What to do? Spam on behalf of my site!

[Andrey77]

Hello!

I the owner of a site carder.info, my mirrors carder.su and carder.biz.

My site exist 3 years, has a plenty of users in the day very popular and does not require a spam.

The statistics on all time can be checked up here http://www.alexa.com/data/details/traffic_...ils/carder.info

Subjects of my site - struggle against hackers and carders.

Hackers or competitors specially dispatch a spam and in the letter specify my site!

A hosting the company constantly blocks my account and it is inaccessible.

First my site was under a constant DDoS attack and was not accessible, but we have established AntiDDoS and the site has earned.

Now spamers have specially started to dispatch a spam!!!

My hosting company is not involved in dispatch of a spam.

The greater request to establish a server from which the spam is dispatched and urgently to block it!

What to do?

[Wazoo]

What to do?

First of all, I don't see where this post has any direct issue with SpamCop Reporting. It might be assumed that there is an alleged connection between the spam in question and users sending out SpamCop complaints, but ... this wasn't mentioned, stated, even hinted at. Therefore, this is being moved to the Lounge with this post.

Browsing http://carder.info/

Fetching http://carder.info/ ...

GET / HTTP/1.1

Host: carder.info

Connection: close

<html><head><title>Suspended Domain</title></head>

<body><center>This account has been suspended.<br>

Either the domain has been overused, or the reseller ran out of resources.<br></center></body>

carder.biz - same as above

carder.su - same as above

Trace carder.info (75.126.149.16) ...

Trace carder.biz (75.126.149.16) ...

Trace carder.su (75.126.149.16) ...

I believe you don't understand the term "mirror" .... what you seem to have is various re-directs of the various Top-Lived-Domains to a single page .... all are/were hosted at the same IP address ... this isn't what the word "mirror" is defined as on/in the rest of the Internet/world.

Reports would have gone to;

Parsing input: carder.info

No recent reports, no history available

Reporting addresses:

postmaster[at]softlayer.com

abuse[at]softlayer.com

However, as noted, "no reports have been sent" against card.info

Same info/status for carder.biz or the IP Address involved with hosting

Initial thoughts are that SpamCop.net has not been involved at all.

Your issue appears to be with your ISP/Hosting company. I don't see where your Domain/DNS data has been yet affected;

Dig carder.info[at]ns1.sweetyprofiles.com (75.126.149.16) ...

Authoritative Answer

Recursive queries supported by this server

Query for carder.info type=255 class=1

carder.info MX (Mail Exchanger) Priority: 10 mail.carder.info

carder.info TXT (Text Field)

v=spf1 a mx ip4:75.126.236.3 ?all

carder.info SOA (Zone of Authority)

Primary NS: ns1.sweetyprofiles.com

Responsible person: root[at]carder.info

serial:2008011703

refresh:14400s (4 hours)

retry:3600s (60 minutes)

expire:1209600s (14 days)

minimum-ttl:86400s (24 hours)

carder.info NS (Nameserver) ns1.sweetyprofiles.com

carder.info NS (Nameserver) ns2.sweetyprofiles.com

carder.info A (Address) 75.126.149.16

mail.carder.info A (Address) 75.126.149.16

ns1.sweetyprofiles.com A (Address) 75.126.149.16

ns2.sweetyprofiles.com A (Address) 75.126.236.3

Well. other than DNS is/was provided by the same server that hosted the Web-pages .... not really the norm in the world, but ....????

[StevenUnderwood]

Hackers or competitors specially dispatch a spam and in the letter specify my site!

A hosting the company constantly blocks my account and it is inaccessible.

What to do?

A copy of the report link could help us to help you more.

If these reports are for spamvertized weblinks, you should be working with your provider who is receiving these reports (Using best contacts postmaster[at]softlayer.com abuse[at]softlayer.com) and ask them to investigate further when your sites are involved. Spamvertized weblink reports do NOT feed the blacklist and are only informational. That being said, I do not see any SpamCop reports against any of (www).carder.(info, biz, su). All show: No recent reports, no history available

P.S. Wazoo moved this thread while I was getting the kids to the school bus, before I could finish and post.

[Wazoo]

P.S. Wazoo moved this thread while I was getting the kids to the school bus, before I could finish and post.

