Jump to content

Fake Spam Reports


George Kostov

Recommended Posts

Hi.

I'm getting fake spam reports for spamvertised web sites (most often it's www.voegeln.de). Actualy, one DNS administrator has made a mistake by putting one of my IPs - 217.174.159.22 as an IP of this site. Let's have a look at "nslookup www.voegeln.de": It shows:

Name: www.voegeln.de

Addresses: 217.173.159.26, 217.173.159.27, 217.174.159.22, 217.173.159.23, 217.173.159.24, 217.173.159.25

As you may see, it's just a typo - in one of records someone has typed 174 instad of 173. Since the site has many addresses, no one notices that one of addresses doesn't work. However because of this mistake, I'm receiving big amount of FAKE spam reports, just because 217.174.144.0/20 is my allocation.

Any attempts to find the person responsible for this DNS were fruitless. So can anyone help me to stop these FAKE spam reports, which in my personal feeling is just another spam? Because of this, I had to make filter in my e-mail client to send mails from "[at]reports.spamcop.net" to trash!

regrds

George

Link to comment
Share on other sites

It is not up to Spamcop to fix your broken DNS problems.

But Merlyn, I don't think it's George's DNS that's broken. The one that's wrong is a third party that he has nothing to do with, so I don't understand why you responded this way.

George, the people responsible for the IP's and also for the DNS appear to be "titan-networks.net" -- here are the abuse contact addresses for them and for their upstream, "home.nl":

abuse[at]home.nl, abuse[at]titan-networks.net

However, I think that the "Titan" people are porn spammers, so you might not have much luck contacting them. Therefore, you will probably want to go straight to the "Home.nl" address.

DT

Link to comment
Share on other sites

If he complained to home.nl then they should handle the problem.

Should is the key word...I've read some posts in the abuse groups indicating that perhaps Home.nl isn't responsive in cases like this.

So, the only resolution for now might be for the Deputies to suppress any complaints regarding that one IP in question. George and his colleagues should NOT have to receive complaints generated due to bad DNS somewhere else. I just ran "www.voegeln.de" though the parser multiple times, and each time it cycled through a different IP address associated with the site, including the IP belonging to George, so this is something that can be fixed at SpamCop's end, at least temporarily, until such time as George can get the other people to fix their DNS.

DT

Link to comment
Share on other sites

Here are some facts which may help you in determining whom to blame/block:

According to

10/30/04 16:17:11 dig www.voegeln.de [at] 216.175.203.50

Dig www.voegeln.de[at]ns1.cyberservices.tv (217.173.156.33) ...

Authoritative Answer

Query for www.voegeln.de type=255 class=1

  www.voegeln.de A (Address) 217.173.159.27

  www.voegeln.de A (Address) 217.174.159.22

  www.voegeln.de A (Address) 217.173.159.23

  www.voegeln.de A (Address) 217.173.159.24

  www.voegeln.de A (Address) 217.173.159.25

  www.voegeln.de A (Address) 217.173.159.26

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

Dig www.voegeln.de[at]ns2.cyberservices.tv (217.173.157.65) ...

Authoritative Answer

Recursive queries supported by this server

Query for www.voegeln.de type=255 class=1

  www.voegeln.de A (Address) 217.173.159.23

  www.voegeln.de A (Address) 217.173.159.24

  www.voegeln.de A (Address) 217.173.159.25

  www.voegeln.de A (Address) 217.173.159.26

  www.voegeln.de A (Address) 217.173.159.27

  www.voegeln.de A (Address) 217.174.159.22

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

Dig www.voegeln.de[at]216.175.203.50 ...

Non-authoritative answer

Recursive queries supported by this server

Query for www.voegeln.de type=255 class=1

  www.voegeln.de A (Address) 217.173.159.24

  www.voegeln.de A (Address) 217.173.159.25

  www.voegeln.de A (Address) 217.173.159.26

  www.voegeln.de A (Address) 217.173.159.27

  www.voegeln.de A (Address) 217.174.159.22

  www.voegeln.de A (Address) 217.173.159.23

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

, nameservice for www.voegeln.de is handled by ns1 and ns2 at cyberservices.tv, and www.voegeln.de is a subdomain without its own zone.

