http://www.pcworld.com/article/id,138079/article.html?tk=nl_spxnws

Rock Phish May Be Using Fast Flux in Phishing Attacks

Can someone tell me what Fast Flux is, I only report, so I am not up to speed with everything lol

Angela

The use of Fast Flux is where the spammed website and spam itself is sent through rotating IP addresses usually on a botnet. What that basically means is the spamgang has infected machines on the Internet to spam and host spamming websites through. They use a bunch of them (IP addresses) at one time so that there is a small chance of the IP addresses being blocked by blacklisting organizations.

This article explains fast flux better than I can in a rushed post:

http://www.securityfocus.com/news/11473

fast flux is the system used by the spammers to rotate their sites between many hosts using DNS to point the spam domain to multiple ip addresses.

this makes it a losing battle to try to shut each host ip down.

complainterator was created in large part to combat fast-flux spam hosting.
it targets reports against the domain name, rather than the myriad hosts.

for more, see
http://spamtrackers.eu/wiki/index.php?title=Fast-flux
http://spamtrackers.eu/wiki/index.php?title=Complainterator

[edit] looks like s0tet got his post finished before I did. :p

Okay I have another question, very informative links thanks so much Guys.

In July this year a website when I post my 3D graphics from did a server Upgrade. The email address I use for this site, is for me to receive Ebots, notifications when someone posts a comment on my graphics, someone favors me, my favorite artists post something and the actual site email.

The email address has never been used for anything but this website. After the upgrade I receive to date over 20 Phishing emails per day in my gmail account.

There is a forum note complaining about this by many people saying this only started when they gave their address out for this site only.

I have heard that most Phishing Emails are due to botnets, is this a fact? And how can I get this website to check for what is causing all these emails, we are at our wits end over there, I do my bit and report them here but everyone else just whines about it, but its best to know that the actual website server is not the one spawning all the emails.

I don't know if they have done anything about it, and for me that is not right.

You guys are the experts and I have heard that so many websites are infected these days, and as I spend money on this site regularly I want to know that I am safe.

Is there anyway you guys can check it out?
Or is that asking to much, please tell me so I will not get offended but these Phishing emails are of the criminal element and everyone deserves the right to be safe online. No spam is received at all.

What I am worried about is they obviously have a leak somewhere and they have done nothing to patch it but I am going to take your advice with that sneak email.

I have never given out my home email address and I have been online for 10 years now. This I learned from my earlier days of Newsgroups, lol.

As for Selling my personal info, no I have never thought that. But I don't receive SPAM, never I receive Phishing emails and it only happened the day I signed up with this new email address and it happened to be the day they were upgrading their server and alerted everyone to the fact on their front page so If, myself and all the other users knew from this announcement who else would else know to exploit the situation.

The warning was to tell people the site was slow.

All I want is for it to stop and if its coming from their site for them to plug the leak. For Me is all about Site Security.

As they are the only site that is used for the email, where did all these phishing emails come from.

Ok

Sneak Email Address active on site, will report back tommrow and see if I still get Phishing emails if so then they will have to do something about it.

Thanks for all the info guys.

Angela

Well that was a complete failure.

The email was clean for one hour only and then I got so many Phishing emails my head is spinning, I used to get 22 or so and I got more than 50, and it has not been 24 hours.

I left a message under the Forum message at the website saying if they want help to let me know and you guys can point me to the right people so they can close the Leak once and for all, its not right.

and they are all phishing related? ebay, banks, paypal, etc?

Very strange...

Does this 3D graphics site you mention have a "public profile" area...like perhaps your e-mail address is sitting in your "Profile" area of the site, in plain text view where any robot that visits the site can grab it?

BTW, you are using sneakemail correctly, right? I've not used that particular service...but I believe you link your sneakemail address with your gmail address, and then you would give the 3D graphics site your SNEAKEMAIL address.


Though...depending on how this site works, they may not "scrape" already scraped profiles for address changes - to avoid a honey pot effect such as we are trying to "set up"

So.....the best bet would be to create a totally different account, with a sneakemail address set up to the start, wait a couple days, and report any/all findings, if you receive spam/phish e-mails to this special sneakemail address you have set up for this one site...


In fact, I'm getting antsy I might consider trying it...would you like to divulge the website URL that you believe to have "sold" your e-mail address to phishers?


OK, maybe we shouldn't jump to conclusions so quickly Make sure your e-mail address is not in plain text, sitting in some "profile" area...I know some forums have an option to show your e-mail address publicly...For example, YaBB (Yet another Bulletin Board...) forum software.

First nobody has sold my email address I noticed I was getting phishing emails when they upgraded there server, they announced to all the net that they were doing this on their front page. I am sure it was easy for the guys that steal content online to get in at that time.

The profile is only accessed by myself nobody can see you email address online at this website. If they send you an email it comes to your in box. Just put the person User name in and away it goes you don't have to know their email address.

Some people are only getting spam, while others like me have been inundated by Phishing, they are all bank, and emails where they even ask for all you personal information, like passport number and Social Security numbers .

I do not allow my email to appear anywhere on this site, they don't have this policy nor do they encourage it, that is why all of us are furious that our email address have been compromised but I don't care anymore as its a gmail one.

Sneak mail is not working anyway I have had three people open a new email address its taken them 12 hours to be flooded with either spam or phishing, so I give up on that idea.

So I am leaving it alone as its up to the website in question to fix their security once and for all.

Yes its working but I am still getting the phishing emails 20 plus per day, since that email address and the new one I added where both compromised, its definitely this site, they are in process of doing tests to see where it coming from so they can plug the leak, hopefully they will find it and nuke whatever it is, or any security hole they might have.

I don't mind reporting I don't whine like the others I do something about it as they have seriously pissed me off, you guys know about never make a women mad LOL. Well this did it for me, after been online 10 plus years and never coming in contact with this kind of criminal emails I spat the dummy like we say here in Australia and found a place right here to report.

Either way they get traced and shutdown.
And thus I am truly happy, they have been ripping people off with these money scams for too long. They might have money and resources but then so do we if we get serious about it.

sneake mail isn't going to STOP the spam, but it will prove the point that this site is indeed backdoored, infected, etc. in some sort...

I'd suggest contacting KnujOn personally, perhaps they can get some "leads" to get this site cleaned up....

Perhaps in the "move" - the "movers" installed some crap in some buried subdirectory...in my Phishtank voting experiences, I see this quite often, phish sites being hosted from like http://forums.example.com/phpBB/avatars/PayPla/index.htm or some such....you get the point....

If at all possible also forward the spams to phish@phishtank.com so they can get added to the tank, and noticed by the antiphishing community.


But either way, the administrator(s)/owners of these machines (the forum you are recieving the phish mails from) need to be contacted.

Maybe they don't know about the breach? Maybe they do...it's hard to say, but I'd find it hard to believe a reputable site, to purposely set up a phish site on their server and send out phish e-mails...but when money talks...

What can I tell you they said they were doing testing now they are mute, its not good enough it is coming from this site, nobody else has this address that I use.

Its exclusive for the site and I only get phishing emails no spam like I mention, but I will take you advice and also start posting the emails to phishtank.com thanks for the email.

I think they know about the breach but do not want to admit it and are trying to plug the leak if they found it at all.