|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: rbnnetwork.org
Alexander Harrowell wrote: > > Is hosting a phishing site and bouncing abuse reports.. Not so strange, gmail addresses are being used a lot a for spam sources. With the description you gave, I would also ignore it, it's a miracle that the spamfilter didn't drop it dead on the floor in the first place, especially as you are spamvertizing a certain website ;) Lets see what you should do different the next time you try to report something: > ---------- Forwarded message ---------- > From: Alexander Harrowell <[email protected]> Don't use gmail, use a real address, not something which everybody can create on the fly, at random and throw away again. That gives you some credit that you are not trying to fake somebody else. Having your full name instead of barbylover666 is a good part though, gmail isn't. > Date: Oct 31, 2006 2:38 PM > Subject: Phisher Phisher? Is that it? Lets assume you have to handle [email protected] and you get 1000 mails a day from silly automated tools, seeing 'Phisher' as the only thing in the subject from a person from gmail will simply trigger only one action: [del]. In the 'description' below you write that they are doing comment spam. Phising != comment spam. A better subject would have been: "Spamvertized website at <$ip> in your <$ispnet>, ASxxxx". Having the ASN in there gives some credibility. > To: [email protected] > > > We're receiving large volumes of comments spam advertising a site > hosted in your network. http://onlineinvestmentworld.com is located at > 81.95.146.166, which is your netblock: inetnum: 81.95.144.0 - > 81.95.147.255 Who is "We"? Gmail? When reporting something it is actually useful to show proof somewhere, thus simply point to the websites in question. As those websites are yours you most likely also have logs of those sites, then you can also contact the ISP's who are actually spamming the comments. <SNIP RIPE object> They know who they are, so you don't have to repeat that. As this message, according to you, bounced, you could also have tried the admin and tech handles. Altough in this case that leads only to [email protected] Email wise you are thus out of luck, but those handles do contain phone numbers, which you can use then to resolve this. Another way, instead of calling (which might be horrible if you don't speak russian ;) is too check their peers and transits: http://www.robtex.com/as/as40989.html which tells you that it is a very small company with only one /22, they are pretty new to the game and some other things. As they are a small ISP, they clearly have a transit and you can always contact them if they don't reply to your mails or they simply drop them on the floor. If you would have done a whois on rbnnetwork.com you would have found another email address and strangely, a US address and phone number. They are not so russian as they seem like after all ;) <SNIP traceroute> What does a traceroute do at all? It might be handy only in the case where some IP hijack is in progress, but in that case you can always do a BGPPlay using RIPE's RIS to figure out where it came from. Last but not least: there are dedicated spam etc reporting sites. Afaik Nanog is not that place. Unless your network went down because an ISP was overloading you with traffic of course ;) Greets, Jeroen Attachment:
signature.asc
|