Moving up a level, according to

10/30/04 16:17:26 dig voegeln.de [at] 216.175.203.50

Dig voegeln.de[at]ns1.cyberservices.tv (217.173.156.33) ...

Authoritative Answer

Query for voegeln.de type=255 class=1

  voegeln.de SOA (Zone of Authority)

        Primary NS: ns1.cyberservices.tv

        Responsible person: hostmaster[at]ns1.cyberservices.tv

        serial:220084

        refresh:28800s (8 hours)

        retry:7200s (2 hours)

        expire:604800s (7 days)

        minimum-ttl:43200s (12 hours)

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de MX (Mail Exchanger) Priority: 100 mx.voegeln.de

  voegeln.de A (Address) 217.173.159.25

  voegeln.de A (Address) 217.173.159.26

  voegeln.de A (Address) 217.173.159.27

  voegeln.de A (Address) 217.173.159.22

  voegeln.de A (Address) 217.173.159.23

  voegeln.de A (Address) 217.173.159.24

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

  mx.voegeln.de A (Address) 217.173.157.177

Dig voegeln.de[at]ns2.cyberservices.tv (217.173.157.65) ...

Authoritative Answer

Recursive queries supported by this server

Query for voegeln.de type=255 class=1

  voegeln.de A (Address) 217.173.159.22

  voegeln.de A (Address) 217.173.159.23

  voegeln.de A (Address) 217.173.159.24

  voegeln.de A (Address) 217.173.159.25

  voegeln.de A (Address) 217.173.159.26

  voegeln.de A (Address) 217.173.159.27

  voegeln.de MX (Mail Exchanger) Priority: 100 mx.voegeln.de

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  voegeln.de SOA (Zone of Authority)

        Primary NS: ns1.cyberservices.tv

        Responsible person: hostmaster[at]ns1.cyberservices.tv

        serial:220084

        refresh:28800s (8 hours)

        retry:7200s (2 hours)

        expire:604800s (7 days)

        minimum-ttl:43200s (12 hours)

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  mx.voegeln.de A (Address) 217.173.157.177

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

Dig voegeln.de[at]216.175.203.50 ...

Non-authoritative answer

Recursive queries supported by this server

Query for voegeln.de type=255 class=1

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  voegeln.de NS (Nameserver) ns2.cyberservices.tv

  voegeln.de NS (Nameserver) ns1.cyberservices.tv

  ns1.cyberservices.tv A (Address) 217.173.156.33

  ns2.cyberservices.tv A (Address) 217.173.157.65

, the person responsible for this mess has the email address "hostmaster[at]ns1.cyberservices.tv", and that email is processed by ns1.cyberservices.tv (nl33.titannetworks.nl [217.173.156.33]).

Those IP Networks are all routed via pos14-0.mpr1.ams1.nl.above.net [208.184.231.53] and/or pos8-0.mpr1.ams1.nl.above.net [208.184.231.181] (MFN Communications' AboveNet routers in Amsterdam, The Netherlands) and are administered as follows:

10/30/04 16:28:58 whois 217.173.156.33[at]whois.ripe.net

whois -h whois.ripe.net 217.173.156.33 ...

% This is the RIPE Whois secondary server.

% The objects are in RPSL format.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

inetnum:      217.173.152.0  - 217.173.156.255

netname:      TITAN-NL

descr:        Titan Networks Netherlands BV i.g.

country:      NL

admin-c:      TNH6-RIPE

tech-c:    TNH6-RIPE

status:    ASSIGNED PA

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20040130

remarks:      Please send all abuse issues to

remarks:      abuse[at]titan-networks.net

remarks:      *** complaints to other email addresses will be ignored ***

source:    RIPE

route:        217.173.156.0/22

descr:        Titan Networks Netherlands BV i.g.

