PCDVD數位科技討論區 - 瀏覽單個文章 - 巴勒斯坦駭客一戰成名

引用:

作者tsushi

Hinet的SPAM量大不大?? 光是一堆企業自己常被HINET列黑名單就知道大不大了
TANet就更爆笑了，我們還需要去跟Hotmail YAHOO等單位申請取消黑名單哩，更不要說常進RBL 清單中

說實話,我自己ISP的E-mail最近倒常常收到來自Yahoo Mail 的信 , 都被我檢舉上Yahoo
檢舉web url為 http://help.yahoo.com/l/us/yahoo/mail/ymail/spam.html
原本以為這種Mail不知道是鑽什麼漏洞之類的,來發送SPAM , 結果用自己的Yahoo帳號
才知道可以製作出以下相同的mail header , 所以肯定是由Yahoo Mail發送出來的SPAM

mail header為

引用:

From - Fri Nov 01 07:32:13 2013
X-Account-Key: account1
X-UIDL: 495dc8ca000034ce
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Received: from fas34-tag.seed.net.tw (fas34.seed.net.tw [139.175.54.145])
by mss4.seed.net.tw (v2.2.12-seednet-v1.65a) with LMTPA;
Fri, 01 Nov 2013 07:09:24 +0800
X-Sieve: CMU Sieve 2.2
Delivery-date: Fri, 01 Nov 2013 07:09:24 +0800
Received: from [139.175.54.145] (port=59872 helo=fas34.seed.net.tw)
by fas34-tag.seed.net.tw with esmtp (Seednet 4.54:1)
id 1Vc1Mi-00070t-T8
for ; Fri, 01 Nov 2013 07:09:24 +0800
Received: from seed.net.tw (sn25.seed.net.tw [139.175.54.25])
by fas34.seed.net.tw (8.13.8/8.13.8) with ESMTP id r9VN9OfV009570
for <[email protected]>; Fri, 1 Nov 2013 07:09:24 +0800
(envelope-from )
Received: from nm3-vm5.bullet.mail.sg3.yahoo.com ([106.10.148.116]:26077)
by seed.net.tw with esmtp (Seednet 4.69:2)
id 1Vc1P2-000Lrh-LD
for ; Fri, 01 Nov 2013 07:11:50 +0800
Received: from [106.10.166.112] by nm3.bullet.mail.sg3.yahoo.com with NNFMP; 31 Oct 2013 23:09:21 -0000
Received: from [106.10.167.141] by tm1.bullet.mail.sg3.yahoo.com with NNFMP; 31 Oct 2013 23:09:21 -0000
Received: from [127.0.0.1] by smtp114.mail.sg3.yahoo.com with NNFMP; 31 Oct 2013 23:09:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.tw; s=s1024; t=1383260961; bh=4wiFTEa1cJqZjDsR4F6AJ7YUO9P/U8NaQmHPFtMvikQ=; h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:From:Subject:To:Content-Type:Content-Transfer-Encoding

ate; b=fHbgf1oNPbKtnQC5ydj9PAqllKUCwhOhTJjQt3NmZajOl3QezoLcupMXpJQ2LczO/2lrR1rwGUogXiJHQi+0L7hnf/BsxgC/+mSmQaKv40cD1XLrItdeVFQebl8Jawm0otBNny+V04N45oy9xySND//mUxs0dX3vEebfb8gT7ko=
X-Yahoo-Newman-Id:
Message-ID: <[email protected]>
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 00OzNy4VM1k_t5H0HZONgbcf2QJtIa3wsQ.s.TUOhrh3STv
JlGGGxR37IjIDnLIxznD.dAhx4LUw2oR.B_pd.J5D4ukGNU.t3yVpecKn_OE
jPbtqKXfic5nNzqt1anb5lcxxI.tK4qOEVQQg0tN8mcp_1LTiyvqJ7vaxZTf
TTRInvrHm6_.4zhVcx4iV8xVCa2c9AtJOQsdouDxRqLwQzl73HUC.WH0BvCl
UPVBUsB.P63WmsnNFn3rhApPHCg3vf6OH9a0SacOfsR0YebZ9hHpx7L61hVm
EizNGO0NYkHsfGw8xcu5DQ0IFGhzMkPUYE7pJQ5hbmasTXXWZpG.9XFj8DUS
QcWwfyv3gVV9xMkT5S0D3KB2gsChRbdZaSZVtkRAGh7HRmdCzC5Qei8QPOnN
6oy0C9BYJbRMUde_C30B1vJlmZ39Sf1MIeh2TCZF6y3PnhD2z0T_RALnLjHt
uI8wCgAg8e4kbcSt9.BSMftA8hnAJ5SdFKutp4AgAogDJaMRtTywXw34nPu7
a9UracFKQRyvALRC4htFXrV_rq3xk99PQX8VrAiLj04EhkTYWec.BqzIbktm
GqhQVPi9yePZ7o92vSeP1bllI
X-Yahoo-SMTP: ezL5nF2swBAYeR4ctFi4438SLZClf2gLpQ--
X-Rocket-Received: from bB05LNjPfw ([email protected] with )
by smtp114.mail.sg3.yahoo.com with SMTP; 31 Oct 2013 16:09:21 -0700 PDT
From: =?big5?B?pm6xZKT9?= <[email protected]>
Subject: =?big5?B?pKOlzrhyufWnT6q6qGulzavTpFOms6usfrJ7pmKvwaj6pd+nWcXcqK2rrKhr?=
To:
Content-Type: text/html; charset=big5
Content-Transfer-Encoding: quoted-printable
Date: Fri, 1 Nov 2013 06:44:05 +0800
X-Seednet: Seednet AS 2
X-PMX-Version: 5.3.0.289146, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2013.8.22.173315
X-PerlMx-Spam: Gauge=XXI, Probability=21%, Report='CHARSET_FARAWAY_HEADERS 1.154, CTYPE_JUST_HTML 0.848, MIME_CHARSET_FARAWAY 0.409, KNOWN_FREEWEB_URI 0.05, DKIM_SIGNATURE 0, LOCALE_CHINESE 0, WEBMAIL_SOURCE 0, __ANY_URI 0, __CHAR_CHINESE_CT 0, __CHAR_CHINESE_SUBJ 0, __CT 0, __CTE 0, __CTYPE_HTML 0, __CTYPE_IS_HTML 0, __DATE_TZ_HK 0, __FRAUD_WEBMAIL 0, __FRAUD_WEBMAIL_FROM 0, __FROM_YAHOO 0, __HAS_FROM 0, __HAS_MSGID 0, __HELO_YAHOO 0, __HIGHBITS 0, __KNOWN_FREEWEB_URI2 0, __MIME_CHARSET_FARAWAY 0, __MIME_HTML 0, __MIME_HTML_ONLY 0, __RDNS_YAHOO 0, __SANE_MSGID 0, __SUBJ_HIGHBIT 0, __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NO_MAILTO 0, __URI_NO_WWW 0'
X-ConnectHostIP-seednet: 139.175.54.145 (2013-11-01 07:09:24)

上面header裡的橘色字就是從yahoo mail來的鐵證 , 如果有收到垃圾信 , 記住看一下mail header
有看到這種header , 別客氣向yahoo mail檢舉吧!! 每檢舉一個,就會讓spammer損失一個
yahoo帳號,甚至無法再透過yahoo送SPAM 給別人!!

但是話說回來,我的SEEDNET帳號還是很少收到過來自Hinet的SPAM , 最多的就是yahoo mail
所以,現在每天的工作之一就是向yahoo檢舉spammer ....