[SURBL-Discuss] Yahoo redirector?

Joe Wein joewein at pobox.com
Mon Oct 2 22:33:15 CEST 2006


> Unfortunately, Yahoo is one of the top Spam domain hosts.  I don't think 
> there is much you can do about it, generally.  Just report the domains as 
> usual.

Yahoo webhosting is a total mess. I guess there must be a reason why they 
attract so much illegal content.

On top of all the regular porn and phishing spam domains hosted by Yahoo I 
get on average about four child pornography sites hosted on Yahoo per day 
(357 domains in just over 90 days).

Does anybody have any inside contacts to get these resolved more quickly? If 
the sites are online long enough so that CP customers can sign up then this 
isn't going to stop.

Joe Wein

joewein.de LLC
Yokohama, Japan
WWW: http://www.joewein.net
WWW: http://www.jwspamspy.net
WWW: http://www.419scam.org

>
> -Stuart
>
>
> Joseph Brennan wrote:
>>
>> What's going on here?
>>
>> Numerous examples of porn spam sent Sunday have all different hostnames
>> that resolve to the same few IP addresses, apparently by round robin:
>>
>> $ host takinoivanober.com
>> takinoivanober.com has address 68.142.212.127
>> takinoivanober.com has address 68.142.212.128
>> takinoivanober.com has address 68.142.212.129
>> takinoivanober.com has address 68.142.212.130
>> takinoivanober.com has address 68.142.212.135
>> takinoivanober.com has address 68.142.212.126
>> $ host zascehjukalsderr.com
>> zascehjukalsderr.com has address 68.142.212.130
>> zascehjukalsderr.com has address 68.142.212.135
>> zascehjukalsderr.com has address 68.142.212.126
>> zascehjukalsderr.com has address 68.142.212.127
>> zascehjukalsderr.com has address 68.142.212.128
>> zascehjukalsderr.com has address 68.142.212.129
>> $ host sex368yzx.com
>> sex368yzx.com has address 68.142.212.129
>> sex368yzx.com has address 68.142.212.130
>> sex368yzx.com has address 68.142.212.135
>> sex368yzx.com has address 68.142.212.136
>> sex368yzx.com has address 68.142.212.137
>> sex368yzx.com has address 68.142.212.128
>>
>> Reverse DNS resolves to Yahoo, only:
>>
>> $ host 68.142.212.130
>> 130.212.142.68.in-addr.arpa domain name pointer p10w14.geo.mud.yahoo.com.
>> $ host 68.142.212.127
>> 127.212.142.68.in-addr.arpa domain name pointer p10w11.geo.mud.yahoo.com.
>> $ host 68.142.212.128
>> 128.212.142.68.in-addr.arpa domain name pointer p10w12.geo.mud.yahoo.com.
>>
>> The range 68.142.192 through 68.142.255 is all Inktomi, contact address
>> network-abuse at cc.yahoo-inc.com, so it really is Yahoo.
>>
>> The interesting bit is that connecting by IP address or yahoo hostname
>> gets a "Error 400 - Bad Request", but connecting by the spammer hostname
>> gets a web page.
>>
>> I'd be especially interested in a generalized way of catching this.
>>
>> Joseph Brennan
>> Columbia University Information Technology
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.surbl.org
>> http://lists.surbl.org/mailman/listinfo/discuss
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
>
> 



More information about the Discuss mailing list