Aplologies .... one of those things .// when I started, there was no one else around. It toook some time doing all the look-ups and searches I was did, wanting to get a ist of just what the site might be about (definitely having some issues with the Domain name involved) .. checking statuses, data, etc. As stated the "with this post" included the "move this Topic when posting this Reply" action, so there was no screen refresh involved to show that there was anyone else active at that moment ...

Definitely curious as to how this Forum was located, Reporting Help Forum section selected to post this query, when it doesn't appear that any of the SpamCop.net tools have been involved. I didn't think it would be all that helpful at thi spoint to ask about a Tracking URL so as to see some of the spam in question. Still not knowing what the web-site was actually about, not sure I want to know about it actually.

Google's cache (14 Jan 2008) of the web-page doesn't show much. if any activity.

Google's cache (13 Jan 2008) of the FAQ page doesn't offer a clue as to what the subject matter was.

Almost left with the thought that there is another reason for the site being pulled ,,,, but it's all speculation from this side of the screen.

Checking server [whois.afilias.info]

Domain ID:D11317451-LRMS

Domain Name:CARDER.INFO

Created On:21-Nov-2005 20:44:34 UTC

Last Updated On:17-Jan-2008 09:01:24 UTC

Expiration Date:21-Nov-2009 20:44:34 UTC

Sponsoring Registrar:Regtime Ltd. (R455-LRMS)

Status:TRANSFER PROHIBITED

Registrant ID:CO236014-RT

Registrant Name:Maria

Registrant Organization:NA

Registrant Street1:Pushkinskaya, 340

Registrant City:Kamennoe

Registrant State/Province:Moskovskaya oblast

Registrant Postal Code:427000

Registrant Country:RU

??? Floating around since 2005, but no current content, in addition to being currently whacked ...?????

There has to be more to the story .....

[Andrey77]

Why my domains and a hosting if I am not engaged in a spam should suffer?

I know that it is possible to trace according to from a spam-letters a server from which the spam was dispatched.

How it is possible to block it?

Clean, please, my domains from blacklist. What to do if spamers will repeatedly dispatch a spam, with the instruction of my domain?

The hosting again will block my account?

[Andrey77]

spam:

[ SpamCop V647 ]

This message is brief for your comfort. Please use links below for details.

Spamvertised web site: http://carder.biz/ http://www.spamcop.net/w3m?i=z2766671736z6...59d6eaad20fc62z

http://carder.biz/ is 75.126.149.16; Thu, 17 Jan 2008 16:23:48 GMT

Spamvertised web site: http://carder.su/ http://www.spamcop.net/w3m?i=z2766671737z6...c3d3d8def9226cz

http://carder.su/ is 75.126.149.16; Thu, 17 Jan 2008 16:23:48 GMT

[ Offending message ]

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=us-ascii

Date: Wed, 15 Jan 2008 15:10:31 0200

From: "Staci Cline"

MIME-Version: 1.0

Message-ID: <9596________________0581[at]eartharthome.com>

Received: from source ([88.247.244.33]) by exprod7mx220.postini.com ([64.18.6.14]) with SMTP; Wed, 16 Jan 2008 13:09:30 GMT

Received: from [88.247.244.33] by smtp.secureserver.net; Wed, 15 Jan 2008 15:10:31 0200

Reply-To: duncan[at]eartharthome.com

To: x

X-Mailer: The Bat! (v3.80.03) Professional

X-PSTN-Levels: (S: 0.00000/92.60146 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )

X-Priority: 3 (Normal)

Date: Wed, 15 Jan 2008 15:10:31 0200

From: "Staci Cline" <duncan[at]eartharthome.com>

To: x

Subject: best fraud resource !

Visit the best forum about fraud online, banking fraud, skam, stock market manipulation and auctions fraud!

Come to us and we will teach you to steal.

http://carder.info

Mirrors:

http://carder.su

http://carder.biz

-------------------------------------------

-------------------------------------------

[ SpamCop V647 ]

This message is brief for your comfort. Please use links below for details.

