|
How to stop kiddy porn e-mails, wanna-be stalkers, and attacks from mutants
Sure, we all get tons of Klez-H type auto, generated e-mail viruses.
But say you have some stalker that is so frustrated by their lack of importance, creative impotence and total rejection by society that they won’t quit. There is an answer. Trace the e-mail. Contact the e-mail SOURCE, repeatedly and as a doggedly as the malformed Internet “user” does to you. Then set up filters to simply erase the next similar type of e-mail from coming in. Here’s a very silly, juvenile and jealous repeated e-mail I kept getting (though the From: line changed). ----------------------------------------------------------------------- From: dillonthomas77 [dillonthomas77@yahoo.com] Sent: Wed 1/15/03 8:06 PM To: greggdilorenzo@greggdilorenzo.com Hi,greggdilorenzo,some questions --------------------------------------------------------------------- The e-mail has no text in it, of course, but my firewall stripped the malicious attachment immediately and warned me… RULE ONE – Set you firewall or E-mail client to “quarantine” all attachments to a closed area of your hard disk. This is not hard at all, depending on the actual program or client it should take 2-3 steps. RULE TWO – Right click the actual e-mail in your e-mail (using outlook) and choose “options”. Copy all the text to a text processor: Return-Path: <klacey@au00.com> Received: from au00.com ([210.18.218.2]) by lsh100.siteprotect.com (8.9.3/8.9.3) with SMTP id TAA27859 for <greggdilorenzo@greggdilorenzo.com>; Wed, 15 Jan 2003 19:05:35 -0600 Date: Wed, 15 Jan 2003 19:05:35 -0600 Message-Id: <200301160105.TAA27859@lsh100.siteprotect.com> Received: (qmail 26490 invoked from network); 16 Jan 2003 01:01:15 -0000 Received: from tory-177.gateway.to.the.fraser.coast.au00.com (HELO Iamoozahd) (210.18.218.177) by sarah.maryboroughqld.com with SMTP; 16 Jan 2003 01:01:15 -0000 From: dillonthomas77 <dillonthomas77@yahoo.com> To: greggdilorenzo@greggdilorenzo.com Subject: Hi,greggdilorenzo,some questions MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=E9MZ80N4f3832z9RP Ay yes, this “klacey@au00.com” has been stupidly diligent lately, like a “VILLAGE” idiot… I recognized this name. RULE THREE – Right click in the message body and do “view source” Copy this text as well… HTML><HEAD></HEAD><BODY iframe src=cid:RC9YL7j5U4H5MUjY50 height=0 width=0> /iframe> FONT></FONT></BODY></HTML [altered this so it displays here] Ah… I won’t get into hex codes here, but this type of approach betrays the ignorance of the sender very clearly. The fact of the matter is that if step one isn’t followed, problems arise from the attachment here. RULE FOUR - Go to a e-mail tracking service, such as http://spamcop.net, sign up for a free account and then paste all of the above info into the submit box. Press enter, and wait for the program to work. Possible spammer: 210.18.218.2 210.18.218.2 is not an MX for au00.com host au00.com (checking ip) = 210.18.218.12 210.18.218.2 is not an MX for au00.com ips are close enough Taking name from IP... host 210.18.218.2 (getting name) no name Received line accepted Received: (qmail 26490 invoked from network); 16 Jan 2003 01:01:15 -0000 no ip found in received line Ignored Received: from tory-177.gateway.to.the.fraser.coast.au00.com (HELO Iamoozahd) (210.18.218.177) by sarah.maryboroughqld.com with SMTP; 16 Jan 2003 01:01:15 -0000 host 210.18.218.2 (getting name) no name 210.18.218.2 not listed in opm.blitzed.org Possible spammer: 210.18.218.177 210.18.218.177 is not an MX for tory-177.gateway.to.the.fraser.coast.au00.com host tory-177.gateway.to.the.fraser.coast.au00.com (checking ip) = 210.18.218.177 Taking name from IP... host 210.18.218.177 (getting name) no name Chain test:sarah.maryboroughqld.com =? au00.com host au00.com (checking ip) = 210.18.218.12 210.18.218.12 is an MX for maryboroughqld.com 210.18.218.12 is mx sarah.maryboroughqld.com and au00.com have close IP addresses - chain verified Possible relay: 210.18.218.2 210.18.218.2 not listed in relays.ordb.org. 210.18.218.2 has already been sent to relay testers Received line accepted Tracking message source: 210.18.218.177: Routing details for 210.18.218.177 [refresh/show] Cached whois for 210.18.218.177 : benc@iexec.com.au Using last resort contacts benc@iexec.com.au Whois found benc@iexec.com.au ISP has already cancelled the account used to send this spam. ISP resolved this issue sometime after Thu Jan 16 01:01:15 2003 GMT Wednesday, January 15, 2003 8:01:15 PM -0500 210.18.218.177 not listed in formmail.relays.monkeys.com 210.18.218.177 not listed in opm.blitzed.org 210.18.218.177 not listed in relays.ordb.org. 210.18.218.177 not listed in query.bondedsender.org Finding IP block owner: Routing details for 210.18.218.177 [refresh/show] Cached whois for 210.18.218.177 : benc@iexec.com.au Using last resort contacts benc@iexec.com.au RULE FIVE: Make sure it IS SPAM, and then take the appropriate actions, like contacting the administrator. If you are polite, they usually respond, though it might take a few tries! You can see they cancelled that user’s account. It worked. This doesn’t mean the mutant won’t just jump to another server of mailer system. But he/she had to actually “work” for a second, thus our mission is successful. I feel 1,000,000 issues would be resolved if people simply stated their real names and addressed REAL issues they have with members of this planet earth. But this is an idealist dream that never will be realized. In the mean time – TURN OFF THE SPAMMERS E-MAIL ACCOUNTS…. Contact the administrators! Peace and love from NYC. http://heqdvd.com (newly updated) |
| All times are GMT -4. The time now is 06:51 AM. |
Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
2013 - xnations.com