Last month was busy here working with 4 clients. There is a bad link problem on this site with many links to our SEO book site going to to an old domain name. We are fixing these with time, but the correct link to our seo book is http://www.the-seobook.com.

We had a massive spam load toward the end of February as some black botnet launched an attack on us. We’ve collected all the hosts involved and posted them at:
http://www.creatingnewworlds.org/badhosts.htm.

Please help us kill all of these hosts. Each one is doing illegal activity. Moreover, we’ve also posted this on digg.com at:
http://www.digg.com/search/page3?s=spam&area=all&type=both&search-buried=0&age=7&sort=new&section=news

Please “digg” this article to help move it to the first page.

Our goal is to move links to the badhosts listing and the larger list to over a 100 blogs to really kill the hosts involved, but this takes time and financial resources.

Magazines and the rest of the media is not doing much on this. Probably afraid of being sued by the hosts. The government has failed us in this – which means the Republicans are dead in the next election. It’s up to the millions of users to stop this. Take the hosts down.

For the second time, we’ve had a client having problems with their email through Comcast. Comcast is blocking their email when using another host, even though they aren’t spamming. Contacting Comcast about it doesn’t do anything. Comcast is on our blacklist of hosts that support spammers at:
http://www.creatingnewworlds.org/stopspam.pdf

They are also on our short list of the most serious offenders. This list is at:
http://www.creatingnewworlds.org/badhosts.htm

We use Comcast broadband services at the moment, but do not use their email because of these serious problems. We had our Comcast address deleted from our email program when we saw strong evidence that they had sold our address and we started getting spam on the Comcast address. Since we never used the address, the only way anyone could have gotten it was from Comcast.

Our advice to our clients: Don’t use the Comcast POP server for your email, and don’t use a Comcast email address on any other hosting system for people to contact you. You could very well never get that email from a potential client from Comcast blocking. And Comcast won’t tell you what they are doing. Nor can you recover damages.

The level of spam is increasing dramatically, yet hosting systems and the Bush Administration are wimpys in all of this. One particularly agressive spam host is netplace.ru, with an email address of support@netplace.ru. LOTS of illegal spam comming from this guy. We suggest millions of users stomp this host until they die with multiple botnets.

Another one from Romania that causing a lot of problems is: rdsnet.ro. Here’s the documentation for those wishing to kill it:

Project HoneyPot

The users must pick up the war here. Our black list of illegal spamming hosts is at:
http://www.creatingnewworlds.org/stopspam.pdf.
We’ve also added a few wimpy registrars there that are part of the spam game.

For over a year we’ve been black-listing spam hosts. This has been minimally effective – but some changes are in store to increase the effectiveness of our black list. One guy threatened to sue – until we mailed his spam email to his State Attorney General.

We did have two problems, however.

1. We store the spam hosts for the spam and phish we receive in Microsoft Access, then upload the list dynamically to a MySQL database on our host. Later versions of Access (the shipping product for many years) has a bug in it that prevents this from working. Last January we worked with Microsoft engineers to get this working by switching in a dll from an Access version two levels back. Now Microsoft, with one of their “automatic updates” broke this again. We don’t know when or if this will be fixed. So we give you the list now in a static PDF form that we plan to update on weekends at:
   http://www.creatingnewworlds.org/stopspam.cfm.
   Hackers and Botnets can enjoy this free blacklist of illegal operators for their fun and games!

2. The online tool we use to identify these hosts from the spam went down, probably from an attack from the bad guys. The tool is back up in a primitive form (http://www.samspade.org), so we can start trying to process our backlog with it.

We will also expand the ranking of our spam listing page. We’ve had great success in the past by using the blogs to create a blog swarm and build high traffic levels on pages. We will try that with this spam page listing now to get its traffic up.

If you don’t like this, sorry. The Bush Administration has been given the charge by Congress to stop and fine these guys. Apparently they aren’t doing it. Too many geldings and wimpys in Congress and the Administration. (You probably get to vote next month – vote a lot of these out.) The hosts have been treating this like a joke. That leaves it up to the users to stop it.

Join us in this war. Create your own black list and circulate it in through the spam blog comments to the hackers and bad guys. This eventually creates another botnet, but targeted at the bad guys. Get serious.

