showker Posted October 4, 2006 Share Posted October 4, 2006 Amongst all the clutter of this thread, I'd like to ask a simple one... Assuming Joker.com is a perpetual 'safe harbour' for spammers, phishers and other online criminal activities ... (and he is, I've had umpteen run-arounds with Joker over the years... ) would it not be prudent to just BLOCK all of Joker at server level? but am reluctant to block all of him, simply not knowing how many innocent users might also be blocked from the sites hosted on the server. Can someone shed some light on IP BLOCKING at server level? Thanks Fred PS: if this is off-topic, tell me. These forums are huge, and one has no way of knowing where to post! Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2006 Share Posted October 4, 2006 Amongst all the clutter of this thread, I'd like to ask a simple one... Split out from that thread and made its own Topic as it really had no direct bearing on that discussion. Assuming Joker.com is a perpetual 'safe harbour' for spammers, phishers and other online criminal activities ... (and he is, I've had umpteen run-arounds with Joker over the years... ) would it not be prudent to just BLOCK all of Joker at server level? http://joker.com/ ... what exactly do you propose to actually block? Joker is a Domain name manager .... but am reluctant to block all of him, simply not knowing how many innocent users might also be blocked from the sites hosted on the server. http://joker.com/ ...???? hosting services are describer where? Can someone shed some light on IP BLOCKING at server level? That's another whole Topic by itself ... and it also begs to start with the baseline of "what software is running on that server?" For example, using current Linux stuff, iptables would be one possible answer ... PS: if this is off-topic, tell me. These forums are huge, and one has no way of knowing where to post! That's one reason for the 'internal Search' key at the top of the page, the Google search box provided to get around the limitations og the 'internal Search' function .... the use of 'good' Subject lines ... there is also a great Moderating team working this Forum .... the FAQs, the Glossary, the Dictionary, the Wiki .... Link to comment Share on other sites More sharing options...
A_Friend Posted October 5, 2006 Share Posted October 5, 2006 Assuming Joker.com is a perpetual 'safe harbour' for spammers, phishers and other online criminal activities ... (and he is, I've had umpteen run-arounds with Joker over the years... ) would it not be prudent to just BLOCK all of Joker at server level? Yes, JOKER doesn't seem to care about complaints regarding fraudulent domains. At least, my complaints also always fell on deaf ears... I assume you want to block all domains that are registered via JOKER? I don't think this is possible. You would have to... - do a whois query - parse the result to see if it was registered via JOKER - and finally rewrite your ACLs or firewall rules according to the results. Especially the second part would be very difficult, since whois query results are not standardized. I don't know how this could be accomplished. Any ideas, anybody? Good luck, A. Friend Link to comment Share on other sites More sharing options...
Wazoo Posted October 5, 2006 Share Posted October 5, 2006 I assume you want to block all domains that are registered via JOKER? I don't think this is possible. You would have to... - do a whois query - parse the result to see if it was registered via JOKER - and finally rewrite your ACLs or firewall rules according to the results. But I'm asking again ... "what" is going to be blocked? I'm thinking that Fred's question was phrased with the concept of something like 'blocking all of China' in mind, where one could do the work to look up the current IP blocks 'assigned' to a Chinese source and throw that data into a file. Whereas a Domain can be hosted anywhere, at any time, so there is no 'fixed' block of IP addresses that would 'link back to Joker' ..... The follow-on to the scenario of someone writing up your scri_pt, applying it to some table/firewall/something (though once again, the "what is to be blocked" still needs definition) to do something, is trying to determine just who might be the most inconvenienced. Based on the premise that "any web-site registered via Joker is the target, I'm pretty sure that Fred doesn't visit most of the spamvertised sites to begin with, so the 'missing traffic' wouldn't be noticed by that spammer. On the other hand, while doing research on his next work to be published, just how many 404 pages would be encountered along the way before it would become clear that Joker handles the Domain registration for a lot of folks other than spammers also???? Once upon a time, Julian used Joker for the spamcop.net Domain (thinking that this was after the loss of the .com and .org Domains ???? ancient history ..) Now registered through enom, which has also been cited by numerous folks as being non-responsive to the spam/spam-site problems ..... but one also has to go back and look at what "Registering a Domain" actually boils down to and where a Registrar actually fits into the real-world .... which is why this 'problem' exists, actually. Just "how" a Domain name was created, managed, controlled was the basic issue for a Registrar. Any content that appeared under that Domain's was originally considered to be the Hosting ISP's area of control. Thus the days of learning who the good/bad ISPs were as far as handling content on their 'hosted' web-pages. And this problem has gotten even further separated from the "Registration" process by the current mode of rotating DNS and web-page content shifting, all using compromised computers around the world .... Preventing the resolving of these Domain names "anywhere" is the goal of what started this Topic (and the Topic it was extracted from) .... Starting to ramble here ... stopping point for now ... Link to comment Share on other sites More sharing options...
showker Posted October 10, 2006 Author Share Posted October 10, 2006 Okay... Sorry for the ambiguous 'question' ... Many spams, particularly blog spams, I track using SamSpade.org and various other tools, lead me to the spamvertised site being hosted on an IP number which is owned by Joker.com. I follow the domain TO its IP address, then using the IP Whois, find the address is registered to Joker. My question is actually simple: If I block THAT IP address -- I will be blocking that specific IP address... whether a dedicated IP, or a shared one. (Right?) Now, my ISP says I can put a 'star' to substitute the last THREE or SIX numbers of that IP, and it will ALSO block all the IPs under that block. Doing so, I would block the spammer's IP, along with anyone else sharing those blocks. (Right?) Is this a logical means of blocking anyone hosting on Joker? (For instance, if Joker is Domain Kiting, in order to deploy them, they would have to come under one of Joker's IP blocks. Right?) Guess I need a little help understanding IP addresses, IP blocks, and how the numbers relate to the entity owning the block. Thanks for any help on this. Fred Link to comment Share on other sites More sharing options...
Telarin Posted October 10, 2006 Share Posted October 10, 2006 Well, first off, what are you trying to block? By blocking joker IPs, you are unlikely to block much spam, as the spam does not originate from their IP space. On the other hand, if they are hosting the site, you can prevent your users (if you are a system administrator) from visiting sites hosted on jokers servers. An IP block can be any power of 2 from 1 IP address for a small business or individual, up to 4,294,967,296 addresses for the entire internet. Usually these "blocks" will be denotes as either a network number and subnet mask: 192.168.0.0 / 255.255.255.0 which indicates that the 4th octet indicates the computer address within the 192.168.0.x subnet. They can also be indicated using CIDR notation, for the address above, it would be 192.168.0.0/24 indicating that the first 24 bits of the address are the network address, and the remaining 8 are the individual computer address in that subnet. The notation you need will depend on what your firewall is configured to handle. Some want subnet mask, some want CIDR numbers, either way, there are tools on the internet to help you convert easily (google "CIDR Calculator"). But again, if you are just an individual, blocking Jokers IP space really won't do you much good at all since you can simply not visit the websites and accomplish the same thing. Link to comment Share on other sites More sharing options...
showker Posted October 10, 2006 Author Share Posted October 10, 2006 But again, if you are just an individual, blocking Jokers IP space really won't do you much good at all since you can simply not visit the websites and accomplish the same thing. Actually, not an 'individual' but one with a dedicated server hosting a number of client web sites. So, thank you -- I stand corrected that the IP blocking thing does me no good, and I'm wasting my time looking them up and adding them to the server's block list. :-( other suggestions? Link to comment Share on other sites More sharing options...
Telarin Posted October 10, 2006 Share Posted October 10, 2006 Yep, repeated complaints to ICANN about their unresponsiveness. ICANN and ARIN have the ability to end spam originating in North America easily. All it requires is some minor policy changes, and rigorous enforcement of those policies. Link to comment Share on other sites More sharing options...
Ayanami Posted October 10, 2006 Share Posted October 10, 2006 This might not be in direct relation to the questions asked here, but it concerns an experience I had with Joker.com. I once tried to complain about a domain registration (dapoh.info) which is used as DNS in many spamvertised domains. Somehow I found an email address of an Joker.com admin, but the first mails were not answered. I sent another mail and just asked if there is someone there, and then I got a reply ! The admin pretended to help but made some strange excuses. Also I found out that my mails were blocked or redirected to /dev/null when I used the offending domain name (dapoh.info) in my mail. Regarding the history of my Joker.com contacts, and this experience shows to me that Joker.com is pure blackhat, which tries to cover it with a little bit of white paint. That was about 1.5 month ago, and the named domain still seems to be active :angry: Link to comment Share on other sites More sharing options...