Spamvertised web site: http://carder.biz/ http://www.spamcop.net/w3m?i=z2766690032z6...5d607b8e8c103ez

http://carder.biz/ is 75.126.149.16; Thu, 17 Jan 2008 16:30:18 GMT

Spamvertised web site: http://carder.su/ http://www.spamcop.net/w3m?i=z2766690035z7...748a97414aabf2z

http://carder.su/ is 75.126.149.16; Thu, 17 Jan 2008 16:30:18 GMT

[ Offending message ]

Return-Path: <akira1956[at]oogishouji.com>

X-Original-To: x

Delivered-To: x

Received: from [88.240.54.187] (unknown [88.240.54.187])

by mail.mel.tellusion.com (Postfix) with ESMTP id 135A24D7AB2D

for <x>; Wed, 16 Jan 2008 22:48:57 1100 (EST)

Received: from [88.240.54.187] by oogishouji.com; Wed, 15 Jan 2008 15:13:03 0200

Message-ID: <01c8__________________f058[at]akira1956>

From: "Irwin Richard" <akira1956[at]oogishouji.com>

To: <x>

Subject: best carder resource !

Date: Wed, 15 Jan 2008 15:13:03 0200

MIME-Version: 1.0

Content-Type: text/plain;

charset="windows-1250"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.00.2314.1300

X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300

Visit the best forum about fraud online, banking fraud, skam, stock market manipulation and auctions fraud!

Come to us and we will teach you to steal.

http://carder.info

Mirrors:

http://carder.su

http://carder.biz

-------------------------------------------

-------------------------------------------

[ SpamCop V647 ]

This message is brief for your comfort. Please use links below for details.

Spamvertised web site: http://carder.biz/ http://www.spamcop.net/w3m?i=z2766743004z7...06b943c923956ez

http://carder.biz/ is 75.126.149.16; Thu, 17 Jan 2008 16:38:06 GMT

Spamvertised web site: http://carder.su/ http://www.spamcop.net/w3m?i=z2766743005zb...6a24c2b0cbfd89z

http://carder.su/ is 75.126.149.16; Thu, 17 Jan 2008 16:38:06 GMT

[ Additional comments from recipient ]

>

> Credit card information thieves!

>

[ Offending message ]

Return-Path: <dpaquette[at]amwfresno.com>

Received: from mx02.netcarrier.net (mx02.netcarrier.net [216.178.94.75])

by pluto.eclipse.net (8.13.6/8.13.6) with SMTP

d m0GDAbR1027287

for <x>; Wed, 16 Jan 2008 08:10:37 -0500

Received: (qmail 9086 invoked by uid 0); 16 Jan 2008 13:10:37 -0000

Received: from localhost (127.0.0.1)

by localhost with QMQP; 16 Jan 2008 13:10:37 -0000

Delivered-To: x

Received: (qmail 9059 invoked by uid 0); 16 Jan 2008 13:10:36 -0000

Received: from mx03.netcarrier.net (216.178.94.69)

by mx02.netcarrier.net with QMQP; 16 Jan 2008 13:10:36 -0000

Received: from mx01.netcarrier.net (216.178.94.71)

by mx03.netcarrier.net with QMQP; 16 Jan 2008 13:10:35 -0000

Received: from unknown (HELO ?213.80.142.218?) (213.80.142.218)

by mx01.netcarrier.net with SMTP; 16 Jan 2008 13:10:35 -0000

Received: from [213.80.142.218] by mail.amwfresno.com; Wed, 15 Jan 2008 16:11:23 0300

From: "Martha Lacy" <dpaquette[at]amwfresno.com>

To: <x>

Subject: earn with us!

Date: Wed, 15 Jan 2008 16:11:23 0300

Message-ID: <01c8__________________50d5[at]dpaquette>

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1252"

Content-Transfer-Encoding: 7bit

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook, Build 10.0.4024

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663

Imp

ortance: Normal

Visit the best forum about fraud online, banking fraud, skam, stock market manipulation and auctions fraud!

Come to us and we will teach you to steal.

http://carder.info

Mirrors:

http://carder.su

http://carder.biz

[Wazoo]

I have to be honest. Further research only seems to bring up issues of identity theft, stolen credit card info, various trojan attacks, on and on. SpamHuntress offers a 2006 Blog entry dealing with carder.info being off-line back then, under different hosting. Insecure.org's list has more recent entries. I believe that this is part of the "must be more to the story" stuff that I suggested in a previous post.