Here are a few good web sites for developers:

Lost your site?
You try to pull up your site on the Internet and it won’t come up. Is it your computer, the network, or your server? A quick way to find out is to go to http://www.alertra.com. For free, they will attempt to reach your site from various cities around the world and tell you how much time it takes to reach your site from each location. They also offer a subscription service if you want them to continuously monitor your up time.

Are You On a Spammer Black List?
Your mail may be filtered by various servers if you are on one of these black lists. This site will check your IP on those lists and verify your IP is good. Go to http://rbls.org.

Who sent that Spam?
So you got illegal spam. Do you know how to trace it to the source host? Use your email program to read the header. Although much of the header can be forged, those lines beginning “Received: from…” are very difficult for a sender to forge. Check your email program to find out how to read the header, then look for those “Received: from…” lines going top down – remember, the header is tracing backwards through the various relay points. The last one is generally the one with the IP of the sender’s host. Here is an example of the last “Received: from…” line from an illegal spam today:

Received: from source ([59.23.108.165]) by exprod7mx54.postini.com ([64.18.6.10]) with SMTP;
Tue, 06 Jun 2006 09:04:12 EDT

This spam is from a host at 59.23.108.

Take that IP and go to http://www.samspade.org or http://www.netsol.com or http://www.tucows.com to find the spammer’s host.

Any email listing on this registrar is often non-functional or, in some cases, an abuse email listing that generates only an auto-reply. The best way to stop the spammer is to put the IP on your own black list (as we do) and make it available to hackers for their fun. You have to take charge of your own spam problem.

How is Your Internet Speed?
What’s your true Internet speed? You can use the web site at http://bandwidthplace.com/speedtest/ to test your site and get your speed.

How’s Your Firewall?
This site will test your firewall, check to see you have no reverse DNS (generally, you do not want reverse DNS), and tell you your current IP. All free. This is Steve Gibson’s famous Shields Up site”
>https://www.grc.com/x/ne.dll?bh0bkyd2.

How’s Your Anti-Virus?
GFI will test your anti-virus protection free at:
http://www.gfi.com/emailsecuritytest/, but don’t expect to past this. They sell the really good enterprise-level stuff, so your home system may not pass this one.

Note: the anti-virus and firewall testing tools will NOT damage your system, but if you are on a network you should check with the network administrator first. He may get worried if he or she sees someone trying to get through the network defense system.

One of our clients recently complained that suddenly they couldn’t send any email. Their outgoing email (SMTP) was through Comcast, and it was being was filtered with a spam filter. The commercial black list used for that had their IP listed as a spamming IP and blocking their outgoing email. Their outgoing IP belonged to Comcast.

Comcast uses dynamic IP addressing by default. About once a week, they tell me, the IP is reset. Normally, it’s reset to the same value. About once a month, however, it is reset to a new IP. The new IP he got was black listed as a spamming IP.

Comcast has a serious problem with this. On our own black list at:
http://www.creatingnewworlds.org/stopspam.cfm
we list several Comcast IPs that have spammed us. This list is public, and goes to hackers with our encouragement. These incoming emails are illegal. We notify Comcast on their abuse email at the current time when this happens, but so far they have not replied except with an auto-reply and they seem to have no concern about clearing any listing here. The resulting IPs would be unstable along with their host system because we encourage hackers to use this list for their development and nuking.

If you wish to see if your own IP is listed on the commercial black lists, you can check:
http://rbls.org

Just remember – if you are using Comcast, you have no assurance that the IP they roll into you is clean. If you have your own host for email and use Comcast for SMTP, you should be sure your host has a good spam filter (using a commercial black list) and can protect you.

With a Bush Administratin and Congress that seems owned by te DMA, the business of stopping spam is in your own hands. And yes, it can be controlled. To quote Jim Louderback, Editor-in-Chief at PC Magazine:

We can’t rely on someone else to fix this problem…Although the bad guys are ultimately to blame, each of us, individually and collectively, holds the power to wipe them out. “

First line of Defense

Our host has a spam blocker for all our email. If you host with us, we can provide you with a spam blocker for $10 a year. We also have a spam blocker on our personal system that catches some of the stuff that gets through. If spam or a phish makes it this far, the IP and domain goes into our black list that is at:
http://www.creatingnewworlds.org/stopspam.cfm. This goes to hackers that like to nuke hosts that pass spam. Sometimes (for U.S. hosts), we’ve notified the state attorney general. After all, it is illegal (as a result of the CAN-SPAM act.) To get off the black list, the spammer has to pay us a fine.

There are many black lists out there maintained by various companies and people. There are also servers that send out automatic updates on these lists to those that subscribe to them. Ours is free.

Once you are aggressive on this with your own black list, you better have good protection on your system as the bad guys will target you. You need good antivirus, both hardware and software firewalls, and a good anti-spyware system.

Protecting Your Web Design

Never put your email address on any of your web pages. There are plenty of those bad guys that farm pages to get email addresses off the source code to spam and phish. Use a form for people that wish to contact you. Our contact form is at http://www.netadventures.biz/opmcontact.htm. You can look at the source for this page and see an email address, but it is a virtual address and won’t work. The form processor on the host converts the virtual address to a real address and the form works – and we are protected.

Stopping Blog Spam

After we got 27 blog spams in one hour (we think someone was targeting our blog), we realized we had to do something. We added a really good spam blocker to our blog, and even the bad guys are complementing us. If someone spams our blogs now, they get a warning. If they continue to spam, the blocker gets more aggressive. Moreover, the blocker learns with time and gets better the longer, automatically creating its own black list. It is totally automatic – no work on my part. If you do send a real comment and it gets blocked, use our comment form to let us know. The thing stopped 11 blog spams the first day.
What About You?

If you need help in this for your system, we are available. We can even help you start your own black list. Contact us by phone or email.

We maintain a black list of IPs and domains that have spammed or phished us. This list is saved on our local computer in Microsoft Access and periodically uploaded to a MySQL table on the host that is made available to hackers, the FTC, and (when relevant) to individual state Attorney Generals. In mid-January this system failed and we’ve been working with Microsoft and various MySQL forums to try to resolve the problem.

The problem is resolved now and the black list is now again online. You can find it at:
http://www.creatingnewworlds.org/stopspam.cfm
We’ve kept the local Access table updated during this time, so no information was lost. We encourage others to create their own black lists and distribute them until authorities are willing to take the lead. We will post more details on how we do this later.

The problem, we discovered, was a major fault in Microsoft Access. Several users have discovered and reported the problem; but Microsoft has done nothing at this time to fix it. The problem is in the module msjet40.dl. It apparently started causing problems when we updated our Windows 2003 SP3 to SP4. Some users resolve the problem by reverting to older SPs, but Microsoft asked us to stay with SP4. Instead, we had to replace the msjet40.dll module in Access with another MSjet40.dll two versions older, using version 4.0.62180. (Some users, apparently, succeed by going back only one version.) The problem with replacing, however, comes in that the protection scheme in Windows prevents you from putting older modules in newer versions of the program. So you have to go into the registry and turn this protection off before you can replace. And there is no standard rule on this.

Thanks, Microsoft, for your help. But wouldn’t it be better for you to just fix the problem.?

Our spam load has increased dramatically during the last few weeks in spite of spam filters on our host and system. We trap the IPs and domains of spam hosts and load them to a database. This is our black list, and is available and uncopyrighted at http://www.creatingnewworlds.org/stopspam.cfm.

Note: This page is temporarily down. We upgraded our Windows 2000 from sp3 to sp4 and lost the driver that updates the MySQL database in the process. We hope to have this page back soon. The local Access file is still being updated during this time.

The government is doing very little. We just mailed our end-of-year copy of this to the FTC, President Bush, and one of my senators, Senator Ron Wyden. We’re giving them a few suggestions. Here is Senator Wyden’s copy of the letter. Then we’ll tell you what you can do:

Re: Failure of CAN-SPAM Act

Please find enclosed a listing of the spam reaching my system that is illegal or fraud. The FTC is supposed to be finding these and stopping this using the CAN-SPAM act, but it is obvious that the CAN-SPAM act is a total failure. In fact, looking at this indicates that their recent 100+ page report on the FTC “success” with the CAN-SPAM is spin, not facts.

As the government has failed to stop the spams, we are putting the domain name and domain name of spam that reaches us online in a public database and encourage hackers to destroy the IPs and domains. The IP, then, becomes dead for whoever uses it next. That is the only alternative we have at the moment. The page, located at http://www.creatingnewworlds.org/stopspam.cfm, has a very good PageRank of 4 on Google. We blog the page. When we get a gripe or someone threatening to sue, we send their illegal email to their state attorney general (when they are US based) and that stops them. We’ve had no foreign complaints. As other people do this (which we encourage), there is an erosion of available IPs. Spam has to be stopped at its source.

