Third time’s the charm… of a diseased toad!
July 27th, 2004 by ReinderBecause I don't like having my time of my resources stolen from me, I am not happy with the proprietors of Adult-movies.org and Hot-gay.tk (both links go to the Sam Spade pages for the spammed URLs) who spammed this weblog three times from the same IP address ( 83.237.7.75 - may be spoofed) in the past hour or so.
Unfortunately, both domains are less than penetrable. No domain registrar that I recognise as a reliable name, so no use complaining to them (although the domainsbyproxy IDs suggest that it's a subletter for Go-Daddy who are usually responsive). However, I have reproduced what I could find in the hope that a smarter person than me can take them down.
http://www.hot-gay.tk/ = [ 63.247.77.187 ]
Rights restricted by copyright. See
http://www.dot.tk/vc001100.html
Domain name:
HOT-GAY.TK
Organisation:
PSO
PSO
481 Eighth Avenue
10001 New York
U.S.A.
Phone: 212-971-0101
Fax:
E-mail: nyk@mail333.comDomain Nameservers:
NS1.XXXNAMESERVERS.COM
NS2.XXXNAMESERVERS.COM
Domain registered: 06/12/2003
Record will expire on: 06/12/2006
Record maintained by: Dot TK Domain Reg
Drilling down using that IP address:
63.247.77.187 = [ ]
network: Class-Name: network
network: ID: 271.63.247.64.0/19
network: Auth-Area: 63.247.64.0/19
network: Network-Name: Capitalweb-550-2
network: IP-Network: 63.247.77.160/27
network: Organization;I: Capital Web
network: Tech-Contact;I: engineering@gnax.netnetwork: Admin-Contact;I: engineering@gnax.net
network: Created: 20030829
network: Updated: 20030829
network: Updated-By: engineering@gnax.net
------------------------------------------------------------------
Server Used: [ whois.pir.org ]
http://www.xxx-adult-movies.org/ = [ 63.247.77.187 ]
Domain ID: D94385143-LROR
Domain Name: XXX-ADULT-MOVIES.ORG
Created On: 28-Jan-2003 11: 56: 22 UTC
Last Updated On: 22-Jun-2003 09: 34: 03 UTC
Expiration Date: 28-Jan-2005 11: 56: 22 UTC
Sponsoring Registrar: R91-LROR
Status: OK
Registrant ID: GODA-02338325
Registrant Name: Registration Private
Registrant Organization: Domains by Proxy Inc.
Registrant Street1: 15111 N Hayden Rd. Suite 160
Registrant Street2: PMB353
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: US
Registrant Phone: 1.4806242599
Registrant Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.comAdmin ID: GODA-22338325
Admin Name: Registration Private
Admin Organization: Domains by Proxy Inc.
Admin Street1: 15111 N Hayden Rd. Suite 160
Admin Street2: PMB353
Admin City: Scottsdale
Admin State/Province: Arizona
Admin Postal Code: 85260
Admin Country: US
Admin Phone: 1.4806242599
Admin Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.comTech ID: GODA-12338325
Tech Name: Registration Private
Tech Organization: Domains by Proxy Inc.
Tech Street1: 15111 N Hayden Rd. Suite 160
Tech Street2: PMB353
Tech City: Scottsdale
Tech State/Province: Arizona
Tech Postal Code: 85260
Tech Country: US
Tech Phone: 1.4806242599
Tech Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.comName Server: NS1.XXXNAMESERVERS.COM
Name Server: NS2.XXXNAMESERVERS.COM
Drilling down again:
network: Class-Name: network
network: ID: 271.63.247.64.0/19
network: Auth-Area: 63.247.64.0/19
network: Network-Name: Capitalweb-550-2
network: IP-Network: 63.247.77.160/27
network: Organization;I: Capital Web
network: Tech-Contact;I: engineering@gnax.net
network: Admin-Contact;I: engineering@gnax.net
network: Created: 20030829
network: Updated: 20030829
network: Updated-By: engineering@gnax.net
July 28th, 2004 at 4:53 am
As always I’m not sure that putting the onus on registrars is a useful tactic. Service providers I can see, they are the one’s providing the actual service that is being abused. Its also easy for them to stop letting their service be abused.
July 28th, 2004 at 5:26 am
Registrars have one advantage over service providers: there are fewer of them. Once a spammer has been canned by a few registrars, they will have nowhere else to go.
Plus, some registrars already have anti-spam language in their AUPs. I think that validates the approach, and that as a consumer, I prefer to use the registrar that chooses to be part of the solution over the one that chooses to be part of the problem.
Not that I wouldn’t advocate going after the service provider (both the host of the spammed website and the channel through which the spamming is done) as well. But service providers are a dime a dozen and too many of them are actively evil.
July 28th, 2004 at 6:17 am
What does despammed do for you? does it de-obfuscate the spam and traceback through the headers? If so you can get the same sort of service from spamcop.net maybe you can use that while despammed is down?
July 28th, 2004 at 9:41 pm
They’re a spam-filtered email forwarder. Basically they supply me with an email address that I can safely publish on my various websites.
Transcripts of forum comments also go to my despammed address, which lets them through because they come from a server that doesn’t send a lot of spam. This is good, because I need the transcripts to be alerted to spam postings and to deal with them later.
Despammed is back up, by the way.
July 29th, 2004 at 8:37 am
don’t Ripe allocate IP ranges?
gnax.net are either fly by night or numpties – as they have no reverse dns on their name servers…
I wonder what Ripe’s views on such internet abuse is & whether they’d be willing to pull the allocated range on the abusers?