The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

3 pointer for the Spammers

Discussion in 'General Discussion' started by PbG, Apr 15, 2004.

  1. PbG

    PbG Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    241
    Likes Received:
    0
    Trophy Points:
    16
    Spammers have a new weapon against our SPAM controls. A script embedded in the header outputs an undesireable/filterable string eg: 1/2 price Viagr*a.

    I discovered this when I tested the message against the filter expecting it to fail on "Viag" in the subject. When it did not I doublechecked the subject in the header and realized they differ and/or produce different results depending on how it is being viewed.

    In the inbox it shows up as:

    1/2 price Viagr*a

    Viewing the header (see below) returns:

    Subject: =?ISO-8859-1?b?MS8yIHByaWNlIFZpYWdyKmE=?=

    Gotta admire the tenacity of the bastards . . .

    ========== Begin Forwarded Message ========
    Return-path: <gus@studiog39mw.uncensored-hosting.com>
    Envelope-to: gus@studiog39mw.uncensored-hosting.com
    Delivery-date: Thu, 15 Apr 2004 12:24:17 -0700
    Received: from gus by studiog39mw.uncensored-hosting.com with local-bsmtp (Exim 4.24)
    id 1BECT9-0000Fl-Uk
    for gus@studiog39mw.uncensored-hosting.com; Thu, 15 Apr 2004 12:24:17 -0700
    Received: from [217.88.218.169] (helo=tenbit.pl)
    by studiog39mw.uncensored-hosting.com with smtp (Exim 4.24)
    id 1BECT9-0000Ff-61
    for gus@photographybygus.com; Thu, 15 Apr 2004 12:24:15 -0700
    Subject: =?ISO-8859-1?b?MS8yIHByaWNlIFZpYWdyKmE=?=
    To: gus@photographybygus.com
    From: "Florine A. Hathaway" <florine.hathawaypc@xcelco.on.ca>
    Message-ID: <e66401c4231f$2e4c44c0$badb78ac@g8vvls3>
    Date: Thu, 15 Apr 2004 19:22:56 +0000
    MIME-Version: 1.0
    Content-Type: text/html
    Content-Transfer-Encoding: 8bit
    X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
    studiog39mw.uncensored-hosting.com
    X-Spam-Level: ******
    X-Spam-Status: No, hits=6.4 required=7.0 tests=HTML_60_70,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,RCVD_IN_DYNABLOCK,
    RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS autolearn=no
    version=2.63


    ======== End Forwarded Message =========
     
  2. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    heh :mad:

    Thanks for sharing.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, it's nothing really new.

    If you are using spamassassin with MailScanner with bayes learning enabled, they rarely get through. Especially if you "learn" them manually.
     
  4. Spearow

    Spearow Staff Member

    Joined:
    Mar 25, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sunnyvale, CA
    that's not a script embedded in anything, just a standard subject line in iso-8859-1...
     

Share This Page