Third time’s the charm… of a diseased toad!
July 27th, 2004 by ReinderBecause I don't like having my time of my resources stolen from me, I am not happy with the proprietors of Adult-movies.org and Hot-gay.tk (both links go to the Sam Spade pages for the spammed URLs) who spammed this weblog three times from the same IP address ( 83.237.7.75 - may be spoofed) in the past hour or so.
Unfortunately, both domains are less than penetrable. No domain registrar that I recognise as a reliable name, so no use complaining to them (although the domainsbyproxy IDs suggest that it's a subletter for Go-Daddy who are usually responsive). However, I have reproduced what I could find in the hope that a smarter person than me can take them down.
http://www.hot-gay.tk/ = [ 63.247.77.187 ]Rights restricted by copyright. See http://www.dot.tk/vc001100.html Domain name: HOT-GAY.TK Organisation: PSO PSO 481 Eighth Avenue 10001 New York U.S.A. Phone: 212-971-0101 Fax: E-mail: nyk@mail333.com
Domain Nameservers: NS1.XXXNAMESERVERS.COM NS2.XXXNAMESERVERS.COM Domain registered: 06/12/2003 Record will expire on: 06/12/2006 Record maintained by: Dot TK Domain Reg
Drilling down using that IP address:
63.247.77.187 = [ ]network: Class-Name: network network: ID: 271.63.247.64.0/19 network: Auth-Area: 63.247.64.0/19 network: Network-Name: Capitalweb-550-2 network: IP-Network: 63.247.77.160/27 network: Organization;I: Capital Web network: Tech-Contact;I: engineering@gnax.net
network: Admin-Contact;I: engineering@gnax.net
network: Created: 20030829 network: Updated: 20030829 network: Updated-By: engineering@gnax.net
Server Used: [ whois.pir.org ]http://www.xxx-adult-movies.org/ = [ 63.247.77.187 ]
Domain ID: D94385143-LROR Domain Name: XXX-ADULT-MOVIES.ORG Created On: 28-Jan-2003 11: 56: 22 UTC Last Updated On: 22-Jun-2003 09: 34: 03 UTC Expiration Date: 28-Jan-2005 11: 56: 22 UTC Sponsoring Registrar: R91-LROR Status: OK Registrant ID: GODA-02338325 Registrant Name: Registration Private Registrant Organization: Domains by Proxy Inc. Registrant Street1: 15111 N Hayden Rd. Suite 160 Registrant Street2: PMB353 Registrant City: Scottsdale Registrant State/Province: Arizona Registrant Postal Code: 85260 Registrant Country: US Registrant Phone: 1.4806242599 Registrant Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com
Admin ID: GODA-22338325 Admin Name: Registration Private Admin Organization: Domains by Proxy Inc. Admin Street1: 15111 N Hayden Rd. Suite 160 Admin Street2: PMB353 Admin City: Scottsdale Admin State/Province: Arizona Admin Postal Code: 85260 Admin Country: US Admin Phone: 1.4806242599 Admin Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com
Tech ID: GODA-12338325 Tech Name: Registration Private Tech Organization: Domains by Proxy Inc. Tech Street1: 15111 N Hayden Rd. Suite 160 Tech Street2: PMB353 Tech City: Scottsdale Tech State/Province: Arizona Tech Postal Code: 85260 Tech Country: US Tech Phone: 1.4806242599 Tech Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com
Name Server: NS1.XXXNAMESERVERS.COM Name Server: NS2.XXXNAMESERVERS.COM
Drilling down again: <blockquote 63.247.77.187 = [ ]
network: Class-Name: network network: ID: 271.63.247.64.0/19 network: Auth-Area: 63.247.64.0/19 network: Network-Name: Capitalweb-550-2 network: IP-Network: 63.247.77.160/27 network: Organization;I: Capital Web network: Tech-Contact;I: engineering@gnax.net
network: Admin-Contact;I: engineering@gnax.net
network: Created: 20030829 network: Updated: 20030829 network: Updated-By: engineering@gnax.net
July 28th, 2004 at 4:53 am
As always I’m not sure that putting the onus on registrars is a useful tactic. Service providers I can see, they are the one’s providing the actual service that is being abused. Its also easy for them to stop letting their service be abused.
July 28th, 2004 at 5:26 am
Registrars have one advantage over service providers: there are fewer of them. Once a spammer has been canned by a few registrars, they will have nowhere else to go. Plus, some registrars already have anti-spam language in their AUPs. I think that validates the approach, and that as a consumer, I prefer to use the registrar that chooses to be part of the solution over the one that chooses to be part of the problem.
Not that I wouldn’t advocate going after the service provider (both the host of the spammed website and the channel through which the spamming is done) as well. But service providers are a dime a dozen and too many of them are actively evil.
July 28th, 2004 at 6:17 am
What does despammed do for you? does it de-obfuscate the spam and traceback through the headers? If so you can get the same sort of service from spamcop.net maybe you can use that while despammed is down?
July 28th, 2004 at 9:41 pm
They’re a spam-filtered email forwarder. Basically they supply me with an email address that I can safely publish on my various websites.
Transcripts of forum comments also go to my despammed address, which lets them through because they come from a server that doesn’t send a lot of spam. This is good, because I need the transcripts to be alerted to spam postings and to deal with them later.
Despammed is back up, by the way.
July 29th, 2004 at 8:37 am
don’t Ripe allocate IP ranges? gnax.net are either fly by night or numpties – as they have no reverse dns on their name servers…
I wonder what Ripe’s views on such internet abuse is & whether they’d be willing to pull the allocated range on the abusers?