As stated above, I see no where that SpamCop.net's tools were involved. There is no "blocking" going on that I see, the sites do not resolve, which is a DNS/Hosting issue. I simply am not comfortable spending time trying to help anyone associated with a site that has screwed so many people over the years.

[Telarin]

As best I can tell by review of cached copies of this site, it dealt mainly with the buying and selling of stolen credit card information, which is illegal pretty much anywhere in the world. These sites need to be taken offline. There are very few webhosts that will knowing host web pages containing illegal content. Unfortunately, there are enough of them that many of these sites still manage to exist.

[Andrey77]

Do not make laugh people.

Result the concrete proof to the words or do not speak anything. Business now in other - hackers make a spam on behalf of my domains.

I ask to clean my domains from blacklist and to send abuse on a server which makes dispatch of a spam.

[Farelf]

Do not make laugh people.

Result the concrete proof to the words or do not speak anything. Business now in other - hackers make a spam on behalf of my domains.

I ask to clean my domains from blacklist and to send abuse on a server which makes dispatch of a spam.

...Spamvertized weblink reports do NOT feed the blacklist and are only informational.

SpamCop does not have you blacklisted. The SCbl is only for the dispatching servers. They are dealt with routinely. For instance http://www.spamcop.net/w3m?action=checkblo...p=88.247.244.33 End of story.

[Telarin]

Do not make laugh people.

Result the concrete proof to the words or do not speak anything. Business now in other - hackers make a spam on behalf of my domains.

I ask to clean my domains from blacklist and to send abuse on a server which makes dispatch of a spam.

Laugh? Hardly... Some select gems taken from the carder.info forums as shown in google...

any one of you selling bank login?

contact me icq :499-372-813 or pm me

I need a lot of cvv come with dob or vbv 3d. Serious vendors plz pm me.

150$ (payment e-gold wm) 10000 users !

name : surname: zip : mothersmaidenname : password : email

If you enter te site there are full adress and telephone

Icq 353403

Now the only way I can interpret these posts is people buying and selling illegal credit card information. Sites that allow this, even if they are not actively participating, should be shut down as quickly and as permanently as possible. You can try to contact your ISP, but unless you can show them something I can't see to prove your site is not involved in illegal activity, I seriously doubt they are going to reactivate your site.

[StevenUnderwood]

Do not make laugh people.

Result the concrete proof to the words or do not speak anything. Business now in other - hackers make a spam on behalf of my domains.

I ask to clean my domains from blacklist and to send abuse on a server which makes dispatch of a spam.

Your web sites are not blocklisted (and can not be) through spamcop.net. SpamCop only lists the source of the email message, and has already listed the source of your first example: Statistics:

88.247.244.33 listed in bl.spamcop.net (127.0.0.2)

I find it interesting that you use the term mirror for your alternate web sites and so does the spam pointing to your sites. Most people only use "mirror" for multiple sites (read different IP Addresses, usually throughout the world) which carry the same information. Everything I see here, all 3 sites are using the same IP address, so are really the same site, not a mirror.

[Andrey77]

We have more than 30000 those, it is more than messages 200000, to follow all it is very complex.

It is work of moderators, instead of mine. I'll transfer these messages to them also they will be removed. My hoster does not wish to unblock, becouse my domains appear in spamcop.net, please, remove my domains from these lists.

[Wazoo]

We have more than 30000 those, it is more than messages 200000, to follow all it is very complex.

It is work of moderators, instead of mine. I'll transfer these messages to them also they will be removed. My hoster does not wish to unblock, becouse my domains appear in spamcop.net, please, remove my domains from these lists.

Assuming that there is major language issue involved here .... I actually can make little sense of the above. A sstated by numerous folks doing your legwork, the sites in question were not found to be in the SpamCop.net databases, either for received user spam complaints or the SpamCopDNSBL. Your continued use of the word "blocked" does not translate to "does not resolve" .. just as the repeated of the word "mirror" has been noted a more than one of the respondant here does not match the 'normal' definition of that word.

You (I believe) asked for "concrete proof" ... Multiple search enfines include multiple entries that deal specifically with the actions documented in numerous places around the net .... credit card scams, distribution of confidential/private data, specifially credit card and associated personal data, on an on ..... dating back for years. The Domains in question appear to have lost hosting numerous times over the years.

