Quantcast How to handle threats from forum spammers! [Sample threat] - digitalFAQ Forum
Go Back    Forum > Digital Publishing / Web Sites > Web Design + Site Planning

Reply
 
LinkBack Thread Tools
  #1  
04-21-2015, 09:30 PM
kpmedia's Avatar
kpmedia kpmedia is offline
Site Staff | Web Hosting, Photo
 
Join Date: Feb 2004
Posts: 4,242
Thanked 354 Times in 332 Posts
Spammer 101

1. Spammers are stupid. 99%+ of them have very limited computer knowledge.
2. Spammers always lie. And since they're also stupid, it's really easy to see these lies.
3. Spamming is a long-term failure. They're wasting their time.
4. But spammers also waste your time -- be you mere recipient, site owner, or server admin.


Sample Threat + Response

About a week ago, I got this gem in my inbox:

Quote:
Originally Posted by spammer idiot
Michael Dahl (missilemike@comcast.net) is e-mailing you about
Need help with forum registration or have a member login problem?

Message: Dear Administrator,
I am quite disappointed in being denied access because of a list allegation. Would you provide me the source of the alleged accusation against me? I will not honor this allegation because it's not justified!
With kindest regards,
Michael Dahl and Family
missilemike@comcast.net

Contact Details:
IP: 104.151.242.62
E-mail: missilemike@comcast.net
Forum Username: Unregistered (ID=0)
When I saw the butchered English, and weird words like "allegation", I immediately knew it was a foreigner. Phrases like "with kindest regards" points to the middle east (India especially). This person was also clearly confused with what he read on screen.

It was unusual to get this sort of email from a @comcast.net address.

There was the slim possibility that the email was legit. We'd recently made some stricter anti-spam and security changes to our site, and may have overtightened it by accident. It was a possible oops on our part. We'd already caught two other minor issues from the new rules.

So I wrote back:

Quote:
Originally Posted by KP
How are you being denied?
- Are you getting this page? http://www.digitalFAQ.com/banned.htm
- Or are you hitting a CloudFlare captcha page?

Ideally nobody valid will ever see these alerts. If anyone valid is seeing these, I need to know. False positives are not good.
About 12 hours later, I got a response.

Quote:
Originally Posted by spammer idiot
Hello,
First and foremost, today I was interested in joining your forum because I am a 62 year old disabled guy that wants to make instructional videos. When I submitted my registration the program denied my application stating that I was some sort of felon in regards to web "trafficking" websites. I have a snapshot of the denial if you are interested. I was extremely disappointed that anyone would blatantly defame me on public venue. I have impressive credentials and have friends in the nation's
capital with whom I have made aware of such a fiendish yet provocative allegation. Lastly, I bid you good tidings from the great state of Delaware and will be in touch with your Administration Department in short order.
With Kindest Regards,
Michael Dahl and Family
The entire response was amusing.

A retired disabled guy wants to make instructional videos? Possible, but unlikely. This is already looking like a scam.

Nothing in use accuses anyone of being a felon, or "trafficking" anything, etc.

The email was sent in the wee hours of the morning. It's extremely unlikely that a disabled senior in Delaware was sending us emails at that hour. Nor is a "Dahl" (northern Europe ancestral name) going to speak Engrish like a middle easterner.

Something was up.

I especially enjoyed the flimsy threats to tell "friends in the nation's capital". He doesn't seem to even know what nation the site is hosted in.

So I checked the server logs. And I got a hit:

Code:
missilemike     
missilemike@comcast.net    
104.151.242.62     
Result on field ip - 104.151.242.62 - Spammer and rejected by policy
StopForumSpam reported dozens of forum spam attempts, that same day, from that IP. Furthermore, the email addresses being attempted were from a Russian freemail.

A search of the IP address came back as:

Code:
IP Address: 104.151.242.62
City: Henderson, Nevada, United States, 89074
ISP: Enzu Inc 
Domain: scalabledns.com
So a guy speaking Engrish, living in Delaware, is posting from Nevada? Right.

You can go one further yet, and look at scalabledns.com on WOT: https://www.mywot.com/en/scorecard/scalabledns.com
It's just a spammer domain.

And a search of the email address brought back a bunch of Arabic blah-blah: https://addons.mozilla.org/ar/firefox/user/missilemike
Yep, middle eastern, as I'd suspected all along.

So I wrote back. (And I must've been in a good mood, as it was tame.)

