ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Bill Waggoner

Evidence Menu:

Bill Waggoner Index


Country: United States
State: Nevada
Long-time spammer who has worked his way through most of the "fashions" in spam. Most recently involved in snowshoe spam through affiliate marketing programs.


Bill Waggoner SBL Listings History
Current SBL Listings
Archived SBL Listings

NANAE: "Spammer sends me his console logs"


Great stuff - seems Bill's "testbox" is quite broken.

Has a Scott Richter tie-in: cpaempire.com

________

Looks like the spammer's "Include a random text file from the hard drive in order to throw off the bayesian filters" feature is malfunctioning.

This is a bit interesting, a bit amusing.

[ Wrote 99 lines ]

bill@testbox:/opt/gdmailer$ bash runmailer.sh bill
Mailer is running.
Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress...
bill@testbox:/opt/gdmailer$ bash runmailer.sh bill
Mailer is running.
Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress...
bill@testbox:/opt/gdmailer$
Last login: Sat Jun 19 15:34:37 2004 from aplushosting.co
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights
reserved.

FreeBSD 4.8-RELEASE-p16 (kernel) #0: Sun Mar 7 13:56:55 GMT 2004
To repeat the last command in the C shell, type "!!".
-- Dru <genesis@istar.ca>
bill@testbox:~$ cd /www/sites/
bill@testbox:/www/sites$ mkdir cas1
bill@testbox:/www/sites$ cp -R 0003/* cas1
bill@testbox:/www/sites$ cd cas1/
bill@testbox:/www/sites/cas1$ ;s
-bash: syntax error near unexpected token `;'
bill@testbox:/www/sites/cas1$ ls
_opt_5.gif ao.gif index.cgi logogen.img rd.cgi
removepage.cgi unsubscribe.cgi
_pt_5.gif canspam.gif logo.img pt.gif
remove.cgi signup.cgi
bill@testbox:/www/sites/cas1$ pico index.cgi

[snip]

GNU nano 1.2.2 File:
index.cgi

#!/usr/bin/perl

##
## BulkWeb - Web : index.cgi
## revision: 3.4.1
## last updated: Jun 3 03
##
## modified 5-11-04 to display no frame
##
## this script is the "face" of all the sites; it handles keys and no-
keys, as well
## as multiple targets
##

use DBI;
use POSIX;

my ($dbh, $sth, $sth2, $findkey);
my ($id,
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qmstring, $removed, $orig);
my ($logfile, $logtime, $match, $vrfy);
my ($emailaddr, @buf1, @buf2, $tablename, @matches);
my (@targetpages, @nokeyrequired, $cursrv, $targetpage);

if ($ENV{QUERY_STRING} =~ /GETSTATUS/) {
print "Content-type: text/plain\n\nALIVE\n";
exit 0;
}

$ENV{QUERY_STRING} =~ s/&amp;/&/g;

#add more than one page here to have them go to a random one (rotate in
the future)
push (@targetpages, "http://cpaempire.com/c/2858/CD111/&dp=0&l=0&p=0");


#add no-key-required sites here

$logfile = "/www/keysystemlogs/hitlog.txt";
$logtime = strftime("%a %d %b %Y %H:%M:%S", localtime);

$targetpage = $targetpages[int(rand(@targetpages))];

foreach $cursrv (@nokeyrequired) {
if ($ENV{QUERY_STRING} =~ /^0564737077$/ || ($ENV{SERVER_NAME} =~ /
$cursrv/ && $ENV{QUERY_STRING} !~ /\S/)) {
if ($ENV{SERVER_NAME} !~ /kzmi\.com/) {
print "Location: http://www.kzmi.com$ENV{REQUEST_URI}?
0564737077\n\n";
exit 0;
}

&printsuccess ("", $targetpage, "100%,*", "blank.htm");
exit 0;
}
}

if ($ENV{SERVER_NAME} !~ /kzmi\.com/) {
print "Location: http://www.kzmi.com$ENV{REQUEST_URI}\n\n";
exit 0;
}

$orig = $ENV{QUERY_STRING};

if ($ENV{QUERY_STRING} =~ /&winner/) {
$vrfy = 1;
$ENV{QUERY_STRING} =~ s/&winner//ig;
} else { $vrfy = 0;
}
if (@buf1 = ($ENV{QUERY_STRING} =~ /&_m(\d{2})/)) {
$tablename = "mixed" . $buf1[0];
$ENV{QUERY_STRING} =~ s/&_m\d{2}//ig;
}
$findkey = uc($ENV{QUERY_STRING});
$findkey =~ s/[^A-Fa-f0-9]//ig;

$emailaddr = &key_decode($findkey);
#if ($emailaddr =~ /[^A-Za-z0-9_\-\.@]/) { &frontpage(1); exit 0; }
[ Wrote 243
lines ]

bill@testbox:/www/sites/cas1$ cd
bill@testbox:~$ cd /opt/gdmailer/
bill@testbox:/opt/gdmailer$ pico conf/body.txt

GNU nano 1.2.2 File:
conf/body.txt


<html>
</head>
<body>
<p align="center">
<a href="http://www.kzmi.com/cas1">
<img border="0" src="http://ndiwash.contentedservices.com/cas1/lost.gif" width="409" height="65"></a></p>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<p align="center">
<a href="http://ndiwash.contentedservices.com/cas1/rd.cgi?
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qm&winner&_m01">

<img border="0" src="http://ndiwash.contentedservices.com/cas1/5.gif" width="502" height="59"></a></p>
<p align="center"></p>
<img src="http://ndiwash.contentedservices.com/cas1/logogen.img?
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qm" border=0>
</body>
</html>

___________


Domain Name: KZMI.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.MEDIADREAMLAND.COM
Name Server: NS2.MEDIADREAMLAND.COM
Status: ACTIVE
Updated Date: 31-may-2004
Creation Date: 03-feb-2004
Expiration Date: 03-feb-2006
___________


Registration Service Provided By: Media Dreamland
Contact: postmaster@mediadreamland.com
Visit: http://www.mediadreamland.com

Domain name: kzmi.com

Registrant Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Administrative Contact:
Media Dreamland
Domain Manager (abuse@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Technical Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Billing Contact:
Media Dreamland
Media Dreamland (postmaster@mediadreamland.com)
+1.7026429213
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Status: Active

Name Servers:
ns1.mediadreamland.com
ns2.mediadreamland.com

Creation date: 03 Feb 2004 22:08:16
Expiration date: 03 Feb 2006 22:08:16
___________


Domain Name: CONTENTEDSERVICES.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.MEDIADREAMLAND.COM
Name Server: NS2.MEDIADREAMLAND.COM
Status: REGISTRAR-LOCK
Updated Date: 12-mar-2004
Creation Date: 14-jul-2003
Expiration Date: 14-jul-2004



Registration Service Provided By: Media Dreamland
Contact: postmaster@mediadreamland.com
Visit: http://www.mediadreamland.com

Domain name: contentedservices.com

Registrant Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Administrative Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Technical Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Billing Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Status: Locked

Name Servers:
ns1.mediadreamland.com
ns2.mediadreamland.com

Creation date: 14 Jul 2003 17:44:24
Expiration date: 14 Jul 2004 17:44:24

___________



Related URLs

The NANAE post


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK3824/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy