George Kostov Posted October 29, 2004 Share Posted October 29, 2004 Hi. I'm getting fake spam reports for spamvertised web sites (most often it's www.voegeln.de). Actualy, one DNS administrator has made a mistake by putting one of my IPs - 217.174.159.22 as an IP of this site. Let's have a look at "nslookup www.voegeln.de": It shows: Name: www.voegeln.de Addresses: 217.173.159.26, 217.173.159.27, 217.174.159.22, 217.173.159.23, 217.173.159.24, 217.173.159.25 As you may see, it's just a typo - in one of records someone has typed 174 instad of 173. Since the site has many addresses, no one notices that one of addresses doesn't work. However because of this mistake, I'm receiving big amount of FAKE spam reports, just because 217.174.144.0/20 is my allocation. Any attempts to find the person responsible for this DNS were fruitless. So can anyone help me to stop these FAKE spam reports, which in my personal feeling is just another spam? Because of this, I had to make filter in my e-mail client to send mails from "[at]reports.spamcop.net" to trash! regrds George Link to comment Share on other sites More sharing options...
Merlyn Posted October 29, 2004 Share Posted October 29, 2004 It is not up to Spamcop to fix your broken DNS problems. Why don't you get them fixed? Link to comment Share on other sites More sharing options...
DavidT Posted October 29, 2004 Share Posted October 29, 2004 It is not up to Spamcop to fix your broken DNS problems. But Merlyn, I don't think it's George's DNS that's broken. The one that's wrong is a third party that he has nothing to do with, so I don't understand why you responded this way. George, the people responsible for the IP's and also for the DNS appear to be "titan-networks.net" -- here are the abuse contact addresses for them and for their upstream, "home.nl": abuse[at]home.nl, abuse[at]titan-networks.net However, I think that the "Titan" people are porn spammers, so you might not have much luck contacting them. Therefore, you will probably want to go straight to the "Home.nl" address. DT Link to comment Share on other sites More sharing options...
Merlyn Posted October 29, 2004 Share Posted October 29, 2004 If he complained to home.nl then they should handle the problem. Link to comment Share on other sites More sharing options...
Wazoo Posted October 29, 2004 Share Posted October 29, 2004 Note kicked to Deputies, referenceing the issue and that filters had been used to trash reports. Link to comment Share on other sites More sharing options...
DavidT Posted October 29, 2004 Share Posted October 29, 2004 If he complained to home.nl then they should handle the problem. Should is the key word...I've read some posts in the abuse groups indicating that perhaps Home.nl isn't responsive in cases like this. So, the only resolution for now might be for the Deputies to suppress any complaints regarding that one IP in question. George and his colleagues should NOT have to receive complaints generated due to bad DNS somewhere else. I just ran "www.voegeln.de" though the parser multiple times, and each time it cycled through a different IP address associated with the site, including the IP belonging to George, so this is something that can be fixed at SpamCop's end, at least temporarily, until such time as George can get the other people to fix their DNS. DT Link to comment Share on other sites More sharing options...
Jeff G. Posted October 30, 2004 Share Posted October 30, 2004 Here are some facts which may help you in determining whom to blame/block: According to 10/30/04 16:17:11 dig www.voegeln.de [at] 216.175.203.50 Dig www.voegeln.de[at]ns1.cyberservices.tv (217.173.156.33) ... Authoritative Answer Query for www.voegeln.de type=255 class=1 www.voegeln.de A (Address) 217.173.159.27 www.voegeln.de A (Address) 217.174.159.22 www.voegeln.de A (Address) 217.173.159.23 www.voegeln.de A (Address) 217.173.159.24 www.voegeln.de A (Address) 217.173.159.25 www.voegeln.de A (Address) 217.173.159.26 voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de NS (Nameserver) ns2.cyberservices.tv ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 Dig www.voegeln.de[at]ns2.cyberservices.tv (217.173.157.65) ... Authoritative