More Romanian spam hosts for Russian pill pushers
Regular readers of my blog articles - about security matters - know that I write a lot about spam issues. Spam is a major source of security exploits. But, some of it exploits human foolishness and could compromise your health, as well as you bank account.
I am referring to the spam for pharmaceuticals, most of which are totally counterfeit and often dangerous to your health. Many pill pushing spam links now lead to Russian websites, hosted in Romania. The latest spam run I intercepted today, pushing male enhancement pills, has a plain text link to a domain ending in .RU (a Russian domain extension). The domain is hosted at, 188.229.95.27, which is located in Romania.
Spamvertised URL: maxpenisenergy.ru
Resolves to 188.229.95.27
Host: 188.229.95.27
Location: RO - Romania
City: Bucharest
Organization: SC Techomet SRL
ISP: Netserv Consult SRL
inetnum: 188.229.95.0 - 188.229.95.255
route: 188.229.95.0/24
descr: TECHOMET
origin: AS56860
I looked into the AS56860 server (AS = Autonomous Server) and found it listed as a fraud / scam server, on MalwareURL, with 32 domains listed. All of them promoting counterfeit pills, watches or HCG. Four of its 32 domains are the name servers used to direct traffic from spam recipients to rotating destination URLs.
I checked my Russian Blocklist and found that I already had the nearby Romanian CIDR 188.229.94.0/24 on the .htaccess and iptables blocklists. Rather than add another entire CIDR, I merely changed the multiplier from /24 to /23. This encompasses every IP from 188.229.94.0 - 188.229.95.255. All of these IPs are in Romania; owned by SC Techomet SRL. The new range: 188.229.94.0/23 - is already uploaded.
If you want to block Russian and neighboring Countries from accessing your websites, on shared hoisting servers, check out my Russian Blocklist, in .htaccess format. To block them from mail servers, or ftp sites will probably require the use of the Russian iptables Blocklist, for Linux Personal Firewalls. Only persons with root access can apply the iptables rules. Everyone else must use the .htaccess version. This only works on Apache servers, based on the Unix or Linux operating systems.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.