Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Spam servers in subnet 170.130.34.0/24?
4 points by zenonb on Nov 3, 2020 | hide | past | favorite | 6 comments
Received some random spam from 5 servers in subnet 170.130.34.0/24. Quite "interesting setup" they have. PTR all of them point to name mx.mailhubone.com. Each server on port 80 have some revers proxy which randomly point to different website and each server have accessible over http file README with content: Description: . This directory contains Mask URL Handlers . Mask URL Handlers - Process requests from (Campaign) Emails

Deployment Instructions: . This folder need to be deployed on ROOT of WebServers (Nginx, lighttpd) . This README should not be browsable via web



Probably best to contact their hosting provider. [1] [2] Provide them with logs, email headers.

[1] - https://bgp.he.net/AS62904

[2] - http://www.serverhub.com/


Already done but no response or actions. I never seen my my life so big amount of spam servers in 1 subnet. I bet that Server Hub knows about it but like many hosting providers they don't care as spammers are paid customer.


It is not uncommon for such sites to be resellers of resellers. Such sites often disregard reports unless the activity would be enough for them to lose their uplinks. It's probably best to just block or tarpit all the CIDR blocks in their ASN and move on.


Just got email from their support, and looks like they taken down all 110 servers. Small success :)


Well done!


I counted a 110 servers in this subnet with this setup




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: