[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: FYI: router BillyGoat is offline



On Tue, Jun 30, 2009 at 6:37 PM, Michael <cozzi@xxxxxxxxxxxxxxxxxxx> wrote:
Kyle Williams wrote:
reject 0.0.0.0/8:* <http://0.0.0.0/8:*>
reject 169.254.0.0/16:* <http://169.254.0.0/16:*>
reject 127.0.0.0/8:* <http://127.0.0.0/8:*>
reject 192.168.0.0/16:* <http://192.168.0.0/16:*>
reject 10.0.0.0/8:* <http://10.0.0.0/8:*>
reject 172.16.0.0/12:* <http://172.16.0.0/12:*>

reject 66.109.20.52:*
accept *:80
accept *:443
accept *:43
reject *:*

  Kyle,

  One more question if you would indulge my curiosity. What service was the course of the "spam"?

  Michael

Here's the whole thing.  Don't follow the links in this e-mail, it's not worth your time.


------------------------------------------------------------------------------------------------------------------------------------------------------
From: WebMaster AFBNetwork [mailto:webmaster@xxxxxxxxxxxxxx
Sent: Tuesday, June 30, 2009 10:24 AM
To: abuse@xxxxxxxxxxxxxhelp@xxxxxxxxxxxxxxevents@xxxxxxxxxxxxxx
Cc: abuse@xxxxxxxxabuse@xxxxxxxxxabuse@xxxxxxxxxxxxxxxxx
Subject: Complaint about spammers
Importance: High

 
Dear Madam, Dear Sir,
 
I am the webmaster of www.afbnetwork.com. My name is Alain Bippus and I also own the said site hosted by 1and1.fr
Due to harassment and spam from some of your members, I would like you to register your following members as "intensive spammers",
both by e-mail and by registering news in our web site:
 
http://profiles.friendster.com/109627291 - NAKED CELEBRITIES
http://profiles.friendster.com/109628091 - CELEBRITY SEX
http://profiles.friendster.com/109629116 - CELEBRITY SEX TAPES
http://profiles.friendster.com/109629302 - CELEBRITY FAKE FREE GALLERY
http://profiles.friendster.com/109629590 - CELEBRITIES EXPOSED

These members of yours are spamming mainly throug email address triarmmex@xxxxxxxxx 
with "erydranient" as Pseudo. (most probably forger email address).
Their spam actually originate from IP address : 66.109.20.52
This IP address is owned by Galaxyvisions Inc - Domain Name : efnet.net - Registrar : Godaddy.com Inc.
All this spamming is of pornographic type, which is not accepted by us as it is clearly written in the public rules of our site.
 
COPY OF LOGS :
 
1)- Last Access to web site :
 
66.109.20.52 - - [30/Jun/2009:12:48:03 +0200] "GET /poster.php HTTP/1.0" 200 15290 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
66.109.20.52 - - [30/Jun/2009:12:48:12 +0200] "POST /poster.php HTTP/1.0" 200 15481 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
2)- Last Spamming mail :
 
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py |< REMOTE=66.109.20.52 SCRIPT=/afbnetworkcom/poster.php -- /usr/sbin/sendmail -t -i
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py <= S=cgi-mailer-bounces-148125414@xxxxxxxxxxxxxxx SZ=2108 D=0 SID=148125414
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py => webmaster@xxxxxxxxxxxxxx msmtp.kundenserver.de[172.19.35.7] 250 Message 0MKv1o-1MLasm1cJb-000cNe accepted bymreu1.kundenserver.de
 
Please note that the .php page of our news service is protected by program against news messages containing the word "frienster" in insensitive case,
but despite this, those news messages still succeed to reach in our base. It means that the spammers must be using some robot or program in order to short-circuit the web site control.
 
So, we would like you to investigate the matter and take appropriate action.
 
Thanks in advance.
I am at your disposal at Phone: 0033 (4) 67.23.83.70
Your faithfully,
Alain Bippus,
------------------------------------------------------------------------------------------------------------------------------------------------------

That's all they had to say.  I have not heard back in regards to my reply.

- Kyle