da-spaminator 2.0

If you have a program or script that you'd like to give away or sell, this is the place to do it. All offers should include contact info.

Moderators: BBear, theunknownhost, flaguy

Post Reply
User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

da-spaminator 2.0

Post by Arf » Sun Mar 06, 2005 8:34 pm

I've been working hard on a major upgrade to my dictionary spam software. I've rewritten the way it blocks spam twice since version 1.0. Version 1.5 never went public because I still wasn't happy with it. 2.0 is just coming out of development with all the features I wish the others had. Here's how it works. Any insights on logic problems would be welcomed.

The new algorithm blocks a wider variety of dictionary spams. Where the old algorithm checked for emails that all had the same first letter in them this one checks to see if the sender is sending to multiple (you set the threshold) invalid email boxes.

Feature list (in this list X,Y and Z are variable numbers that you set according to your preferences)

- If sender tries to send one message to X invalid and "0" zero valid email boxes, it's probably spam. You can set X depending on your comfort level. If even one email address is valid, the sender is not flagged (this is very conservative and errs on the side fo safety).

- You can limit the overall quanity of IP addresses that are blocked. For example, you can block only the last Y dictionary attackers. This way, old IP addresses are opened back up again (unless, they are repeat offenders)

- Repeat offenders: What if sender gets blocked, and then later this IP is opened back up and the offender repeats the offense? The offender can repeat offenses Z times before they become a permanent member of the block list.

- Editing is done via FileManager and a simple text file rather than rooting into the /etc/mail/access file and trying to figure out that syntax.

- All host IPs on server are automatically white listed.

- White list and black listing is available.

- Logs are sent daily, or hourly or not at all.

- Debug mode provides more details.

- Test mode does everything but update the server.

- IP addresses are included in error messages sent to senders

- Reverse lookup of IP addresses is an option (but not recommended due to server loads)

- FREE UPGRADE: Anyone kind enough to have purchases 1.0 automatically gets 2.0 for free and I will install it for free as well. Contact me via the support address to be put on the list for upgrades - include your name, phone and server name (so I can keep track). Please do not PM me to get on the upgrade list.

One arguement that Chad has pointed out, is why not just block all email sent to invalid email boxes. Reason: some clients customize their email boxes outside of the ordinary channels that would create a lot of false positive blocks. In fact, the new SpamVault will provide an enhanced bypass box. Sort of like the current bypass-box, except that you can use many names on the bypass-box rather than just one. I use it a lot for temporary throw away email boxes.

CURRENTLY IN BETA: I really want to kick the tires of this baby for a few weeks before releasing it. If you want to beta test it (you have to be able to install it yourself) please contact me and you'll get a free copy. My guess is that I'll start installing it after March 20th. So far it's been working perfectly on my server but I'd rather be safe than sorry.

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Wed May 04, 2005 3:04 pm

2.0 is now available in the store for those who are interested. I'll start upgrading v1.0 owners who requested it in the next week.

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Mon May 23, 2005 2:30 pm

I wanted to give an update on da-spaminator 2.0. I'm really having good luck with it as it catches about 250 - 500 dictionary spam attacks per day. The amount of actual email traffic that represents is typically 10 times that much. I've gotten a database of about 39,000 IP addresses that have dictionary spammed. But because the program rotates out the older IPs I'm not having to unblock very many - about 45 our of 39,000 in 3 months.

One item that is coming to light is that a vast minority of IP addresses are used more than once. Of the 39K IPs, 71 have been used twice or more. I've got the program set to permanently block any IP that repeats so I won't ever hear from them again.

Anyway, since version 1.0 and the complete rewrite, I've had less support requests from hosts who have purchased it, which to me indicates that it's working well.

rldev
Hosting Superstar
Posts: 1067
Joined: Tue Aug 05, 2003 10:17 pm

Post by rldev » Fri May 27, 2005 2:40 am

Hello Thomas,
How do I get 2.0. I never received this. Where should I email you? Thanks. 2.0 looks great!

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Fri May 27, 2005 12:40 pm

Rocco,
If you have version 1.x the upgrade if free. Otherwise you can purchase 2.0 in the store http://alahosts.com/catalog. If you have 1.0 or any of my other products you should have been given my product support email address of: spamvault[at]thesupportdesk.com

Talk to you soon.

So far 2.0 has been working very hard with a minimum amount (although I wish it were zero) of false positives. Thus far the majority of false positives come from people who's ISPs provide them with dynamic IP addresses. Unfortunately, there are a lot of poisoned IPs on the net. Still, 45/39,000 isn't a bad ratio.

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Mon Dec 26, 2005 9:22 pm

Da-Spaminator 2.5 is now available (no charge to existing users. Write to support for info on getting the free update). This is a feature upgrade not a bug fix so it jumped from v2.2 to 2.5.

The new version will rotate out the old IP database logs after it fills with 50,000 (default number) IP addresses. Anything over 50,000 is probably putting undue strain on the servers.

If you're a user who has had me install the program, contact me when you get a report of over 40,000 IPs in the database (this can take a long time) and I'll install the new version for you at no charge.

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Thu Jan 05, 2006 5:33 pm

Bbear Found a bug in my program and brought it to my attention. You're probably not getting da-spaminator reports since Jan 1. (You probably forget you were supposed to! LOL ). The programs working away, just not sending emails.

Anyway, the fix is easy, open the file list.day.log in FileManager and change the number to the day of the year for yesterday. In other words, if today is January 5, the number would be 4. If it's February 3, the number is 33. The program will start sending letters once again. It got messed up after the 356th day of the year.

Sorry for the inconvenience and thank you to BBear for pointing this issue out. This bug will be fixed in the next version.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest