Jump to content

Ok, I have found a verified bullit proof host. What do I do?


ka112
 Share

Recommended Posts

The qustion has been up before. I think i landed in the FAQ and the news groups.

The FAQ is probably good, but for me that is't into the tech talk and not so good with English it a pain,,,. I have for reasons not configured my news-soft, and probably wont either.

Anyway what is the suitable way to report a IP range with bullit proof hosting or a ISP sending spam and is blacklisted at Spamhouse?

In this case it is 211.49.115.5 that is listed in the SBL 211.49.115.0/24 for bulletproof hosting - dirty block. The report adresses are abuse[at]hanaro.com and spamrelay[at]certcc.or.kr and spamcop[at]kisa.or.kr that for a long time (years?) is noted as "Administrator of network hosting website referenced in spam" without beeing dev nulled.

Can anyone tell me the easy way to go?

/Anders

Return-Path: <MiriamtitSchmitt[at]sltrib.com>

Original-Recipient: rfc822;xxxxx[at]telia.com

Received: from pne-smtpin3-sn1.fre.skanova.net (81.228.11.100) by pne-ms2.vip.skanova.net (7.3.135)

id 47F9637700958EE3 for xxxxx[at]telia.com; Mon, 21 Apr 2008 02:43:12 +0200

Received: from jose.interlink.net.ve (200.75.97.214) by pne-smtpin3-sn1.fre.skanova.net (7.3.127)

id 47FCD573008EF1DB; Mon, 21 Apr 2008 02:43:12 +0200

Received: from 19134535558073607.15961576388572106.19383048966985222.12556316263252123 (HELO localhost.localdomain) (10526766815758299.12917412577805130.15105544939360634.11716911879790730) by 19977005641095257.15769739123726947.18130809905694604.10086031713155324 with SMTP; Sun, 20 Apr 2008 20:42:20 +0400

Date: Sun, 20 Apr 2008 20:42:20 +0400

Message-Id: <8IX042EJXVWDA575[at]sltrib.com>

X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)

X-Header-CompanyDBUserName: hpccm

X-Header-MasterId: 508439

X-Header-Versions: Hewlett-Packard.1t2bn8nd0.fk[at]us.newsgram.hp.com

X-FID: 59E31DBC-8214-67AF-B8E5-30CDEA03DCB9

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: 7bit

To: <larsson.jocke[at]telia.com>

Cc: <xxxxx[at]telia.com>,

<spoofed.by.me1.[at]telia.com>,

<spoofed.by.me2.[at]telia.com>,

<spoofed.by.me.3[at]telia.com>

From: "Felicia Mcclellan" <MiriamtitSchmitt[at]sltrib.com>

Subject: Timepieces Rolex

X-Antivirus: avast! (VPS 080420-0, 2008-04-20), Inbound message

X-Antivirus-Status: Clean

High Quality Watches & Products from an offical of prestige USA and Swiss watches manufacturers!

URL removed by Moderator

Rolex Timepieces on Sale!!

Moderator edit: no reason to leave the spamvertised site as a valid link .. and it has nothing to do with the actual query, so it was removed entirely.

Edited by Wazoo
Link to comment
Share on other sites

The qustion has been up before. I think i landed in the FAQ and the news groups.

I'm not sure I actually understand ....

The FAQ is probably good, but for me that is't into the tech talk and not so good with English it a pain,,,. I have for reasons not configured my news-soft, and probably wont either.

Help on the FAQ here is always welcome, the same goes for the Wiki.

By news-soft, I'm thinking that you are talking about a news-reader ..???? For searching, reading, and historical data, there is an HTTP-accessible archive available of all the public SpamCop.net newsgroups .... check the drop-down menu under the Other words, data, places --> Newsgroups.

Anyway what is the suitable way to report a IP range with bullit proof hosting or a ISP sending spam and is blacklisted at Spamhouse?

The question as asked has nothing to do with SpamCop.net Reporting ... so moving this Topic to the Lounge with this post.

In this case it is 211.49.115.5 that is listed in the SBL 211.49.115.0/24 for bulletproof hosting - dirty block. The report adresses are abuse[at]hanaro.com and spamrelay[at]certcc.or.kr and spamcop[at]kisa.or.kr that for a long time (years?) is noted as "Administrator of network hosting website referenced in spam" without beeing dev nulled.

???? You are pointing to a single IP Address, which is what the SpamCop.net Parsing & Reporting system is designed to act on .... the source of the spew. If you are asking why the Reporting Addresses are not /dev/nul'd, that's not a decision made by anyone here in this Forum. Obviously the e-mails have not been bounced/rejected, that they are going to non-responsive ISP's/hosts isn't really anything new. The point is that those reports do feed the SpamCopDNSBL.

Can anyone tell me the easy way to go?

I'm actually not sure what you are asking for here. Again, it doesn't appear to involve SpamCop.net based on what I think I'm reading.

Link to comment
Share on other sites

I think you are saying: This IP address is a known spammer. Spamcop reports do not go to devnull.

I think you want to tell spamcop to send reports to devnull because it is a known spammer. If you were told about a newsgroup last time, it was probably the spamcop routing newsgroup. The spamcop routing newsgroup is the place to tell the deputies about reporting addresses that you think ought to be changed.

Most people use more than one blocklist to filter spam. The spamcop blocklist is aggressive. It lists IP addresses very quickly. It also takes IP addresses off the list if the spammer stops for a while. Other blocklists will list IP addresses permanently. If this is a known IP address, then it is listed on other blocklists.

If you do not want to report this spam to the source via spamcop, then cancel the report. The IP address is on other blocklists so spam will be filtered.

Known spammers sending spam from known IP addresses are not going to change their ways because of a spamcop report. The only reason to report a known spammer via spamcop is to put their IP address on the blocklist. Did you check to see if the IP address was on the blocklist?

Miss Betsy

Link to comment
Share on other sites

Can anyone tell me the easy way to go?
I'll give a try here: I think you want to know what to do to report this block (at Hanaro) for hosting spam websites. I get a lot of spam pointing to websites there as well. As you note, it is listed with the Spamhaus SBL as a "dirty block."

At a guess, I'd say that these guys have already gotten lots of reports on this over the past weeks or months, so if they were going to do anything they would already have done it. This is not the first time that Hanaro has harbored spam websites, and likely won't be the last. Clearly, they do not care that a huge chunk of their IP space is blacklisted by Spamhaus (and others).

I assume that you have already reported these via SpamCop when you are given the opportunity. You can also report these yourself in any of several ways if SpamCop does not offer to report them for you.

You can also report the domains used for these sites to their registrar, but you will probably find that they have been registered through Xin Net or some other spam-friendly crew, so don't expect much action there. There are also too damn many domains in use there, it would be hard to LART them all.

I'm not clear on what you want to do besides simply reporting them. If you have some personal "pull" at Hanaro, you could certainly contact them directly. However, failing that, I'm not sure what else you would want to do.

-- rick

Link to comment
Share on other sites

If you've got a few bucks in your pocket, and some time to kill -- you can follow this strategy:

Our legal team is communicating with the AG and preparing a restraining order against ICANN. If it gets from local into Federal courts, you'll probably read about it in the newspapers.

With the advent of "pass-along guilt" cases recently successful in the judicial system, legal seems to think there's a good chance of getting the case heard -- or at least subpoenas served for a hearing. I think a subpoena served by Federal Marshalls will get some attention.

You see, somewhere in the chain of "ownership" of known criminal IP blocks there's a U.S. entity that can be served as an accessory in the commission (or attempted) of a felony.

Contact YOUR AG or, simply go into your region's Federal court and file a restraining order against ICANN. Have your attorney write it up correctly so you don't waste time -- you'll need a "petition for writ of discovery".

Watch the fireworks. But, be prepared to shell out some substantial cash.

If there were ONE, just ONE 501 spam fighting organization with some marbles, then this could REALLY take off... or, if there was just ONE major ISP (MSN? AOL? Google? Yahoo?) with some marbles who could set up a CLASS ACTION suit, then we would really see some fireworks.

That's all I have to say.

Read my latest 60-Second Window : Crime gets a free ride from ICANN

Get mad

:angry:

Link to comment
Share on other sites

  • 3 weeks later...

I think the original poster wants to know what to do, because the SC reports don't seem to be making an impact (other than possibly placing the IP on t he SCBL).

Here's my question: Why doesn't SpamCop or someone 'in the know' take the reporting of certain 'bullet proof' IPs to the upstream provider or backbone? Everyone has to get bandwidth from SOMEONE, so why can't it be appealed to the people that provide to ZBYD Technology, WEEK5, bendery.md and Medical library of People's liberation Army??

It seems to me that if Comcast can yank my service for abuse, then the people that provide to these groups can ALSO yank service from them, until they abide by TOS. Hell, someone needs to flip a switch and turn off China (IMO), until they clean up their act.

Link to comment
Share on other sites

Here's my question: Why doesn't SpamCop or someone 'in the know' take the reporting of certain 'bullet proof' IPs to the upstream provider or backbone? Everyone has to get bandwidth from SOMEONE, so why can't it be appealed to the people that provide to ZBYD Technology, WEEK5, bendery.md and Medical library of People's liberation Army??

That would take the "automatic" out of the automatic reporting. You are always allowed to send reports anywhere you wish (SpamCop reports are not their reports, they are YOUR reports sent through the spamcop system).

Link to comment
Share on other sites

Also, the people who sell bandwidth are not very much interested in TOSs. Their goal is to sell bandwidth; they don't care who pays for it. In fact, they wouldn't really care if spammers are operating and stealing bandwidth. If they cut the spammers, who would buy all that bandwidth?

Miss Betsy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...