Let them call you =?iso-88..
16809 N Oct 13 02:33:59 Mister Dave ( 61) [SpamCop (188.165.195.199) id:5253657095]Drive your problem =?iso-88..
17514 N Oct 13 10:43:56 5255286955@repo ( 81) [SpamCop (188.165.195.199) id:5255286955]Life health in you =?iso-88..
17633 N Oct 14 02:08:34 GMH in the Unit ( 61) [SpamCop (188.165.195.199) id:5255698447]Make women dream a =?iso-88..
18826 N Oct 15 07:58:29 Jay Bangle ( 64) [SpamCop (188.165.195.199) id:5258630197]Make women dream a =?iso-88..
19123 N Oct 16 11:57:28 Spam Hater ( 52) [SpamCop (188.165.195.199) id:5259895793]This is your fair =?iso-88..
19182 N Oct 16 04:56:06 Karen Bagnall ( 44) [SpamCop (188.165.195.199) id:5260183071]Your wife will nev =?iso-88..
19810 N Oct 18 01:19:06 WeFrySpam ( 65) [SpamCop (188.165.195.199) id:5262476429]What is your healt =?iso-88..
20145 N Oct 18 02:06:11 WeFrySpam ( 60) [SpamCop (188.165.195.199) id:5263711880]Let your potency d =?iso-88..
21362 N Oct 20 02:48:38 Simeon Tankard ( 65) [SpamCop (188.165.195.199) id:5266781485]Let your men?s pow =?iso-88..
22500 N Oct 21 17:23:14 blackhole@abuse ( 119) ARF report from TDC regarding IP 188.165.195.199, report id 4916609
23840 N Oct 24 12:26:55 Gankoj Samurai ( 63) [SpamCop (188.165.195.199) id:5274073894]Join those who liv =?iso-88..

e no servidor:

Niglos 30683 0.0 0.0 5172 500 ? S Jun23 0:00 /usr/bin/perl inbox.pl
Niglos 30717 0.0 0.0 5172 500 ? S Jun22 0:00 /usr/bin/perl inbox.pl
Niglos 30815 0.0 0.1 4944 3460 ? Ss Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30859 0.0 0.1 5164 3788 ? S Oct09 0:00 /usr/bin/perl inbox.pl
Niglos 30952 0.0 0.0 4944 1048 ? Ss Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 30953 0.0 0.1 5176 3800 ? S Oct09 0:02 /usr/bin/perl inbox.pl
Niglos 30956 0.0 0.0 4944 1048 ? Ss Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 30970 0.0 0.1 4944 3460 ? Ss Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 30976 0.0 0.0 4944 404 ? Ss Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 30988 0.0 0.1 5172 3796 ? S Oct09 0:01 /usr/bin/perl inbox.pl
Niglos 30990 0.0 0.0 4944 1048 ? Ss Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 30991 0.0 0.0 5164 500 ? S Jun25 0:00 /usr/bin/perl inbox.pl
Niglos 31027 0.0 0.0 5164 1296 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31065 0.0 0.0 5168 1324 ? S Aug28 0:00 /usr/bin/perl inbox.pl
Niglos 31071 0.0 0.0 5172 1300 ? S Aug04 0:00 /usr/bin/perl inbox.pl
Niglos 31113 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31118 0.0 0.1 5176 3800 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31166 0.0 0.1 5172 3796 ? S Oct16 0:00 /usr/bin/perl inbox.pl
Niglos 31175 0.0 0.0 4944 1048 ? Ss Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31196 0.0 0.0 5176 1332 ? S Aug29 0:00 /usr/bin/perl inbox.pl
Niglos 31234 0.0 0.0 5164 1300 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31245 0.0 0.0 5164 1296 ? S Aug12 0:00 /usr/bin/perl inbox.pl
Niglos 31266 0.0 0.0 4944 404 ? Ss Jul17 0:00 /usr/bin/perl inbox.pl

tcp 0 0 188.165.195.199:37417 89.167.219.1:25 ESTABLISHED 15160/perl
tcp 0 0 188.165.195.199:37040 89.167.219.1:25 ESTABLISHED 3616/perl
tcp 0 0 188.165.195.199:43671 89.167.219.1:25 ESTABLISHED 26116/perl
tcp 0 0 188.165.195.199:60018 89.167.219.1:25 ESTABLISHED 4571/perl
tcp 0 0 188.165.195.199:44990 89.167.219.1:25 ESTABLISHED 24511/perl
tcp 0 0 188.165.195.199:41900 89.167.219.1:25 ESTABLISHED 18319/perl
tcp 0 0 188.165.195.199:44189 210.145.113.10:25 ESTABLISHED 21621/perl
tcp 0 0 188.165.195.199:58052 89.167.219.1:25 ESTABLISHED 20858/perl
tcp 0 0 188.165.195.199:35796 89.167.219.1:25 ESTABLISHED 11028/perl
tcp 0 0 188.165.195.199:37043 89.167.219.1:25 ESTABLISHED 16731/perl
tcp 0 0 188.165.195.199:34803 89.167.219.1:25 ESTABLISHED 13643/perl
tcp 0 0 188.165.195.199:37344 89.167.219.1:25 ESTABLISHED 973/perl
tcp 0 0 188.165.195.199:58165 89.167.219.1:25 ESTABLISHED 4768/perl
tcp 0 0 188.165.195.199:49812 89.167.219.1:25 ESTABLISHED 2114/perl
tcp 0 0 188.165.195.199:58141 89.167.219.1:25 ESTABLISHED 23610/perl
tcp 0 0 188.165.195.199:36088 89.167.219.1:25 ESTABLISHED 24483/perl
tcp 0 0 188.165.195.199:57828 89.167.219.1:25 ESTABLISHED 22184/perl
tcp 0 0 188.165.195.199:42590 89.167.219.1:25 ESTABLISHED 22212/perl
tcp 0 0 188.165.195.199:51452 89.167.219.1:25 ESTABLISHED 23516/perl
tcp 0 0 188.165.195.199:48609 89.167.219.1:25 ESTABLISHED 19231/perl
tcp 0 0 188.165.195.199:48024 89.167.219.1:25 ESTABLISHED 27181/perl
tcp 0 0 188.165.195.199:38390 210.145.113.10:25 ESTABLISHED 18690/perl
tcp 0 0 188.165.195.199:54245 89.167.219.1:25 ESTABLISHED 15935/perl
tcp 0 0 188.165.195.199:56757 89.167.219.1:25 ESTABLISHED 30988/perl
tcp 0 0 188.165.195.199:38066 210.145.113.10:25 ESTABLISHED 29321/perl
tcp 0 0 188.165.195.199:35592 89.167.219.1:25 ESTABLISHED 17304/perl
tcp 0 0 188.165.195.199:38764 89.167.219.1:25 ESTABLISHED 2479/perl
tcp 0 0 188.165.195.199:34920 89.167.219.1:25 ESTABLISHED 14353/perl


[root@ns310321 root]# lsof -n |grep 21621
inbox.pl 21621 Niglos cwd DIR 9,2 4096 23093250 /home/Niglos/cgi-bin
inbox.pl 21621 Niglos rtd DIR 9,1 4096 2 /
inbox.pl 21621 Niglos txt REG 9,1 708188 41456 /usr/bin/perl
inbox.pl 21621 Niglos mem REG 9,1 90006 124422 /lib/ld-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 7867 66655 /usr/lib/perl5/5.6.0/i386-linux/auto/Sys/Hostname/Hostname.so
inbox.pl 21621 Niglos mem REG 9,1 86812 124429 /lib/libnsl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 13966 124427 /lib/libdl-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 174032 124428 /lib/libm-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 1363451 124425 /lib/libc-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 25283 124426 /lib/libcrypt-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 95207 66496 /usr/lib/perl5/5.6.0/i386-linux/auto/POSIX/POSIX.so
inbox.pl 21621 Niglos mem REG 9,1 18333 66482 /usr/lib/perl5/5.6.0/i386-linux/auto/IO/IO.so
inbox.pl 21621 Niglos mem REG 9,1 19591 66651 /usr/lib/perl5/5.6.0/i386-linux/auto/Socket/Socket.so
inbox.pl 21621 Niglos mem REG 9,1 45283 124436 /lib/libnss_files-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 46697 124439 /lib/libnss_nisplus-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 15888 124435 /lib/libnss_dns-2.2.5.so
inbox.pl 21621 Niglos mem REG 9,1 65212 124440 /lib/libresolv-2.2.5.so
inbox.pl 21621 Niglos 0r CHR 1,3 93524 /dev/null
inbox.pl 21621 Niglos 1w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 2w REG 9,2 0 23093351 /home/Niglos/cgi-bin/sys/error.log (deleted)
inbox.pl 21621 Niglos 3u IPv4 92836087 TCP 188.165.195.199:44189->210.145.113.10:smtp (ESTABLISHED)
inbox.pl 21621 Niglos 8u REG 9,1 1024 229927 /var/webmin/sessiondb.pag
inbox.pl 21621 Niglos 9u REG 9,1 0 229926 /var/webmin/sessiondb.dir

oles@ovh.net
24-10-10, 16:04
Olá,
Estamos actualmente a concluir os desenvolvimentos relacionados
com o combate ao spam gerado na nossa rede. Nós
acho que podemos passar a utilizar os mecanismos durante o
decorrer desta semana.
O desenvolvimento foi iniciado há 9 meses e levará ainda
mais 2 meses.

IPs que enviam spam terão a porta 25 bloqueada (saída) .
Isto é, se considerarmos que um servidor envia
spam, vamos bloqueá-lo. Todo o resto do serviço,
inclusive recepção de e-mails continuará a funcionar.

Contamos com as reclamações recebidas por vários sites como
http://www.spamcop.net . O cliente deve primeiro
resolver o problema nesses sites para que a OVH
desbloqueie o envio de emails a partir do servidor.
Enquanto isso, o cliente não pode
encomendar um novo servidor ou ter um novo IP.

Todo o processo será automático e público. Assim,
iremos realçar a rede de spammers (se houver)
mas também dizem que a OVH bloqueia e por quê.
De seguida, a quem a OVH "abre" e porquê. Total transparência.
Saberão exactamente o que a OVH faz (ou não) para evitar spam
na rede.

Então, se você receber spam de nossa rede, não envie emails para
abuse@ovh.net, mas declare o
spam em http://www.spamcop.net ... simplesmente. Eles
vão transmitir-nos a informação e nós faremos o necessário.

O mesmo método será usado para phishing,
malware e botnets. Ao mesmo tempo, devemos também tornar
públicos os IPs que enviam spam para a nossa rede e
declarar (por nosso turno) as redes que se especializam
nesta actividade ... Tecnicamente, o código
originalmente escrito está a evoluir para se basear
no "armário de Tóquio" e "Kyoto", que já usamos para
a proposta de anti-phishing (da qual pôde testar a velocidade
há cerca de uma semana). Só falta o "privateCloud"
para o trabalho de desenvolvimento ir directamente para prod
e nós podermos desenvolver o projecto de infraestrutura de
maneira muito flexível, com alguns cliques ... Ainda perdemos
tempo a fazer trabalho "sysadmin-1999-like" ...

Para saber mais:
http://fallabs.com/tokyocabinet/
http://fallabs.com/kyotocabinet/

Amigavelmente,
Octave