Quote:
Originally Posted by KP
Yes, do send over whatever screenshot you have. Post them using a free image hosting service like http://postimage.org. Then send ove the link.

I see you in the logs
- missilemike
- missilemike@comcast.net
- 104.151.242.62
- Result on field ip - 104.151.242.62 - Spammer and rejected by policy

If you run a search on http://stopforumspam.com/search, what comes up is a bunch of Russian spam attempts from yesterday.

I've you're really in Delaware, then why does your IP clome back to a proxy server in Nevada?
- 104.151.242.62
- Henderson, Nevada, US, 89074
- Enzu Inc
- scalabledns.com

And to a server with a reputation for spam: https://www.mywot.com/en/scorecard/scalabledns.com

As far as making others aware -- please do so. Spam is a problem, and should be stopped.
The douchebag never wrote back.

Once upon a time, 15 years ago, a real "missilemike" did exist: http://www.dslreports.com/forum/r865...ate-~start=120. He wrote coherent English back then! But that email account was likely abandoned, and a spammer nabbed it from a brute force.


Conclusion

When it comes to spam threats, you have 3 choices.

1. Delete it.
2. Reply with facts and questions, and stay professional/business-like, as I did here.
3. Reply with sarcasm, and even insults. (Since the spammer wasted your time, you're allowed to make it worth your while.)

I also learned not to trust @comcast.net addresses. Apparently spammers (ab)use those too, just like the freemails.

- Did my advice help you? Then become a Premium Member and support this site.
- Please Like Us on Facebook | Follow Us on Twitter

- Need a good web host? Ask me for help! Get the shared, VPS, semi-dedicated, cloud, or reseller you need.
Reply With Quote
The following users thank kpmedia for this useful post: Winsordawson (04-23-2015)
Someday, 12:01 PM
admin's Avatar
Ads / Sponsors
 
Join Date: ∞
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
  #2  
04-23-2015, 02:11 PM
Winsordawson Winsordawson is offline
Premium Member
 
Join Date: Sep 2010
Location: Behind you
Posts: 319
Thanked 8 Times in 8 Posts
Your "Administration Department"?
I would be curious to see what exactly these "impressive credentials" are.......
But I found it's best not to feed the spammers, if they know the sender's email.
Reply With Quote
  #3  
04-26-2015, 01:42 AM
kpmedia's Avatar
kpmedia kpmedia is offline
Site Staff | Web Hosting, Photo
 
Join Date: Feb 2004
Posts: 4,242
Thanked 354 Times in 332 Posts
One word: SpamExperts.

A spammer getting your email address is no longer the end of the world.

If you use freemail, like Gmail or Yahoo, maybe there is a slight cause for concern, as those free mail services have lousy spam filters. So you're at their mercy.

But if you have your own mail domain, then you can filter out junk in several ways. The first defense is SpamExperts, which has a 99%+ effectiveness rate of preventing junk from hitting your server AND in preventing false positives.

We use this, and get the $4 monthly license from Veerotech.

It's just one aspect of running a popular site, along with DDoS protection, security audits, etc.

- Did my advice help you? Then become a Premium Member and support this site.
- Please Like Us on Facebook | Follow Us on Twitter

- Need a good web host? Ask me for help! Get the shared, VPS, semi-dedicated, cloud, or reseller you need.
Reply With Quote
  #4  
04-26-2015, 12:47 PM
Winsordawson Winsordawson is offline
Premium Member
 
Join Date: Sep 2010
Location: Behind you
Posts: 319
Thanked 8 Times in 8 Posts
Thanks, I could redirect my mail to a webpage address and then redirect it back to my freemail, but for now I'll have to pray to the spam Gods...
Reply With Quote
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
SEO, SEM, SMM services from spammers? shorttime Web Design + Site Planning 1 10-29-2014 04:09 AM
Beware of Article Spammers! kpmedia Web Design + Site Planning 0 07-20-2013 08:34 AM
Spammers = about as sharp as a sack of wet mice kpmedia General Discussion 1 07-17-2013 10:59 PM
Is Java a bad computer threat? cyber-junkie Tech Myths, Misinformation 2 01-23-2013 10:22 PM
Mpeg cutter to handle jvc lpcm? manthing Edit Video, Audio 2 03-30-2006 08:01 AM

Thread Tools



 
All times are GMT -5. The time now is 02:20 AM