Jeff Chan wrote:
it's a black hat.
No it's not.
IBTD.
Yahoo is currently trying to properly organize their handling of hosting abuse.
It's no general Yahoo! problem, it's only uk. geocities .com
What does the article say please?
| Date: Thu, 06 Oct 2005 20:04:24 +0200 | From: Frank Ellermann nobody@xyzzy.claranet.de [...] | Newsgroups: spamcop.routing | CC: network-abuse@cc.yahoo-inc.com | Subject: O/R: 66.218.64.0 - 66.218.95.255:network-abuse@cc.yahoo-inc.com [...]
| Hi, for the infamous uk.geocities.com series of spam runs | SpamCop tries:
| : Using abuse net on network-abuse@cc.yahoo-inc.com | : abuse net cc.yahoo-inc.com = postmaster@cc.yahoo-inc.com | : Using best contacts postmaster@cc.yahoo-inc.com | : postmaster@cc.yahoo-inc.com bounces (7 sent : 7 bounces)
| But ARIN apparently says that SC should use:
| : "whois 66.218.77.68@whois.arin.net" | [...] | : Found AbuseEmail in whois network-abuse@cc.yahoo-inc.com | : 66.218.64.0 - 66.218.95.255:network-abuse@cc.yahoo-inc.com
| I recommend to block all mails containing any URL with FQDN | uk.geocities.com in local URIBLs.
| http://www.spamcop.net/sc?id=z812431135z90373e8638a8645cf7c1de6de25ebb36z
| As always SpamCop needed at least five "reloads" to find the | relevant IP for uk.geocities.com spam, and after that effort | it should use some working abuse@ address at Yahoo!
| Bye, Frank
The SC problems with numerous uk. geocities .com spams are a known issue for some months, it just deteriorated. The spam is _apparently_ (don't take my word for it, check it) designed to bypass SURBL, the page contains some harmless plain text plus an "encrypted" JavaScript - I didn't try to unescape() it:
So there's a small chance that it's a Joe Job or some kind of DOS attack. OTOH I hope that I'd hear about it if it's "only" a Joe Job, after all I got this stuff for months.
BTW, why does...
http://spamcheck.freeapp.net/whitelist-hits.new.log.sort
...not list the (probably) hundreds of hits for this FQDN ?
Bye, Frank