Answer Recursive queries supported by this server Query for www.voegeln.de type=255 class=1 www.voegeln.de A (Address) 217.173.159.23 www.voegeln.de A (Address) 217.173.159.24 www.voegeln.de A (Address) 217.173.159.25 www.voegeln.de A (Address) 217.173.159.26 www.voegeln.de A (Address) 217.173.159.27 www.voegeln.de A (Address) 217.174.159.22 voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de NS (Nameserver) ns2.cyberservices.tv ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 Dig www.voegeln.de[at]216.175.203.50 ... Non-authoritative answer Recursive queries supported by this server Query for www.voegeln.de type=255 class=1 www.voegeln.de A (Address) 217.173.159.24 www.voegeln.de A (Address) 217.173.159.25 www.voegeln.de A (Address) 217.173.159.26 www.voegeln.de A (Address) 217.173.159.27 www.voegeln.de A (Address) 217.174.159.22 www.voegeln.de A (Address) 217.173.159.23 voegeln.de NS (Nameserver) ns2.cyberservices.tv voegeln.de NS (Nameserver) ns1.cyberservices.tv ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 , nameservice for www.voegeln.de is handled by ns1 and ns2 at cyberservices.tv, and www.voegeln.de is a subdomain without its own zone. Moving up a level, according to 10/30/04 16:17:26 dig voegeln.de [at] 216.175.203.50 Dig voegeln.de[at]ns1.cyberservices.tv (217.173.156.33) ... Authoritative Answer Query for voegeln.de type=255 class=1 voegeln.de SOA (Zone of Authority) Primary NS: ns1.cyberservices.tv Responsible person: hostmaster[at]ns1.cyberservices.tv serial:220084 refresh:28800s (8 hours) retry:7200s (2 hours) expire:604800s (7 days) minimum-ttl:43200s (12 hours) voegeln.de NS (Nameserver) ns2.cyberservices.tv voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de MX (Mail Exchanger) Priority: 100 mx.voegeln.de voegeln.de A (Address) 217.173.159.25 voegeln.de A (Address) 217.173.159.26 voegeln.de A (Address) 217.173.159.27 voegeln.de A (Address) 217.173.159.22 voegeln.de A (Address) 217.173.159.23 voegeln.de A (Address) 217.173.159.24 ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 mx.voegeln.de A (Address) 217.173.157.177 Dig voegeln.de[at]ns2.cyberservices.tv (217.173.157.65) ... Authoritative Answer Recursive queries supported by this server Query for voegeln.de type=255 class=1 voegeln.de A (Address) 217.173.159.22 voegeln.de A (Address) 217.173.159.23 voegeln.de A (Address) 217.173.159.24 voegeln.de A (Address) 217.173.159.25 voegeln.de A (Address) 217.173.159.26 voegeln.de A (Address) 217.173.159.27 voegeln.de MX (Mail Exchanger) Priority: 100 mx.voegeln.de voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de NS (Nameserver) ns2.cyberservices.tv voegeln.de SOA (Zone of Authority) Primary NS: ns1.cyberservices.tv Responsible person: hostmaster[at]ns1.cyberservices.tv serial:220084 refresh:28800s (8 hours) retry:7200s (2 hours) expire:604800s (7 days) minimum-ttl:43200s (12 hours) voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de NS (Nameserver) ns2.cyberservices.tv mx.voegeln.de A (Address) 217.173.157.177 ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 Dig voegeln.de[at]216.175.203.50 ... Non-authoritative answer Recursive queries supported by this server Query for voegeln.de type=255 class=1 voegeln.de NS (Nameserver) ns2.cyberservices.tv voegeln.de NS (Nameserver) ns1.cyberservices.tv voegeln.de NS (Nameserver) ns2.cyberservices.tv voegeln.de NS (Nameserver) ns1.cyberservices.tv ns1.cyberservices.tv A (Address) 217.173.156.33 ns2.cyberservices.tv A (Address) 217.173.157.65 , the person responsible for this mess has the email address "hostmaster[at]ns1.cyberservices.tv", and that email is processed by ns1.cyberservices.tv (nl33.titannetworks.nl [217.173.156.33]). Those IP Networks are all routed via pos14-0.mpr1.ams1.nl.above.net [208.184.231.53] and/or pos8-0.mpr1.ams1.nl.above.net [208.184.231.181] (MFN Communications' AboveNet routers in Amsterdam, The Netherlands) and are administered as follows: 10/30/04 16:28:58 whois 217.173.156.33[at]whois.ripe.net whois -h whois.ripe.net 217.173.156.33 ... % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 217.173.152.0 - 217.173.156.255 netname: TITAN-NL descr: Titan Networks Netherlands BV i.g. country: NL admin-c: