At 15:36 2004-08-03 -0400, Steven Champeon wrote:
These guys (I've been calling them "Sergey Katchenko", but it appears "Sergey" is a front for yet another spamgang) have been running a joe job against one of my domains for a couple of months now. Want to pre-emptively block all their crud? Run this script:
#!/usr/bin/perl
my @bits = ("akiana","bertikas","bortsimis","enofakel","enomy","fagony","fenium","fikals","frakles","inacalo","indakitos","kitaros","manics","mipatarios","neynano","nimphos","ownaros","pazda","pikas","pitovshe","poises","polishe","porchma","potkasi","pritkeras","sayara","simptomps","sofikals","tronits","valdisimus","xesros"); foreach $front (sort @bits) { foreach $back (sort @bits) { print "$front$back.org\n"; } }
Should give you 961 domains, approximately 300 or so of which are registered at the moment, but all of them have fallen into this pattern so far. He's registered 100 more since I first started keeping track last month, and AFAICT they're all on that generated list.
He seems to have added a few new bits:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&...
Anyway - this is why urirhsbl is such a good idea. All of those domains use the same SBL-listed name server IP.
Patrik