bobbear Posted October 10, 2006 Share Posted October 10, 2006 Regarding the history of my Joker.com contacts, and this experience shows to me that Joker.com is pure blackhat, which tries to cover it with a little bit of white paint.That is also my experience in reporting many hundreds of joker.com registered criminal fraud domains over several years. The evidential reports I submit on criminal fraud domains are clear, unambiguous and unarguably demonstrate criminal activity on behalf of joker.com domains and their associated nameservers, yet joker.com have never on a single occasion replied to an abuse report and have never carried out the requested action, namely immediate suspension. The only reasons they will eventually disable domains for are: i) If they don't get paid. ii) If you can prove the whois data is false, (They only do this because they are required to do it under the terms of the ICANN accreditation agreement, but the process takes in excess of 15 days which is obviously completely useless in dealing with their innumerable money laundering criminal fraud clients). (All registrars should be compelled under the ICANN accreditation agreement to challenge/response verify all the whois data prior to enabling the domain). The sickening part of Joker, (& a poor attempt at a bit of white paint...), is this mealy-mouthed canard on the support section of their website: "However, we take spamming and phishing for serious, as well. For this reason, we provide you with this interface, to report cases of spamming and phishing, which are related to Joker.com domains." A complete lie in my experience & most likely a direct line to a bit-bucket. This quote from Joker's T's & C's seems to be their actual position that they steadfastly maintain against any and all requests for action: "Joker.com will support your effort to stop somebody to spam, but will not make own judgements about the case. We are not taking the chance to "hurt" one innocent under 100 fraudulent registrants." In other words they will take no action against their criminal fraudster clients - from the horse's mouth. They can maintain that attitude quite legally and there is absolutely nothing anyone can do about it under the present system. They have absolutely no obligation (or incentive), whatsoever to take action to prevent criminal activity carried out by their clients, although they have it in their power to immediately suspend any domain and remove it from the zone, thus rendering it useless once it has propagated through the DNS. I've registered complaints against Joker with ICANN on several occasions, knowing full well it is useless as Joker are not actually contravening any aspect of the ICANN accreditation procedure, but I feel that I should register my feelings that the present system is unfairly balanced in favour of out and out criminals & other spammers and unethical registrars such as Joker are quite happy to exploit that fact & make a good living off criminal proceedings, thank you very much. IMHO they are as low as the scum that they attract & shelter. Link to comment Share on other sites More sharing options...
showker Posted January 13, 2007 Author Share Posted January 13, 2007 I've registered complaints against Joker with ICANN on several occasions, knowing full well it is useless as Joker are not actually contravening any aspect of the ICANN accreditation procedure, but I feel that I should register my feelings that the present system is unfairly balanced in favour of out and out criminals & other spammers and unethical registrars such as Joker are quite happy to exploit that fact & make a good living off criminal proceedings, thank you very much. IMHO they are as low as the scum that they attract & shelter. SPEAKING OF ICANN... I've had it with those people. For some unknown reason, they have NO TEETH to even enforce their own regulations. I cannot understand why no one else notices. I've reported hundreds (maybe thousands, I've lost count) of FALSE WHOIS entries which NEVER got fixed. They're probably in Joker.com's pocket. If someone (an attorney, perhaps? Any attorneys registered here?) had the teeth and balls to go after ICANN, I will finance it. Once upon a time, I approached the top five computer science university departments with a challenge to produce a legal "false whois" anti-virus in exchange for an endowment grant of $500,000.00. I got all kinds of response wanting the endowment, but NOT one who would commit to the project -- for fear of reprisals. Criminals can program all sorts of awesome internet devices to perpetuate their criminal activities, but there doesn't seem to be a single honest programmer who will match their skills. Doesn't that seem upside-down? Before ICANN, there was accountability on the internet, and spam was unheard of. Thanks to the Clinton Democrats, the internet was sold to an international band of criminals who set up a mountain of bureaucracy so that they could NOT be held accountable for their policies and actions. Hopefully, IPv6 will cure all that. So, if anyone who reads this (and I suspect no one will read it beyond the forum admins) who actually knows how to go after ICANN legally, let me know. ICANN needs to be disolved, and a new administration put in place. Period. Fred Link to comment Share on other sites More sharing options...
Catsmart Posted May 2, 2007 Share Posted May 2, 2007 This is my first post to this forum, so greetings to everyone here. Regarding joker.com, they are based in Duesseldorf, Germany, as per their registration data, and doing a simple web search I found this reporting form for the Duesseldorf police department: http://www1.polizei-nrw.de/duesseldorf/kontakt-service/ there is also an email address there. Any German language speakers in the forum willing to take this matter up to them? Or maybe post there in English and see what kind of feedback they give? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.