TNH6-RIPE tech-c: TNH6-RIPE status: ASSIGNED PA notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20040130 remarks: Please send all abuse issues to remarks: abuse[at]titan-networks.net remarks: *** complaints to other email addresses will be ignored *** source: RIPE route: 217.173.156.0/22 descr: Titan Networks Netherlands BV i.g. origin: AS20640 notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20010828 changed: guardian[at]titan-networks.net 20030326 source: RIPE person: Hostmaster of the DAY address: Titan Networks Netherlands BV i.g. address: Amsterdam South East address: Kuiperbergweg 13 address: 1101 AE, Amsterdam address: Netherlands phone: +31 20 797 9990 fax-no: +31 20 797 9991 e-mail: nocadmin[at]titan-networks.net nic-hdl: TNH6-RIPE notify: nfy[at]titan-networks.net mnt-by: TITANNET-MNT changed: guardian[at]titan-networks.net 20020128 changed: guardian[at]titan-networks.net 20030326 source: RIPE 10/30/04 16:29:22 whois 217.173.157.65[at]whois.ripe.net whois -h whois.ripe.net 217.173.157.65 ... % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 217.173.157.64 - 217.173.157.95 netname: TITAN-EUROCON descr: Eurocon PGmbH country: NL admin-c: SN664-RIPE tech-c: SN664-RIPE status: ASSIGNED PA notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20030527 source: RIPE route: 217.173.156.0/22 descr: Titan Networks Netherlands BV i.g. origin: AS20640 notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20010828 changed: guardian[at]titan-networks.net 20030326 source: RIPE person: Simon Nagtegaal address: Eurocon PGmbH address: Postbus 604 address: Venlo address: Netherland phone: +31.000 e-mail: info[at]hardcore-video-shop.com nic-hdl: SN664-RIPE notify: guardian[at]titannetworks.net mnt-by: TITANNL-MNT changed: guardian[at]titannetworks.net 20030527 source: RIPE 10/30/04 16:28:04 whois 217.173.159.27[at]whois.ripe.net whois -h whois.ripe.net 217.173.159.27 ... % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 217.173.159.0 - 217.173.159.63 netname: TITAN-CYBER descr: Cyber Services Corp. descr: 112, Bonadie Street descr: Kingstown, Saint Vincent country: GD admin-c: CYB4-RIPE tech-c: TNH6-RIPE status: ASSIGNED PA notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20030501 changed: guardian[at]titan-networks.net 20030527 changed: guardian[at]titan-networks.net 20040804 source: RIPE route: 217.173.156.0/22 descr: Titan Networks Netherlands BV i.g. origin: AS20640 notify: nfy[at]titan-networks.net mnt-by: TITANNL-MNT changed: guardian[at]titan-networks.net 20010828 changed: guardian[at]titan-networks.net 20030326 source: RIPE person: Netmaster Cyberservices address: Cyber Services Corp. address: 112, Bonadie Street address: Kingstown, Saint Vincent address: GD phone: +31 (20) 5206828 fax-no: +31 (20) 5206828 e-mail: webmaster[at]cyberservices.tv nic-hdl: CYB4-RIPE notify: guardian[at]titannetworks.net mnt-by: TITANNL-MNT changed: guardian[at]titannetworks.net 20030501 source: RIPE person: Hostmaster of the DAY address: Titan Networks Netherlands BV i.g. address: Amsterdam South East address: Kuiperbergweg 13 address: 1101 AE, Amsterdam address: Netherlands phone: +31 20 797 9990 fax-no: +31 20 797 9991 e-mail: nocadmin[at]titan-networks.net nic-hdl: TNH6-RIPE notify: nfy[at]titan-networks.net mnt-by: TITANNET-MNT changed: guardian[at]titan-networks.net 20020128 changed: guardian[at]titan-networks.net 20030326 source: RIPE Link to comment Share on other sites More sharing options...
George Kostov Posted November 3, 2004 Author Share Posted November 3, 2004 It is not up to Spamcop to fix your broken DNS problems. Why don't you get them fixed? 19333[/snapback] Dear Merlyn, It is a good idea to read the message before replying! And if You don't understand the topic just don't reply. rgds George Link to comment Share on other sites More sharing options...
Jeff G. Posted November 4, 2004 Share Posted November 4, 2004 It is not up to Spamcop to fix your broken DNS problems. Why don't you get them fixed? 19333[/snapback] They are not George's broken DNS problems, they are a spammer's (or spam support service's) broken DNS problems that are affecting George. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.