Unfortunately, Yahoo is one of the top Spam domain hosts. I don't think there is much you can do about it, generally. Just report the domains as usual.
Yahoo webhosting is a total mess. I guess there must be a reason why they attract so much illegal content.
On top of all the regular porn and phishing spam domains hosted by Yahoo I get on average about four child pornography sites hosted on Yahoo per day (357 domains in just over 90 days).
Does anybody have any inside contacts to get these resolved more quickly? If the sites are online long enough so that CP customers can sign up then this isn't going to stop.
Joe Wein
joewein.de LLC Yokohama, Japan WWW: http://www.joewein.net WWW: http://www.jwspamspy.net WWW: http://www.419scam.org
-Stuart
Joseph Brennan wrote:
What's going on here?
Numerous examples of porn spam sent Sunday have all different hostnames that resolve to the same few IP addresses, apparently by round robin:
$ host takinoivanober.com takinoivanober.com has address 68.142.212.127 takinoivanober.com has address 68.142.212.128 takinoivanober.com has address 68.142.212.129 takinoivanober.com has address 68.142.212.130 takinoivanober.com has address 68.142.212.135 takinoivanober.com has address 68.142.212.126 $ host zascehjukalsderr.com zascehjukalsderr.com has address 68.142.212.130 zascehjukalsderr.com has address 68.142.212.135 zascehjukalsderr.com has address 68.142.212.126 zascehjukalsderr.com has address 68.142.212.127 zascehjukalsderr.com has address 68.142.212.128 zascehjukalsderr.com has address 68.142.212.129 $ host sex368yzx.com sex368yzx.com has address 68.142.212.129 sex368yzx.com has address 68.142.212.130 sex368yzx.com has address 68.142.212.135 sex368yzx.com has address 68.142.212.136 sex368yzx.com has address 68.142.212.137 sex368yzx.com has address 68.142.212.128
Reverse DNS resolves to Yahoo, only:
$ host 68.142.212.130 130.212.142.68.in-addr.arpa domain name pointer p10w14.geo.mud.yahoo.com. $ host 68.142.212.127 127.212.142.68.in-addr.arpa domain name pointer p10w11.geo.mud.yahoo.com. $ host 68.142.212.128 128.212.142.68.in-addr.arpa domain name pointer p10w12.geo.mud.yahoo.com.
The range 68.142.192 through 68.142.255 is all Inktomi, contact address network-abuse@cc.yahoo-inc.com, so it really is Yahoo.
The interesting bit is that connecting by IP address or yahoo hostname gets a "Error 400 - Bad Request", but connecting by the spammer hostname gets a web page.
I'd be especially interested in a generalized way of catching this.
Joseph Brennan Columbia University Information Technology
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss