[Operators] buycc.me spam domain

Jan Pinkas pinkas at humboldtec.cz
Wed May 13 14:08:19 UTC 2015


iptables is simple and fast fix, but if spammer will change IP, it will not
work. My solution will not work, if spammer will change IP :-)

2015-05-13 16:05 GMT+02:00 Swen Lux <root at fserver.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> as this connections are coming from a single IP (i would guess) it
> should be easy to block via iptables:
>
> May 13 13:18:05 s2sout1348290   info    Beginning new connection
> attempt to buycc.me ([217.12.204.160]:5269)
>
> iptables -I INPUT -s 217.12.204.160 -j DROP
>
> Best,
>
> Swen
>
>
> On 13.05.2015 15:58, Jan Pinkas wrote:
> > Hi Thomas, thanks to s2s dialback this solution works for Prosody
> > too. But i dont know, if Prosody resolve by default via hosts file
> > and if Prosody have any type of s2s cache...
> >
> > 2015-05-13 15:55 GMT+02:00 Thomas Camaran <camaran at gmail.com
> > <mailto:camaran at gmail.com>>:
> >
> > for prosody there is a solution?
> >
> > 2015-05-13 15:38 GMT+02:00 Jan Pinkas <pinkas at humboldtec.cz
> > <mailto:pinkas at humboldtec.cz>>:
> >
> > Hi all. Solution for ejabberd: nano /etc/hosts add 127.0.0.5
> > buycc.me <http://buycc.me> save and ejabberdctl debug,
> > mnesia:clear_table(s2s), ctrl-c, ctrl-c.
> >
> > Have a nice day. pinky
> >
> > 2015-05-13 15:08 GMT+02:00 Peter Saint-Andre - &yet
> > <peter at andyet.net <mailto:peter at andyet.net>>:
> >
> > As far as I can determine, buycc.me <http://buycc.me> is a spam
> > domain, sending unwanted messages only from the cvv.me at buycc.me
> > <mailto:cvv.me at buycc.me> JID.
> >
> > Peter
> >
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBAgAGBQJVU1oOAAoJECGju7Rm3U7CCJQP/2J4XbwF32E9pDqAuPWEsX2o
> VlvmA6aeFUHBL/cBiFMEVbFqalBHOUgCNpB3G+EEqXxPu2BoHiM+FGDWFyNrQap/
> CHDHfNzKoyvv9ObOSkih86b66J5Xg2m8O6UBVPPdeQ0Lw+0sHHbLXFevEdYooNB/
> Y6TMCw6a7QtJ26ejEX3+cDMcAaLPltT2/cmnVOVi44thy5FfOMZtMgd5HFKyOsD1
> 1lB05bzAmw78lC2Wzp8QleIexYCEAQxLbzlH5jTw7lh/GHq8tbndjzBiAbFvUCql
> QvSHtuodiZSScMyDI4P8STdEAzTonJxm3udl05vq8VudjDhAXQCAnYgVbMWlQXQ4
> mPqI+OCXQft0RQh7HEHPm5HtjT6/Wpafs4v8Km1uXG9Jwi6/YiSyLubG9821U5m4
> jQ9Xbna2X9lAqnbMOOlg2GjGCgloVRWQjLSFJFqaF8V88v6VYtnNwuvgyw5VLWWC
> WhpyLCmtU1FHknghTcNiK05QBH4lXzju0BBmIa8dgCayzsgX48VCE3/ypgRqSR1j
> xCXnCFplA/3PdU9qV/dSlwYwU+hL+hG4SB1KDgDMrPR8UMoKDX0jTZD27nLk9fbW
> Jd0KTjL4E1qmWJ9N7Co2xoFNU1Xn2T2WB/4KXRDb6ZURdKFZ+8IlZYDdZik0IvND
> d/aAQNRa8YjUKYatlb6l
> =LOGz
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150513/efe2c42c/attachment-0001.html>


More information about the Operators mailing list