The only thing i know in life is free is a free bukkake!

FREE BUKKAKE!

I have sent you a mail requesting some extra info.
Here are the shares on the server that is originating the spam (At least this is what I can get with the info on the header posted on this post)

Password:
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

Sharename Type Comment
--------- ---- -------
Error returning browse list: ERRDOS - ERRnoaccess (Access denied.)

Server Comment
--------- -------
PC1 Amministrazione
PC2 Stefano - Sviluppo
PC3 Vendite
PC4 Software
PC5 Tastiere
SERVER

Workgroup Master
--------- -------
WORKGROUP SERVER

It appears to e a completely hax0red windows box. That's what happens when people use Window$

Send me some mail headers and error mails you told you are getting (with headers intact) so I can get shure it's the same server and I will not install a sniffer on some decent people's box.

Kaloyan Georgiev

who are you calling lamer, bitch?

i don't intend fucking with you...but you just won't let go won't you?

i asked a question...but you must be a dick and bitch about it
so STFU...:321GFY


i don't want to pay 1000$ for a gallery listing....an as far as i remmber that's the rate

You can see that on my main page on the right hand site I have links to sponsor hosted hourly updated pics. That link you posted is the first one for "lesbian sluts".

Surfers will NEVER see this when they click on one of my galleries. If they visit my galleries and get a 404 they will still NEVER see it.

They ONLY way they would get that is if they decided to visit my main page and then decided to click on that link.

Are you saying you can't have any links ANYWHERE on your site that would lead to consoles even if they are TOTALLY separate from where you submit your galleries? That's seems strange.

Hey,
it look like I was on that spammer list too.

didnt know thehun took gammacash now.. maybe i should promote them again. lol

I want to be on that spam list too, so I could get more acurate info about this spam instead of looking at this post :(

Still waiting for the mail headers.

Lets be partners, you seem to know how to track this guy down, so we will split the reward, 50/50.


So tell me all your findings and I will report them to the Hun, now that I have his office phone number.

:)

I wasn't submitting galleries with gammacash link codes on them.

The gammacash link was on a totally separate page of my site that surfer's would never have seen if they were just checking out my gallery submissions.

Here is the headers from the email I received...
I replaced my email in the header



Received: from real-amateur-polaroids.com [68.72.238.169] by mail.candidhosting.com
(SMTPD32-7.13) id AD581F7A0116; Thu, 08 May 2003 05:03:20 -0400
Received: from [150.123.78.203] by asx121.turbo-inline.com with QMQP; 08 May 2003 09:11:22 +0500
Received: from 117.149.170.93 ([117.149.170.93]) by qrx.quickslick.com with asmtp; Thu, 08 May 2003 14:07:06 -0200
Message-ID: <ed1501c31553$25559360$4ea83a52@ckigecirgweg>
Reply-To: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Hi webmaster Your only book mark the huns yellow pages.. .._ . Mivdigruiiokbjgoirehejpmei
Date: Thu, 08 May 2003 23:15:34 +1200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_7C5_420B_F293E639.C687E1E9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 339130337


Hope that helps...

50 million ways to die.

use one.

What kind of idiot would send spam traffic to a TGP? Way to turn the best converting traffic there is into the worst :321GFY

This is crazy. Go get 'em Patrick.

Ok, it appears like this dude is usint this method:

1) Find and hack a vulnerable Windows 2000 server.
2) Send mails throught it inserting 2 or 3 random fake headers so the only real working IP is the one that the hacked server has.

Methods to stop him:

1) ask the hacked servers admins to patch them (probably they will not know how to do that or will ignore this, so no way).
2) hack back the hacked servers and install sniffers on them, so the next time the spammer sends his flames around he will be traced and there will be proof to fuck him at all. It would be a nice idea to ask the server admins to put a "honeypot" box for this guy, but I think they will not know how to do that or will not want to do it.
3) call the authorityes and tell them that all these servers are suplanting your internet identity with some strange reason. The most you will get with this is the cops to shutdown the hacked servers, but in 99,99% they will do nothing.

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 16529 invoked by uid 0); 8 May 2003 11:13:59 -0000
Received: from unknown (HELO penispills.com) (217.98.39.122)
by smtp.gammae.com with SMTP; 8 May 2003 11:13:58 -0000
Received: from [190.163.78.175] by mtu23.bigping.com with asmtp; 08 May 2003 00:36:40 +0700
Received: from [157.28.250.74] by smtp.doneohx.com with SMTP; Thu, 08 May 2003 07:29:48 +0800
Received: from [70.4.186.128] by mailout.endmonthnow.com with asmtp; 08 May 2003 15:22:56 -0200
Message-ID: <017001c31557$573b2da0$d52a0174@bdtmeikbo>
Reply-To: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: The Hun's Yellow Pages._-.. .. Rtpcmsbrl
Date: Thu, 08 May 2003 21:45:36 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_68D_A86E_B4987A6C.A40BCD52"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000

wow good work PowerCum :thumbsup

I got this as well.

spam is not for kidding

heh me 2

thehun,
Just for your information...

