.
http://www.businessweek.com/technology/content/may2004/tc20040517_1934_tc058.htm

Mantel says the spammers are sophisticated enough that they know how to hide the origin of an e-mail. And since many filters identify messages as spam if they come from addresses that already have sent similar junk mail, the same spam is being sent simultaneously from hundreds of IPs.

Site hosting is different, however. It doesn't jump around. Sounds like a job for Chipmunk's upcoming URL-filter. ;) Maybe we can have an option to block known Chinese IP ranges, since I can't imagine many legit non-Chinese sites are hosted there.

Randall

I don't know anyone in China.

I don't, and never have, and may never, do any business with China on any of my commercial sites.

Thus, from where I'm sitting, being able to block/dump/redirect anything and everything incoming from a Chinese IP sounds very attractive.

I always get a chuckle out of the spam sent in chinese characters. I banned a big chunk of chinese IPs a while back when our forums were getting hammered by a harvester using a chinese IP. While there is a chance that someone might be coming into our site from China, it was a chance I decided to take. At the time, I was also derided for that decision from others here in the FQ forum.

Betsy

Originally posted by TVB:

...I banned a big chunk of chinese IPs a while back when our forums were getting hammered by a harvester using a chinese IP. ... At the time, I was also derided for that decision from others here in the FQ forum.

Betsy I missed that; but I cannot understand why you would be castigated for it!

A publisher certainly has the right to choose *not* to distribute his or her content as he or she sees fit. By analogy, if you chose to distribute a magazine or newspaper only in one city, would there be something inherently wrong with that?

From a technical standpoint, I have always seen the inability to control website distribution regionally if desired as one of the most serious shortcomings of the Internet.

etLux

I set up my feedback email address to include the IP of the client.

Now I know the IP addresses of the bots that harvested the feedback address.

Too bad they didn't discuss spambots in that article. Does it follow that a site hosted in China would use harvesters operating from China's IP space? Maybe not, if the spammers aren't Chinese themselves. And even if you suppose that 71% of the spambots are based in China, those spammers can still buy lists compiled by the other 29%. Blocking spambots won't protect you from dictionary attacks either...

That's what I like about Chimunk's theory: They can hide the source of the spam, but they still have to drive traffic to an actual web site to make any money. If we can identify those sites and filter out the emails containing those URLs, it could make a dent in the stuff that's slipping past EFM, SA and whatever else people are using. Blocking all sites with Chinese IPs would appear to be a step in the right direction.

Randall

It has gotten to the point that when I detect an abusive bot from China I block the entire range, usually the first two number blocks:

210.200.105. Yes Range denied Range denied Range denied China Range denied
210.200.105.225 No - - - n/a - - - - - - n/a - - - - - - n/a - - - China - Guangdong - Guangzhou range denied 210.200.105
210.200.105.245 No 12/13/2003 - - - n/a - - - - - - n/a - - - China - Guangdong range denied 210.200.105
211.152.14. Yes 3/4/2004 Range denied Range denied China - China Channel 3.58 MB


this entire bot blocking list is here:

http://hometown.aol.com/botlist22/botlist.txt

Andi

Time for a new video:

Bots Behaving Badly

"URLs Gone Wild"?

Randall

"URLs Gone Wild"? Groan. But while groaning I do acknowledge the cleverness and good timing of this semi-pun....

Andi (definitely not flashing the forum)

Sometimes I just can't resist. :hehe:

(That would be making semi-puns, not flashing.)

Randall

道可道、非常道。
名可名、非常名無名天地之始有名萬物之母。
故常無欲以觀其妙、常有欲以觀其徴。
此兩者同出而異名。
同謂之玄。
玄之又玄、衆妙之門。

http://zhongwen.com/dao.htm

:china:

I did hear an interesting (rather frightening) statistic on China, it was on some TV talk program--I don't recall the source, but it would be easy enough to dig out the underlying figures, and it does sound plausible. It is this:

If the standard of living for the average Chinese were raised to equal the standard of living of the average Mexican, the world's consumption of oil would double.

