50 million ways to die.

use one.

What kind of idiot would send spam traffic to a TGP? Way to turn the best converting traffic there is into the worst :321GFY

This is crazy. Go get 'em Patrick.

Ok, it appears like this dude is usint this method:

1) Find and hack a vulnerable Windows 2000 server.
2) Send mails throught it inserting 2 or 3 random fake headers so the only real working IP is the one that the hacked server has.

Methods to stop him:

1) ask the hacked servers admins to patch them (probably they will not know how to do that or will ignore this, so no way).
2) hack back the hacked servers and install sniffers on them, so the next time the spammer sends his flames around he will be traced and there will be proof to fuck him at all. It would be a nice idea to ask the server admins to put a "honeypot" box for this guy, but I think they will not know how to do that or will not want to do it.
3) call the authorityes and tell them that all these servers are suplanting your internet identity with some strange reason. The most you will get with this is the cops to shutdown the hacked servers, but in 99,99% they will do nothing.

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 16529 invoked by uid 0); 8 May 2003 11:13:59 -0000
Received: from unknown (HELO penispills.com) (217.98.39.122)
by smtp.gammae.com with SMTP; 8 May 2003 11:13:58 -0000
Received: from [190.163.78.175] by mtu23.bigping.com with asmtp; 08 May 2003 00:36:40 +0700
Received: from [157.28.250.74] by smtp.doneohx.com with SMTP; Thu, 08 May 2003 07:29:48 +0800
Received: from [70.4.186.128] by mailout.endmonthnow.com with asmtp; 08 May 2003 15:22:56 -0200
Message-ID: <017001c31557$573b2da0$d52a0174@bdtmeikbo>
Reply-To: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: The Hun's Yellow Pages._-.. .. Rtpcmsbrl
Date: Thu, 08 May 2003 21:45:36 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_68D_A86E_B4987A6C.A40BCD52"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000

wow good work PowerCum :thumbsup

I got this as well.

spam is not for kidding

heh me 2

thehun,
Just for your information...

I would not mess with spammers if you know whats good for you.

You fuck with them, they take you down to chinatown.

ALL huge players are all spammers, ask candidclicks what happened to them when they canceled a spammer.

oops.. candidclicks is not alive anymore hehe.


good luck.

This last leads to a DSL user pt122.dhcp.adsl.tpnet.pl.

This box is slightly diferent from the other ones.

The main differences are:

1) It does not share the hard drives to the outside network
2) It is frewalled in order not to respond to the ping requests (all others responded to ping in the first scan)
3) It is running SMTP AnalogX Proxy 4.10 with several changes or atleast it looks like it's so.
4) It's a dynamic IP, so it could not appear at a public proxy list or so. This means 2 possible things. This is the real spammer (I doubt that), or the real spammer is making continuous scans in order to get opened mail proxies or hackeable mail servers.
5) Definitely the box is running some kind of firewall becasue it takes lot of time to scan it.

Conclusions (for now)

1) All the mail agents appear to be different (from the different headers, Including Outlook versions are different).
2) Affected servers appear to "harden" their security 24 hours after the spam. Perhaps they have realized that their boxes have been used to spam. the other two servers have shut down their mail servervices.
3) Due to the mail agents used to perform the attack it could be a bot that fakes a random mail agent or it could be a virus spreading spam around. It appears to be a bot faking the mail agent because if it was a virus it would be a known one after some days of spam.
4) I am not shure, but I think I have seen a bot that emulates these actions somewhere. Must take a look at my software database.

The more headers we get, the more acurate will become this report.

the anti's are gonna have fun with those... gonna have 50 fresh url's to report every time new galleries are updated :1orglaugh

I got it also tonight.

Smithers,
Release the hounds.


:1orglaugh

I just go this SPAM from TheHun

-----------------------------------------------------------

Submission: http://www.lordoftheteens.com/tgpgal...0/04index.html
Submitted: 2003-05-03 19:14:21


Your gallery is accepted. It will be on-line soon (could be anywhere between 1 day to a month)

The Hun

-----------------------------------------------------------


But he may do that as often as he wants to
:1orglaugh

PowerCum... going for that reward ;-)

Good work, thanks! Could you give me your e-mail address... I have a couple of returned spams that have the original header in 'em...

ice -at- icefire.org

The more headers you give me the easy it will be to trace this guy.
Anyways, it will take some time to do that. Sometimes it takes up to a month or never traced. Even that, I need the $$$ so I have no problems to try tracing this guy.

Now this is too funny, we are talking about getting a spammer and some are crying "Why aren't you listing my galleries?? "

Stop Crying and go buy a listing at cybercatinc ( dot ) com:thumbsup

Hope you get this guy!!!!

Thehun, try to trace as many different servers used for it as possible, then try to get in contact with the admin on them and see if they can provide any logfiles to you. BTW, is he still spamming? If yes, anyone have any headers to post?

i am pretty sure who it is... i want some kind of reward my icq is 220741482 thehun icq me..

TheHun has no icq

:1orglaugh :1orglaugh :1orglaugh

If you were referring to me, I wasn't complaining about not getting galleries listed, I was asking why his site still said I was blacklisted when he personally said I was not blacklisted.

Spammers are nothing more then a bunch of keyboard warriors.
Geeks without friends sitting in their basements sending out spam.
Happy with the money they make but never be able to spend it since they don't go outside.

evildick,
Your gallery must have a link back to your site. I believe that is why TheHun's bot is seeing it, even if the surfer may not.
Michel or Patrick could tell you for sure, but I think this may be the reason.

Try making another gallery - leave only the links of the sponsor and the images - test that all images work (and will not give a 404) then try submitting to him again.

I haven't seen the gallery, I could be wrong - but this is a possiblity.

No, there's no links back to other pages on my site. I think Michel must have just ran my index page through their bot, which would have detected the link to gammacash. If they run one of my galleries through the bot it would be impossible for that to happen.

Here's the last one I tried to submit.

http://loadedgirls.com/galleries/hungallery23.html

I still get a "sorry that is blacklisted, redirects 404 to ads" message.

Here's what happens when you get a 404:

http://loadedgirls.com/typewhatevert...youwantinthere

kinda like most adult webmasters, they only go out for webmaster partys...

That's because this forum automatically opens it in a new window silly. There's no place to go back to!

Visit my gallery page then type in a 404. You can hit the back button then.

Oops. Looks like you removed the post.