I would not mess with spammers if you know whats good for you.

You fuck with them, they take you down to chinatown.

ALL huge players are all spammers, ask candidclicks what happened to them when they canceled a spammer.

oops.. candidclicks is not alive anymore hehe.


good luck.

This last leads to a DSL user pt122.dhcp.adsl.tpnet.pl.

This box is slightly diferent from the other ones.

The main differences are:

1) It does not share the hard drives to the outside network
2) It is frewalled in order not to respond to the ping requests (all others responded to ping in the first scan)
3) It is running SMTP AnalogX Proxy 4.10 with several changes or atleast it looks like it's so.
4) It's a dynamic IP, so it could not appear at a public proxy list or so. This means 2 possible things. This is the real spammer (I doubt that), or the real spammer is making continuous scans in order to get opened mail proxies or hackeable mail servers.
5) Definitely the box is running some kind of firewall becasue it takes lot of time to scan it.

Conclusions (for now)

1) All the mail agents appear to be different (from the different headers, Including Outlook versions are different).
2) Affected servers appear to "harden" their security 24 hours after the spam. Perhaps they have realized that their boxes have been used to spam. the other two servers have shut down their mail servervices.
3) Due to the mail agents used to perform the attack it could be a bot that fakes a random mail agent or it could be a virus spreading spam around. It appears to be a bot faking the mail agent because if it was a virus it would be a known one after some days of spam.
4) I am not shure, but I think I have seen a bot that emulates these actions somewhere. Must take a look at my software database.

The more headers we get, the more acurate will become this report.

the anti's are gonna have fun with those... gonna have 50 fresh url's to report every time new galleries are updated :1orglaugh

I got it also tonight.

Smithers,
Release the hounds.


:1orglaugh

I just go this SPAM from TheHun

-----------------------------------------------------------

Submission: http://www.lordoftheteens.com/tgpgal...0/04index.html
Submitted: 2003-05-03 19:14:21


Your gallery is accepted. It will be on-line soon (could be anywhere between 1 day to a month)

The Hun

-----------------------------------------------------------


But he may do that as often as he wants to
:1orglaugh

PowerCum... going for that reward ;-)

Good work, thanks! Could you give me your e-mail address... I have a couple of returned spams that have the original header in 'em...

ice -at- icefire.org

The more headers you give me the easy it will be to trace this guy.
Anyways, it will take some time to do that. Sometimes it takes up to a month or never traced. Even that, I need the $$$ so I have no problems to try tracing this guy.

Now this is too funny, we are talking about getting a spammer and some are crying "Why aren't you listing my galleries?? "

Stop Crying and go buy a listing at cybercatinc ( dot ) com:thumbsup

Hope you get this guy!!!!

Thehun, try to trace as many different servers used for it as possible, then try to get in contact with the admin on them and see if they can provide any logfiles to you. BTW, is he still spamming? If yes, anyone have any headers to post?

i am pretty sure who it is... i want some kind of reward my icq is 220741482 thehun icq me..

TheHun has no icq

:1orglaugh :1orglaugh :1orglaugh

If you were referring to me, I wasn't complaining about not getting galleries listed, I was asking why his site still said I was blacklisted when he personally said I was not blacklisted.

Spammers are nothing more then a bunch of keyboard warriors.
Geeks without friends sitting in their basements sending out spam.
Happy with the money they make but never be able to spend it since they don't go outside.

evildick,
Your gallery must have a link back to your site. I believe that is why TheHun's bot is seeing it, even if the surfer may not.
Michel or Patrick could tell you for sure, but I think this may be the reason.

Try making another gallery - leave only the links of the sponsor and the images - test that all images work (and will not give a 404) then try submitting to him again.

I haven't seen the gallery, I could be wrong - but this is a possiblity.

No, there's no links back to other pages on my site. I think Michel must have just ran my index page through their bot, which would have detected the link to gammacash. If they run one of my galleries through the bot it would be impossible for that to happen.

Here's the last one I tried to submit.

http://loadedgirls.com/galleries/hungallery23.html

I still get a "sorry that is blacklisted, redirects 404 to ads" message.

Here's what happens when you get a 404:

http://loadedgirls.com/typewhatevert...youwantinthere

kinda like most adult webmasters, they only go out for webmaster partys...

That's because this forum automatically opens it in a new window silly. There's no place to go back to!

Visit my gallery page then type in a 404. You can hit the back button then.

Oops. Looks like you removed the post.