|
![]() |
|||||||
![]()
![]()
![]() |
![]() Great stuff - seems Bill's "testbox" is quite broken. Has a Scott Richter tie-in: cpaempire.com ________ Looks like the spammer's "Include a random text file from the hard drive in order to throw off the bayesian filters" feature is malfunctioning. This is a bit interesting, a bit amusing. [ Wrote 99 lines ] bill@testbox:/opt/gdmailer$ bash runmailer.sh bill Mailer is running. Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress... bill@testbox:/opt/gdmailer$ bash runmailer.sh bill Mailer is running. Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress... bill@testbox:/opt/gdmailer$ Last login: Sat Jun 19 15:34:37 2004 from aplushosting.co Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.8-RELEASE-p16 (kernel) #0: Sun Mar 7 13:56:55 GMT 2004 To repeat the last command in the C shell, type "!!". -- Dru <genesis@istar.ca> bill@testbox:~$ cd /www/sites/ bill@testbox:/www/sites$ mkdir cas1 bill@testbox:/www/sites$ cp -R 0003/* cas1 bill@testbox:/www/sites$ cd cas1/ bill@testbox:/www/sites/cas1$ ;s -bash: syntax error near unexpected token `;' bill@testbox:/www/sites/cas1$ ls _opt_5.gif ao.gif index.cgi logogen.img rd.cgi removepage.cgi unsubscribe.cgi _pt_5.gif canspam.gif logo.img pt.gif remove.cgi signup.cgi bill@testbox:/www/sites/cas1$ pico index.cgi [snip] GNU nano 1.2.2 File: index.cgi #!/usr/bin/perl ## ## BulkWeb - Web : index.cgi ## revision: 3.4.1 ## last updated: Jun 3 03 ## ## modified 5-11-04 to display no frame ## ## this script is the "face" of all the sites; it handles keys and no- keys, as well ## as multiple targets ## use DBI; use POSIX; my ($dbh, $sth, $sth2, $findkey); my ($id, y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386 d7977px&io=qmstring, $removed, $orig); my ($logfile, $logtime, $match, $vrfy); my ($emailaddr, @buf1, @buf2, $tablename, @matches); my (@targetpages, @nokeyrequired, $cursrv, $targetpage); if ($ENV{QUERY_STRING} =~ /GETSTATUS/) { print "Content-type: text/plain\n\nALIVE\n"; exit 0; } $ENV{QUERY_STRING} =~ s/&/&/g; #add more than one page here to have them go to a random one (rotate in the future) push (@targetpages, "http://cpaempire.com/c/2858/CD111/&dp=0&l=0&p=0"); #add no-key-required sites here $logfile = "/www/keysystemlogs/hitlog.txt"; $logtime = strftime("%a %d %b %Y %H:%M:%S", localtime); $targetpage = $targetpages[int(rand(@targetpages))]; foreach $cursrv (@nokeyrequired) { if ($ENV{QUERY_STRING} =~ /^0564737077$/ || ($ENV{SERVER_NAME} =~ / $cursrv/ && $ENV{QUERY_STRING} !~ /\S/)) { if ($ENV{SERVER_NAME} !~ /kzmi\.com/) { print "Location: http://www.kzmi.com$ENV{REQUEST_URI}? 0564737077\n\n"; exit 0; } &printsuccess ("", $targetpage, "100%,*", "blank.htm"); exit 0; } } if ($ENV{SERVER_NAME} !~ /kzmi\.com/) { print "Location: http://www.kzmi.com$ENV{REQUEST_URI}\n\n"; exit 0; } $orig = $ENV{QUERY_STRING}; if ($ENV{QUERY_STRING} =~ /&winner/) { $vrfy = 1; $ENV{QUERY_STRING} =~ s/&winner//ig; } else { $vrfy = 0; } if (@buf1 = ($ENV{QUERY_STRING} =~ /&_m(\d{2})/)) { $tablename = "mixed" . $buf1[0]; $ENV{QUERY_STRING} =~ s/&_m\d{2}//ig; } $findkey = uc($ENV{QUERY_STRING}); $findkey =~ s/[^A-Fa-f0-9]//ig; $emailaddr = &key_decode($findkey); #if ($emailaddr =~ /[^A-Za-z0-9_\-\.@]/) { &frontpage(1); exit 0; } [ Wrote 243 lines ] bill@testbox:/www/sites/cas1$ cd bill@testbox:~$ cd /opt/gdmailer/ bill@testbox:/opt/gdmailer$ pico conf/body.txt GNU nano 1.2.2 File: conf/body.txt <html> </head> <body> <p align="center"> <a href="http://www.kzmi.com/cas1"> <img border="0" src="http://ndiwash.contentedservices.com/cas1/lost.gif" width="409" height="65"></a></p> <br> <br> <br> <br> <br> <br> <br> <p align="center"> <a href="http://ndiwash.contentedservices.com/cas1/rd.cgi? y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386 d7977px&io=qm&winner&_m01"> <img border="0" src="http://ndiwash.contentedservices.com/cas1/5.gif" width="502" height="59"></a></p> <p align="center"></p> <img src="http://ndiwash.contentedservices.com/cas1/logogen.img? y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386 d7977px&io=qm" border=0> </body> </html> ___________ Domain Name: KZMI.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS1.MEDIADREAMLAND.COM Name Server: NS2.MEDIADREAMLAND.COM Status: ACTIVE Updated Date: 31-may-2004 Creation Date: 03-feb-2004 Expiration Date: 03-feb-2006 ___________ Registration Service Provided By: Media Dreamland Contact: postmaster@mediadreamland.com Visit: http://www.mediadreamland.com Domain name: kzmi.com Registrant Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Administrative Contact: Media Dreamland Domain Manager (abuse@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Technical Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Billing Contact: Media Dreamland Media Dreamland (postmaster@mediadreamland.com) +1.7026429213 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Status: Active Name Servers: ns1.mediadreamland.com ns2.mediadreamland.com Creation date: 03 Feb 2004 22:08:16 Expiration date: 03 Feb 2006 22:08:16 ___________ Domain Name: CONTENTEDSERVICES.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS1.MEDIADREAMLAND.COM Name Server: NS2.MEDIADREAMLAND.COM Status: REGISTRAR-LOCK Updated Date: 12-mar-2004 Creation Date: 14-jul-2003 Expiration Date: 14-jul-2004 Registration Service Provided By: Media Dreamland Contact: postmaster@mediadreamland.com Visit: http://www.mediadreamland.com Domain name: contentedservices.com Registrant Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Administrative Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Technical Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Billing Contact: Media Dreamland Domain Manager (ipadmin@Mediadreamland.com) +1.7026579239 Fax: 5546 Camino Al Norte #2 - 278 North Las Vegas, NV 89031 US Status: Locked Name Servers: ns1.mediadreamland.com ns2.mediadreamland.com Creation date: 14 Jul 2003 17:44:24 Expiration date: 14 Jul 2004 17:44:24 ___________ ![]() The NANAE post |
||||||
![]() The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies. |
![]() |
|