Jump to content



Photo

China won't stop spamming me!


  • Please log in to reply
21 replies to this topic

#1 C-Squarez

C-Squarez

    ARE YOU IN THAT MOOD YET?!?!

  • Tech Issues Solved: 1
  • Joined: 26-May 05
  • Location: Celebration, Florida

Posted 27 July 2014 - 11:07

I have gotten over 1100 spam emails from China in the last 3 hours. I've tried to block the IP addresses but there are too many. How do I STOP China from sending spam emails to my website?




#2 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 July 2014 - 11:43

Going to need a bit more info here, do you run your own email server. What server? What is the domain they are sending too, are they sending to 1 email address?

Can we see the headers of these emails, you say sending to your website - when you don't send mail to a website. You send email to an email server, for a specific address that that server accepts mail for, etc.

More than happy to help you - but we have nothing to work with here.

#3 OP C-Squarez

C-Squarez

    ARE YOU IN THAT MOOD YET?!?!

  • Tech Issues Solved: 1
  • Joined: 26-May 05
  • Location: Celebration, Florida

Posted 27 July 2014 - 11:47

Going to need a bit more info here, do you run your own email server. What server? What is the domain they are sending too, are they sending to 1 email address?

Can we see the headers of these emails, you say sending to your website - when you don't send mail to a website. You send email to an email server, for a specific address that that server accepts mail for, etc.

More than happy to help you - but we have nothing to work with here.

 

And that is why we have intelligent individuals like yourself, to tell me what I'm missing lol. Now when you say my own email server, I'm guessing yes. My website is hosted by StableHost and yes they are sending to one specific email address.

 

As far as the header of the email, where would I find that? Is this it?

Received: from chriscob by ssd10.stablehost.com with local (Exim 4.82)
    (envelope-from <chriscob@ssd10.stablehost.com>)
    id 1XBMnG-001O3h-G2
    for info@coburnconsultgroup.com; Sun, 27 Jul 2014 07:39:10 -0400
To: info@coburnconsultgroup.com
Subject: New inquiry from christian louboutin mistica 60 pumps
X-PHP-Script: coburnconsultgroup.com/ajax.php for 120.37.237.21
From: 'christian louboutin mistica 60 pumps' <jjkui778hgtf*@gmail.com>
Reply-To: 'christian louboutin mistica 60 pumps' <jjkui778hgtf*@gmail.com>
Message-Id: <E1XBMnG-001O3h-G2@ssd10.stablehost.com>
Date: Sun, 27 Jul 2014 07:39:10 -0400

Thanks for your help.



#4 ArtistX

ArtistX

    Neowinian

  • Joined: 14-November 12
  • OS: Windows 8.1 Pro x64 - Windows 7 Ultimate SP1 x64

Posted 27 July 2014 - 11:48

depends on your email client/server and operating system



#5 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 July 2014 - 12:54

That for sure is not the full headers, unless it looks like they sent it from script on your site?

IP that used your script

inetnum: 120.32.0.0 - 120.39.255.255
netname: CHINANET-FJ
descr: CHINANET FUJIAN PROVINCE NETWORK

Why don't you just block them at your webserver so they can not access that script, you host should be able to help you with that. Could be something as simple as .htaccess to that ajax.php script your using to send the email on the contact section of your website I would assume.

Looks like your running litespeed for your webserver. htaccess should be supported something along the lines of

Order Deny,Allow
Deny from 120.37.237.21

Should block them from your site. So does your hosting company give you access to firewall for your server/site - guessing its just a shared server not dedicated or yours only?

you could use say deny from 120. to block anything starting with 120.. You can look up country Ips, here is one resource not sure on how accurate it is http://www.nirsoft.net/countryip/

#6 ArtistX

ArtistX

    Neowinian

  • Joined: 14-November 12
  • OS: Windows 8.1 Pro x64 - Windows 7 Ultimate SP1 x64

Posted 27 July 2014 - 12:57

expanding on what Budman said, this might help you

 

http://www.parkansky.com/china.htm



#7 Night Prowler

Night Prowler

    Root Access

  • Joined: 26-August 01
  • Location: Wilmington, NC

Posted 27 July 2014 - 13:03

expanding on what Budman said, this might help you

 

http://www.parkansky.com/china.htm

 

Not sure how that is going to help him with mail spam



#8 ArtistX

ArtistX

    Neowinian

  • Joined: 14-November 12
  • OS: Windows 8.1 Pro x64 - Windows 7 Ultimate SP1 x64

Posted 27 July 2014 - 13:05

add the ips to filter in his mail server



#9 +ChuckFinley

ChuckFinley

    member_id=28229

  • Joined: 14-May 03

Posted 27 July 2014 - 13:12

I know it sounds daft but just file an abuse report with their ISP? Should have the details on the WHOIS.

 

Report it to the FBI?

 

http://www.fbi.gov/r...reats-and-crime



#10 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 27 July 2014 - 13:31

The first thing I do on all my VMs is use iptables to block all chinese and russian IPs... Obviously not all are covered by the online lists, but it covers a lot and you can just add subnets of any that get around it.

 

Do that and watch as you stop getting spam.



#11 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 July 2014 - 14:43

There is not really a mail server involved here, this traffic from the headers is not being sent via smtp.. They seem to be accessing a script that sends the mail to him. So yeah the ArtistX stuff should help - looks to be info an crafting htaccess files to block netblocks. Exactly what the OP should be looking to do to prevent unwanted countries from access his contact me script. Which is what this looks to be using to send the mail

X-PHP-Script: coburnconsultgroup.com/ajax.php for 120.37.237.21

#12 shozilla

shozilla

    Neowinian Senior

  • Tech Issues Solved: 8
  • Joined: 11-January 09

Posted 27 July 2014 - 14:52

If you have webmail or form on your web pages, you can add the filters as other said that you can block IPs so they  can not access or email.

 

Or you can add captcha to the form or webmail login.

 

You can do both if you want.


Edited by Walid W., 27 July 2014 - 15:57. Reason: Edited wemail to webmail


#13 +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 27 July 2014 - 15:35

As Budman said, they are using a PHP script on your site to email you.  Look at:

 

1) Catcha

2) Time delays between multiple emails from ip addresses

3) On the script, check that it only receives input from your site

 

There are more but these are 3 easy ones.



#14 +MikeChipshop

MikeChipshop

    Miniman

  • Tech Issues Solved: 3
  • Joined: 02-October 06
  • Location: Scotland
  • OS: Windows 8, iOS, Android, WP8
  • Phone: HTC 8X / Nexus 5

Posted 27 July 2014 - 16:10

Get a honeypot set up on your site. They've discovered a form they can easily manipulate and they are. It's an automated bot.



#15 Hussam Al-tayeb

Hussam Al-tayeb

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 01-October 12
  • Location: Lebanon
  • OS: Linux

Posted 27 July 2014 - 16:20

You may also want to take a look at cloudflare. It blocks a lot of a web based attacks.

It obfuscates email addresses on websites so they don't show for bots.

The amount of spammers getting to your 'email forms' or 'contact me' forms will be much less.

 

What happened in your case is a bot crawled your website. It saw the email address and the contact form.

Add a captcha to the contact form.