In my world, if I had employees at the FTC with this level of failure I would fire them. Failure to do this puts the responsibility of the failure directly at the commission of the FTC and on the President, to which the commission reports.

Here are some suggestions I would encourage you very strongly to make:

1. Raise the current fine level to finance what needs to be done. Germany charges $65,000 a spam. (This probably requires an act of Congress). Without the proper resources and if doing nothing, you are sending a message that the government (Administration and Congress) is owned by the DMA. Is that the message you and the President want to send?

2. Enforce the fine. They break the law, they pay the fine. No nice talk.

3. Return a portion of the fine (10% split between whoever reports the IP) to the people reporting the spam to finance their processing.
4. Hold accountability at the FTC. Fire when people aren’t doing their job..

I will be blogging what the FTC, the President and Congress does. This letter is in a blog posted at http://www.netadventures.biz/wordpress.

What You Can Do
Here are some suggestions on what you can do.

• Build you own black list of the sites that the spam email points it. We put some email addresses in our database for sources of the spam. For example, if the spam tells you to go to http://www.thisdomain.com, then put that domain and its IP in the database.

• If you want to include the host systems IPs and domains of where the email spam is coming from, we have a $15 dollar paper that shows you how to read those email headers. Certain lines in the header can’t be forged. The paper tells you where and are and how to use them. Order from our store.

• Fire your listing off to the FTC, the President, and your senators and representatives. Remember some of them are up for election next fall. Don’t try to blackmail them with your vote. they are already running scared – or should be. Don’t be a one-issue voter next fall, but hold your senator and representtives accountable.

• If someone complains about being on the list and they are in the U.S., send the information to the state Attorney General where they reside. Keep your spam email so you can send that to the Attorney General. We never get complaints from foreign hosts.

• Know the CAN-SPAM Act so you can tell when they violate it. Use the Federal Trade Commission’s web site to find that.

• Hack the spam hosts if you like. They are already illegal.

Have fun. If you want to use our ColdFusion program on stopspam.cfm, go for it. Look at the source code and copy and paste into a page on your site. Change the database pointers to your own web site. Change fields as necessary. We just put the IPs and domains in a local Access database and then upload it periodically to the MySql database on the host. Very simple. Check with your host on how to do this. Change hosts to our host if they can’t

If you are like us, you have been angry at the increasing level of spam and the whippy laws from Congress that do anything to stop it. So we found the only way to stop it is to take the lead ourselves. We have spam filters on our host and local system. Also, we’ve been compiling our own public and uncopyrighted black list of spammers and publish it online with an invitation to hackers to use this database to develop their own viruses, trojans, and spyware. In other words, hackers can take the lead by launching denial of service and other attacks on the illegal sites. You can find our current list at:

http://www.creatingnewworlds.org/stopspam.cfm

Have fun!

The IPs listed here are only those that have spammed us. You can’t send us an IP to add to the list. Build your own black list and advertise it, like we do.

Remember a couple of things:

1. If you are a host service, I have no way of tracing the originator of any email. I can trace it back to the host, but no further. That means you, as a host, are legalaly liabel for anyone using your host to send spam.
2. Many times a spammer will hijack an innocent system an use it for their dirty deeds, using the innocent system to send their spam. This means you can be liable for spam from your computer if you don’t put adequate protection on it.

You may see some prominent IPs on this list. There are several on the list hosted by yahoo.uk, for example. Spammers are using that host to sell prescription drugs using illegal email from blind accounts. We’ve written Yahoo.uk on this, but they have done nothing. So we are asking hackers to shut down multiple IPs on this host that are being used for this.

Many sites are now building links into our black list. Thank you very much! This pushes our black list higher in the search engines and helps make everything work better. Some of these IPs have already moved onto the commercial black lists, such as postini’s, that are used by commercial hosts for controlling spam.

This disadvantage of this strategy is that more and more IPs are killed, and there is a shortage of IPs on the Internet. My first priority, however, is to protect my computer – not the spammers. Will President Bush, Congress, and the FTC every wake up to this or do we have to do it?

Like Germany, we should have a high federal fine for the spammer (I think it’s $65,000/spam in Germany). That would finance the FTC operation. A portion of that should be kicked back to whoever reports a spammer to the FTC to cover their reporting cost. How about it Congress?