origin:    AS20640

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20010828

changed:      guardian[at]titan-networks.net 20030326

source:    RIPE

person:    Hostmaster of the DAY

address:      Titan Networks Netherlands BV i.g.

address:      Amsterdam South East

address:      Kuiperbergweg 13

address:      1101 AE, Amsterdam

address:      Netherlands

phone:        +31 20 797 9990

fax-no:    +31 20 797 9991

e-mail:    nocadmin[at]titan-networks.net

nic-hdl:      TNH6-RIPE

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNET-MNT

changed:      guardian[at]titan-networks.net 20020128

changed:      guardian[at]titan-networks.net 20030326

source:    RIPE

10/30/04 16:29:22 whois 217.173.157.65[at]whois.ripe.net

whois -h whois.ripe.net 217.173.157.65 ...

% This is the RIPE Whois secondary server.

% The objects are in RPSL format.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

inetnum:      217.173.157.64 - 217.173.157.95

netname:      TITAN-EUROCON

descr:        Eurocon PGmbH

country:      NL

admin-c:      SN664-RIPE

tech-c:    SN664-RIPE

status:    ASSIGNED PA

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20030527

source:    RIPE

route:        217.173.156.0/22

descr:        Titan Networks Netherlands BV i.g.

origin:    AS20640

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20010828

changed:      guardian[at]titan-networks.net 20030326

source:    RIPE

person:    Simon Nagtegaal

address:      Eurocon PGmbH

address:      Postbus 604

address:      Venlo

address:      Netherland

phone:        +31.000

e-mail:    info[at]hardcore-video-shop.com

nic-hdl:      SN664-RIPE

notify:    guardian[at]titannetworks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titannetworks.net 20030527

source:    RIPE

10/30/04 16:28:04 whois 217.173.159.27[at]whois.ripe.net

whois -h whois.ripe.net 217.173.159.27 ...

% This is the RIPE Whois secondary server.

% The objects are in RPSL format.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

inetnum:      217.173.159.0 - 217.173.159.63

netname:      TITAN-CYBER

descr:        Cyber Services Corp.

descr:        112, Bonadie Street

descr:        Kingstown, Saint Vincent

country:      GD

admin-c:      CYB4-RIPE

tech-c:    TNH6-RIPE

status:    ASSIGNED PA

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20030501

changed:      guardian[at]titan-networks.net 20030527

changed:      guardian[at]titan-networks.net 20040804

source:    RIPE

route:        217.173.156.0/22

descr:        Titan Networks Netherlands BV i.g.

origin:    AS20640

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titan-networks.net 20010828

changed:      guardian[at]titan-networks.net 20030326

source:    RIPE

person:    Netmaster Cyberservices

address:      Cyber Services Corp.

address:      112, Bonadie Street

address:      Kingstown, Saint Vincent

address:      GD

phone:        +31 (20) 5206828

fax-no:    +31 (20) 5206828

e-mail:    webmaster[at]cyberservices.tv

nic-hdl:      CYB4-RIPE

notify:    guardian[at]titannetworks.net

mnt-by:    TITANNL-MNT

changed:      guardian[at]titannetworks.net 20030501

source:    RIPE

person:    Hostmaster of the DAY

address:      Titan Networks Netherlands BV i.g.

address:      Amsterdam South East

address:      Kuiperbergweg 13

address:      1101 AE, Amsterdam

address:      Netherlands

phone:        +31 20 797 9990

fax-no:    +31 20 797 9991

e-mail:    nocadmin[at]titan-networks.net

nic-hdl:      TNH6-RIPE

notify:    nfy[at]titan-networks.net

mnt-by:    TITANNET-MNT

changed:      guardian[at]titan-networks.net 20020128

changed:      guardian[at]titan-networks.net 20030326

source:    RIPE

Link to comment
Share on other sites

It is not up to Spamcop to fix your broken DNS problems. 

Why don't you get them fixed?

19333[/snapback]

They are not George's broken DNS problems, they are a spammer's (or spam support service's) broken DNS problems that are affecting George.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...