Believe me, no one here is laughing.

Subjects of my site - struggle against hackers and carders.

I gave up looking for data to support this alleged position. Everything I found and looked at dealt with making the credit card and personal information available.

Business now in other .......... We have more than 30000 those ...... I'll transfer these messages to them ....

The way I read that is that the Forum I found to be 'empty' in the Google cache of the web-page would end up containing all that previous traffic, if it ever became live agan, Unfortunately, this doesn't seem to track with the 'new business' suggestion.

I'm about at the point where this Topic is going to be closed. As stated, spending time on a 'known' scam site that is not actually listed in any of SpamCop.net's databases is seen as a waste of everyone's time and energy. Once again, your 'problem' still appears to be a "hosting" issue .... please take it up with your ISP/Host.

It is work of moderators, instead of mine.

Maybe you need to explain just who you are and what your relationship to the subject Domains actually is. You certainly started this off making it sound like "you were in charge" .....

Quite in contrast to your alleged situation, there's a fantatstic set of Moderators working here. Garbage traffic as evidenced in search engine results of traffic seen on the Domains you asked about get handled very quickly 'here' .. removed from public view, thereby also not accessible by search engines, accounts get administratively handled, etc. etc. etc.

[Wazoo]

Hmmm, some checks today offer some odd results. E-mail sent upstream to see if there's a possible explanation for the apparent database latency issue. Not that this changes any/much of the preceding, but ... interesting in that data is now available that wasn't when this Topic started .. and that data is dated prior to the start of this Topic ....???

'New' data like (from a report submitted two days prior to this Topic being started);

ISP does not wish to receive reports regarding http://carder.info/ - no date available

http://carder.info/ has been appealed previously.

ISP does not wish to receive reports regarding http://carder.biz/ - no date available

http://carder.biz/ has been appealed previously.

ISP does not wish to receive reports regarding http://carder.su/ - no date available

[Farelf]

Wow - the alleged white-anters have upped the ante (translation available on request ):

http://www.spamcop.net/sc?id=z2837342200zf...49f3de65d6f77dz

(I get about one spam a month these days and this is it for April). For the sake of 'due dilligence' (=protection of own nether-regions), reporting to the AFP, with reference to this location. DNS and whois detail for carder.su may have changed from that shown in the original analysis by Wazoo (I don't think it is worth the effort to chase up at this stage).

[agsteele]

[ SpamCop V647 ]

This message is brief for your comfort. Please use links below for details.

Spamvertised web site:] is 75.126.149.16; Thu, 17 Jan 2008 16:23:48 GMT

I've snipped the above quote for clarity...

Is the fact that the reports the OP is claiming got his site closed down are dated January 2008 significant in understanding the lack of a mention in the old report data?

Anyhow, I'm delighted this chap's sites are closed. An ISP that appears to be taking cybercrime seriously.

Andrew

[Miss Betsy]

Andrew, I think that Farelf got another spam yesterday that had carder.su in the body. For that matter, it made it through hotmail filters also (though it may have gone to the junk folder if I had filtering turned on).

I'll bite and ask what or who 'white-anters' are. That might explain why Farelf decided to post to this old topic.

Miss Betsy

[Farelf]

Old topic restarted on the basis of fresh spam and resurrected hosting (certainly resolves). White-ants operate in the background to undermine structures and that was the allegation of the O/P - his enemies were trying to destroy him by forging his website URLs into spam which stated/implied he commissioned the spam. Most of "us" were hard pressed to see the difference between blatant criminality and what appeared to be the normal business there but that's by-the-bye. The ante has been upped (stakes increased) by the same style of spam now including kiddie porn amongst the services supposedly provided. That it is just too outrageous to be real, I would think, but am taking no chances. Let law enforcement decide for themselves - which is probably just playing into the hands of the 'white-ant'ers if that they be but ...

[agsteele]

Andrew, I think that Farelf got another spam yesterday that had carder.su in the body.

Missed the date change

Andrew

[Miss Betsy]

Easy to do, if, like me, you read very quickly! I only figured it out because I remembered the earlier exchanges.

Miss Betsy