Developed countries cannot tell China that we have already used up the atmosphere's ability to absorb greenhouse gasses. China will do as it pleases because it has a tremendous surplus of young men, having practiced the killing off of girl babies over the past generation...

Recent increases in gasoline prices are just the tip of this iceberg. And spam in your in-box is just the tip of the tip of this iceberg.

Andi

A few of my favorite spambots:
IP reverse DNS (whois)
4.13.203.115 (Genuity)
66.98.128.33 houstoncustomhosting.com (Everyones Internet, Inc.)
66.98.162.2 h10016.racknine.com (Everyones Internet, Inc.)
69.31.79.226 (Michael Coward VIBEHOSTING)
81.199.85.114 (CIDR-COMMUNICATION-01 - Chikezie Okwunakwe Nigeria)
209.13.215.165 (Telefonica Data Argentina S.A.)
211.161.24.144 (FOR GWBN XIAMEN QIANPU SECOND RESIDENTIAL COMMUNITY BROADBAND NETWORK USERS' BROADBAND ACCESS - Jian Meng, 2nd Floor, Building A, #9 Donghuan Plaza, Dong Zhong Street, East District, Beijing, China (100027))
212.247.93.6 (Quark Telecom Consulting Constellation Networks - Timothy Mahoney)
212.71.144.98 (APPLET-NET - Petr Poboril, Mattes AD, Masarykova 1117, 738 01/Frydek-Mistek, Czech Republic)
216.139.176.61 (PANAMSAT-COM-2)
216.147.153.212 216-147-153-212.globalsat.net (Lyman Bros Inc.)

Originally posted by Juan G:
道可道、非常道。
名可名、非常名無名天地之始有名萬物之母。
故常無欲以觀其妙、常有欲以觀其徴。
此兩者同出而異名。
同謂之玄。
玄之又玄、衆妙之門。 Now that I've figured out how to get the East Asian support installed again, that actually looks like something and not just a bunch of question marks. Still can't read any of it, but it looks much better. ;)

(Thanks to jiawen's (http://www.aota.net/forums/showthread.php?s=&threadid=17217) site for pointing me in the right direction. And it's a very purple place, too.)

Randall

Hmmmm...I must have installed East Asian support at one time as I saw the characters from the onset (and see them in my email which in all honesty I only think is spam and not a guest contacting me). I asked a friend the other day about the Chinese characters for a tattoo I am thinking about and she laughed at me saying she gets asked that all the time and usually gives people the characters that say, "I am an a**hole"

Betsy

BabelFish was kind enough to translate that as...

The road may say, extremely say. May, extremely famous not have mother of beginning of famous myriad things the famous world. The same as ever not wants by view its to be wonderful, the common desire by view its. This two with leaves but the different name. With says unreliably. Unreliable also is unreliable, the wonderful gate.

May I add only that possibly, possible also is possible.

etLux

Hmmmm...I must have installed East Asian support at one time as I saw the characters from the onset It was a whopping 250MB install, but I still have 7GB free on the system drive, so it won't kill me. The road may say, extremely say. Seems sensible enough to me, extremely me.

Randall

It was a whopping 250MB install, but I still have 7GB free on the system drive, so it won't kill me. Wow, 250 MB!!! I could see the Chinese signs without installing anything. I also don't remember ever installing anything on my computer to have Chinese character support (it isn't like I'm ever going to need it %)). But maybe Mozilla comes bundled with it, who knows :\
The road may say, extremely say. May, extremely famous not have mother of beginning of famous myriad things the famous world... That translation may be, extremely be. Be, extremely confusing not be correct from beginning to end...
Comprende? :P

I also don't remember ever installing anything on my computer to have Chinese character support (it isn't like I'm ever going to need it %)). It may have been loaded by the manufacturer. The Windows XP default installation doesn't include it -- first time I can remember having to dig out the XP CD for something. Perhaps the road you say in order to say very. Because famous May, it does not have the mother of beginning the very famous countless thing, the famous world. With the view, common craving wants the same is splendid with the view. But leaf another name this 2. With to some extent you say. You cannot rely on and you cannot rely on, but there is a splendid gate. After a side trip through Japanese...

There's your ruptured cravings again, etLux. :P

Randall

After a side trip through Japanese...

Sashimi anyone?

Betsy

Sashimi anyone? As long as it's saltwater fish :QTdive: [we need a fish smiley :\]

http://www.rain.org/~hutch/sashimi.html

Freshwater, saltwater -- I can't see myself eating any kind of raw fish.

Anyway, the only fish I eat comes out of a can. (I think we need a can opener (http://www.ideafinder.com/history/inventions/story080.htm) smiley.)

Randall

Originally posted by LightGuide:
BabelFish was kind enough to translate that as...

The road may say, extremely say. May, extremely famous not have mother of beginning of famous myriad things the famous world. The same as ever not wants by view its to be wonderful, the common desire by view its. This two with leaves but the different name. With says unreliably. Unreliable also is unreliable, the wonderful gate.

May I add only that possibly, possible also is possible.

etLux
:hair: %)

Thanks, etLux. Just to verify :confused: robot BabelFish's interesting -somewhat poetic- translation with human translator Charles Muller's, these first words of Chinese classic Tao Te Ching say:

The Tao that can be followed is not the eternal Tao.
The name that can be named is not the eternal name.
The nameless is the origin of heaven and earth
While naming is the origin of the myriad things.
Therefore, always desireless, you see the mystery
Ever desiring, you see the manifestations.
These two are the same—
When they appear they are named differently.

This sameness is the mystery,
Mystery within mystery;

The door to all marvels.

http://www.human.toyogakuen-u.ac.jp/~acmuller/contao/laotzu.htm (http://www.human.toyogakuen-u.ac.jp/~acmuller/contao/laotzu.htm)

Originally posted by Randall:
Perhaps the road you say in order to say very. Because famous May, it does not have the mother of beginning the very famous countless thing, the famous world. With the view, common craving wants the same is splendid with the view. But leaf another name this 2. With to some extent you say. You cannot rely on and you cannot rely on, but there is a splendid gate.

After a side trip through Japanese...

There's your ruptured cravings again, etLux. :P

Randall
Although that was Chinese (without Japanese hiragana, etc.), it's true that our Japanese friends can understand a little of written -not spoken- Chinese, since Japanese kanji originated from Chinese characters.

Well, not everything from China was spam, at least before Internet. ;)

Originally posted by Andilinks:
If the standard of living for the average Chinese were raised to equal the standard of living of the average Mexican, the world's consumption of oil would double.
Another recent statistic had Chinese as the third language (http://www.aota.net/forums/showthread.php?postid=99023#post99023) on the Internet the past year. I think that, right now, it's second on the Net after English.

Although that was Chinese (without Japanese hiragana, etc.), it's true that our Japanese friends can understand a little of written -not spoken- Chinese, since Japanese kanji originated from Chinese characters. Well, in this case I used Babelfish to convert LightGuide's translation into "Japanese": 道は非常に言うために言うかもしれない。有名な5 月、非常に有名な無数の事の初めの母を持たないため有名な世界。同じは眺めによって眺めによってすばらしく、共通の欲求とたいと思わない。 葉しかし別の名前とのこの2 。といい加減に言う。信頼できないまた信頼できないがのすばらしいゲートある。 and then back to "English" again, because there's no direct Chinese-to-Japanese option.

I have a sneaky feeling something got lost along the way. :P

Randall

# Yes, I did that just so I could post some Hiragana

More recent statistics than my previous link about main languages on the Internet:

Online Language Populations

Total: 729 Million (March 2004)

1. English 35.8%
2. Chinese 14.1%
3. Japanese 9.6 %
4. Spanish 9.0%
5. German 7.3%
(...)

Global Internet Statistics (by Language)
http://www.global-reach.biz/globstats/

Originally posted by Randall:
Well, in this case I used Babelfish to convert LightGuide's translation into "Japanese"
(...)
and then back to "English" again, because there's no direct Chinese-to-Japanese option.

I have a sneaky feeling something got lost along the way. :P

Randall

# Yes, I did that just so I could post some Hiragana
Wow Randall. !` Maybe that's the "Mystery within mystery" of what Lao Tzu was talking about. ;)

Every day I get hundreds of unwanted spam messages, and I'm not alone. This week, email-monitoring firm MessageLabs announced that more than 80 percent of all email received in the United States is spam. That number is a huge jump from a year ago, when spam accounted for almost 50 percent of all email. To return to the spam subject. Here is a small article about spam.

It's Official: Spam is a Worldwide Plague (http://www.winnetmag.com/windowspaulthurrott/Article/ArticleID/42749/windowspaulthurrott_42749.html)

Spam is maybe the thing I hate most about the Internet. After that comes hackers, virus writers and stupid forwards. But spam...it's at the top. Before Hotmail upgraded it's spam software, I was getting more spam in my inbox than in my junk-mail folder. Because of spam, I had to create another mail address, which I use when signing up in forums, because nowadays, I can't ever be sure if a website is selling users emails to spammers.

I remember when I created a new account at Hotmail, I created it in the morning, then in the afternoon, I checked it, and I already had a spam message in my inbox :)

It's crazy. And it doesn't seem like it's going to get any better soon.

Here's my latest proposed punishment for the spammers: An all-expenses-paid vacation in a Chinese prison.

Randall :devil:

Perhaps the road you say in order to say very. Because famous May, it does not have the mother of beginning the very famous countless thing, the famous world. With the view, common craving wants the same is splendid with the view. But leaf another name this 2. With to some extent you say. You cannot rely on and you cannot rely on, but there is a splendid gate.


<sound of running from the right speaker to the left speaker>

Our hero can be heard shouting gleefully in the distance:

what can I say about this elixir? ! ?

Only BQQQ.com (http://bqqq.com) can even approach saying things like this so eloquently.

Randall wisely suggested:
Maybe we can have an option to block known Chinese IP ranges, since I can't imagine many legit non-Chinese sites are hosted there.
Randall, you are an absa-frag-a-luting genius!

Between your suggestion and four days of severe weather (tornadoes... lots of tornadoes), last weekend was completely wiped out for me. Spent most of Saturday writing some test utilities, then resolving part of my current list of spammer domains, then grouping & cross referencing them. Several useful patterns did emerge.

I'm completely revising the "URL spamminess rating" mechanism so it scores 'em, much like SpamAssasin.

What I'm thinking is that all Chinese ISPs would start with a mid-range "score", then as we identify particular ISPs that carry spammers, we can increase their default score (the project admin will run a correlation tool about once a week, and project volunteers will get the new "bad ISP address ranges" next time they run the SUCKS client). Sheila made some excellent points about notifying URL-owners... those of us who use SpamCop could customize our complaints with a link to an info page about SUCKS.

In cases where we identify persistent spammer-friendly ISPs, we can even periodically :) reverse lookup hostnames for each of their assigned IPs, and :) pre-emptively ban 'em [maniacal cackle]. That won't catch the shared IPs, but just thinking about it makes me feel all warm & fuzzy.

Last weekend produced some IP ranges for Asia and China, but I would very much appreciate a definitive list. We've been getting a lot of Latin American hosted spam, so I'm also looking for a comprehensive top level list of LACNIC and each of the other major regions. I also experimented with doing some automated WHOIS queries, which in many cases are quicker and more comprehensive than just resolving the hostname, so would appreciate suggestions for any useful WHOIS servers. The ones I played with were whois.arin.net, whois.internic.net, and whois.nic.biz, but I picked those at semi random.

Depending on weather, I'll probably put a few hours this weekend into SUCKS. This new stuff is increasing the project complexity, but will also greatly improve the accuracy and usefulness. Randall, please continue to bring on the ideas! :yeah:


I'm also very glad to see you & Lux have your :) Connecticut "smartass" rhythm back. I blame Randall's vacation for the temporary disjointment, though in no way discourage you from taking more (is good to get away from the keyboard). Have you gents checked with Wasser about "castigate"? That seems like a word that might meet his demanding verbage standards.

Randall, you are an absa-frag-a-luting genius! Think so? Remember that when Chipmunk Technologies is filing for an IPO.

Anyhow, I was wondering when you were gonna show up in this thread. I mean, does Chipmunk bait get any better than this? :P

But I guess we can accept the tornadoes as a valid excuse. (Where's the Dorothy smiley?) please continue to bring on the ideas! For my latest half-***ed project, I'm taking another crack at bot-proofing contact email addresses. Stay tuned...
I'm also very glad to see you & Lux have your :) Connecticut "smartass" rhythm back. I wasn't aware that I'd misplaced it. Hmpf.

Randall

# Sooomewheeeeeere, over the 彩虹

Originally posted by Randall:
# Sooomewheeeeeere, over the 彩虹
http://babelfish.altavista.com

http://www.northern-pine.com/songs/rainbow.html

:QTband:

Randall, sorry, we're a co-op, so will never do an IPO (at least, as long as I'm still breathing). Instead, I had in mind a perfect solution to my dilemna of whether to name a chipmunk or a flying squirrel after you... yup, I'll name one of each after you! Yes, round-the-clock Randall-rodents!!! :)

Yes, this thread was such amazing chipmunk "bait", and so perfectly timed, that it drove me into hacking mode. Seriously, you :) wiped out an entire Saturday (last weekend) which I spent experimenting.

Agreed about the Dorothy smiley, though I'm confident that Arthur-the-Smiley-Wizard could make a very cool tornado smiley. http://www.aota.net/4F/chipmunk.gif


As to your bot-proofing, I eagerly await your report! The more I think about it, the more I think that a Turing test form combined with a time sensitive code in the subject line, would be simple, and very effective. It could be tied to one or more of the reserved system addresses, such as "postmaster", which theoretically one is supposed to keep viable. I'm doing this to a limited extent now, using the "webmaster" address. The only problem is I need to change the instructions to make it clearer that we're filtering on the subject line, so senders must not change it. Actually, that's :) not really a problem, because it's only been the stupid-individuals, not the worthwhile people, who decide to override the one we provide.


I think it was Lux who was thrown off by your absence. Though neither of you has done anything with two recent perfect straight person leads I've handed you. For example, surely the Tornado in a Can (http://aota.net/forums/showthread.php?postid=111965#post111965) was worthy of some comment? Did neither of you grasp the implications of the uses to which pulverized organic material can be put? Hint: it starts with "t", and ends in food. Or the Arizona spammer tent city prison (http://aota.net/forums/showthread.php?postid=112946#post112946)? Surely if Sheriff Arpaio loses the next election, he'd leap at the chance to serve in the high profile role of incarcerator of white-collar criminals.


Speaking of lead-ins... I was disappointed that Rue didn't make an appearance, after that wonderful series that JuanG, Lux, and you wove!

I had in mind a perfect solution to my dilemna of whether to name a chipmunk or a flying squirrel after you... yup, I'll name one of each after you! Yes, round-the-clock Randall-rodents!!! :sniffle: I always knew I'd be famous someday... For example, surely the Tornado in a Can (http://aota.net/forums/showthread.php?postid=111965#post111965) was worthy of some comment? Sorry, I got wrapped up in the techie stuff. :o

Randall