|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Spam_Killer
Trooper
Joined: Sep 18, 2007
Posts: 21
Location: USA
|
 Posted: Thu Mar 13, 2008 5:45 pm Post subject: Complainterator Ideas! |
|
|
Hi tembow,
You know when you lookup the registrar and there is no registrar can not found, why not lookup the upstream check box to the ISP to notify.
Why not lookup the registry addresses put them on the Cc: line in the spam reports has well?
When ever I lookup the domains I have to put in the www. before the url's domain url in the spam report. Why not added into the spam report the www. part of the domain url's?
Why is the complainterator lookup the IP adresses?
|
|
| Back to top |
|
 |
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1113
Location: USA
|
| Posted: Fri Mar 14, 2008 2:05 pm Post subject: Re: Complainterator Ideas! |
|
|
| Spam_Killer wrote: | Hi tembow,
You know when you lookup the registrar and there is no registrar can not found, why not lookup the upstream check box to the ISP to notify. |
what check box are you referring to? I don't think I've seen many domains without a registrar...since a domain can't really exist on the Interweb without a registrar to add it to the domain name registry (afaik atleast).
| Quote: | | When ever I lookup the domains I have to put in the www. before the url's domain url in the spam report. Why not added into the spam report the www. part of the domain url's? |
Complainterator will create reports using the domain as you enter it into the input field within the app. Sometimes I will enter the www. - sometimes I don't. If the site "works" without the www. - it can be left off, so that the registrar knows to kill the whole domain.
| Quote: | | Why is the complainterator lookup the IP adresses? |
Complainterator was designed to generate reports for "Registrars" - but IP addresses do not hold "registrars" - usually they only hold some sort of ISP values, abuse contact addresses, etc.
But that could be a neat feature/idea/suggestion - particularly for the http://x.x.x.x/ e-card spams, allow entering of an IP address, and generating proper "abuse" reports to send to the ISP/abuse desk listed within the whois details.
Currently, for the Storm IP stuff, I modify the template at SpamWiki - Sample Hijacked Web Server alert to refer to Storm/Nuwar/etc instead of "uirqd" (which is a Linux exploit/infection). But generating a report automagically from an IP address would be cool.
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2889
|
| Posted: Fri Mar 14, 2008 6:51 pm Post subject: |
|
|
The reason for the IP addresses in the Complainterator reports, as I understand it, is that Chinese registrars were aware of some IP ranges being controlled by criminals, so if they got a report on something hosted there they would suspend the domain without much more information being necessary.
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2942
|
| Posted: Sat Mar 15, 2008 7:49 am Post subject: Re: Complainterator Ideas! |
|
|
| Spam_Killer wrote: | Hi tembow,
You know when you lookup the registrar and there is no registrar can not found, why not lookup the upstream check box to the ISP to notify.
Why not lookup the registry addresses put them on the Cc: line in the spam reports has well? |
I do not understand what you mean by the "upstream check box".
Perhaps you mean that Complainterator should go straight to the ICANN page and search for the Registrar, then extract the email contact address automatically. I prefer to see that as a manual function, because it is not easy to program it so that no mistakes are made. These days, the majority of registrars who get abused by spammers and criminals are already in the Complainterator contacts list.
| Quote: | | When ever I lookup the domains I have to put in the www. before the url's domain url in the spam report. Why not added into the spam report the www. part of the domain url's? |
I do not know why you think it is necessary to add in the "www". Can you give some examples of when this has been necessary? Be aware that the registrar suspends the "domain" not the "web URL". So for example, if the web site is www.example.com the registrar suspends example.com. If the web site is www3.example.com, the registrar suspends example.com. That is why Complainterator is correctly asking the registrar to act on the domain name, not the web URL.
| Quote: | | Why is the complainterator lookup the IP adresses? |
1. Complainterator is not designed to perform the function of Spamcop. Already, Spamcop does an excellent job of looking up IP addresses and sending requests to the ISPs who are responsible for the IPs. They do this for both the spammed web site, and for the source of the spam. There is no need to duplicate Spamcop,
2. Complainterator places the IP address of name servers into the name server request. In China, they do things differently. They prefer to track IP address ranges that are abused by spammers. Then they black-hole an IP address, rather than suspend the name server at the DNS level.
3. Complainterator does not generate complaints for URLs which are expressed as IP addresses instead of names. This is widely used for the Storm Trojan. Reporting for those exists as a separate project from Complainterator.
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2942
|
| Posted: Thu Mar 20, 2008 9:34 am Post subject: |
|
|
Version 20.7 (March 20) from www.complainterator.com has
- latest contacts file
- support for a signature file
- protection from Gandi shutting themselves down 
- more retries on traversal to avoid timeouts
If anyone wants to add their list of "dangerous" registrar's name servers they would like to see added, append here. "Dangerous" registrar's name servers are those that should not generate a request to have them shut down.
For example, we would not want anyone to send a request to Tucows to shut down dns1.tucows.com - dns3.tucows.com
nor to Beijing Innovative to shut down ns1.dns.com.cn - ns2.dns.com.cn
A later version of Complainterator will check for such names and not even generate a message. In the mean time, users are expected to check for these manually, and not send them if they are the registrar's own name servers.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
