Spamers...

[Tenermo29]

check this too

regards, Tenermo29

[Toraborakid]

check this too

regards, Tenermo29

DUDE, DON"T POST THIS s**t ON THIS SITE MAN!

[Digger[NJLP]]

He's a spammer.. We've been getting hit a lot lately.. I want Murdock to give me their IP addresses.

But he won't give em up.. He's afraid I'll hurt them.

P.S. -edited 15 minutes later-

They posted in the Tech Forum so I have the IP.

If you Google the IP, this address and similar ones have been reported.

Block the whole dam IP Range for this ISP.
_____________________________
inetnum: 203.121.64.0 - 203.121.127.255
netname: TIMETELEKOM
descr: TIME Telecommunications Sdn Bhd
descr: Kuala Lumpur
country: MY
admin-c: AM59-AP
tech-c: AM59-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation'"'"'s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-MY-TTNET
mnt-routes: MAINT-MY-TTNET
changed: hostmaster@apnic.net 20000510
changed: hostmaster@apnic.net 20010712
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040708
source: APNIC

person: Azmy Mohamad Yusof
nic-hdl: AM59-AP
e-mail: azmy@isp.time.net.my
e-mail: abuse@isp.time.net.my
address: TIMEdotNet Bhd
address: Level 3, Lot 14 Jalan U1/26 Glenmarie HICOM Industrial Park 40000
address: Shah Alam Selangor Malaysia
address: [abuse] abuse@isp.time.net.my
phone: +6-03-50326131
fax-no: +6-03-50326204
country: MY
changed: azmy@isp.time.net.my 20030217
mnt-by: MAINT-MY-TTNET
source: APNIC

[Toraborakid]

Really!

[Murdock]

Nononononon....Its not that I wouldn't give you his ip...It won't do any good...Would you like the others?
12.155.221.98
24.185.221.1
24.196.248.6
24.203.102.106
24.44.32.77
58.145.6.23
58.72.68.100
59.10.123.16
59.13.226.220
59.20.77.200
59.24.159.149
60.48.141.251
61.142.212.46
61.213.147.162
61.213.147.163
61.213.147.166
61.213.147.170
61.213.147.172
61.213.147.174
61.213.147.177
61.213.147.185
61.33.65.43
61.39.139.200
61.95.202.184
62.149.12.83
62.150.40.142
62.183.50.164
62.75.185.11
63.208.150.85
63.223.75.193
63.223.83.158
63.236.234.27
63.236.234.28
64.111.196.14
64.154.81.242
64.247.205.131
65.122.88.30
66.111.249.28
66.135.33.49
66.139.76.153
66.160.176.201
66.235.168.211
66.98.250.94
67.15.0.80
68.116.38.22
68.60.243.40
69.123.57.2
69.161.77.92
69.2.193.195
69.23.67.61
69.45.68.245
69.47.161.121
69.50.167.122
69.50.175.91
70.159.21.50
70.243.66.59
70.83.4.125
70.84.192.18
72.205.27.140
72.232.86.170
75.126.18.154
80.136.241.109
80.68.246.78
81.177.4.43
81.177.8.29
82.103.132.52
82.114.68.194
82.144.222.111
82.146.61.36
82.146.61.36
82.198.164.14
82.231.166.100
82.234.138.4
83.102.220.98
83.167.116.84
83.17.167.90
83.208.167.32
83.66.73.6
84.244.0.156
84.244.2.58
85.*.117.66
85.17.11.2
85.91.130.19
125.176.200.9
148.223.87.93
148.233.159.58
148.233.229.235
150.187.145.62
165.139.47.1
193.108.105.212
193.140.140.76
193.140.25.102
193.51.27.149
193.77.61.130
194.117.214.148
194.12.225.225
194.135.105.17
194.83.172.2
195.208.219.75
195.35.140.106
200.176.23.81
200.209.170.225
200.65.127.163
200.75.57.10
200.93.114.139
201.11.44.2
201.160.35.40
201.17.181.250
201.17.220.103
201.21.4.169
201.21.6.175
201.212.119.228
201.217.202.186
201.242.184.37
201.55.121.95
201.56.109.208
201.6.196.171
202.129.4.8
202.149.219.214
202.58.85.2
202.58.85.8
202.58.86.3
203.158.221.227
203.212.214.225
203.236.16.42
203.68.16.2
206.123.48.4
207.226.168.130
207.44.172.117
208.179.120.34
209.250.129.123
209.85.29.6
210.117.67.218
211.162.32.29
211.169.69.85
212.190.114.233
213.113.123.63
213.114.21.87
216.73.53.5
216.98.125.34
217.10.190.36
217.112.36.52
217.116.145.210
218.146.19.190
218.219.161.91
219.240.236.163
219.93.175.68
220.125.100.37
220.202.161.26
220.225.190.204
220.72.196.109
220.72.196.110
220.72.196.71
220.72.196.81
220.72.196.95
220.83.173.206
221.130.4.238
222.112.15.99
222.120.93.97



With that other one...I saw your message about getting you the ip immedately after I deleted his last message.

[Digger[NJLP]]

Ok so the question is can you ban ranges?

[Murdock]

Yeah. That is what the * is....oops. It looks like I have the range improperly set 85.*.117.66. I guess that should be 85.*.*.*. I have to go through the list and determine the ranges.

Also, I have to upgrade the forum. I am a point release behind right now.

[Digger[NJLP]]

I'll get the ISP ranges so you can ban just those providers. You don't want to ban 85.*.*.* its too broad.

[Murdock]

It would be interesting to see who would be caught colaterally by just baning 85.*.*.*

Is there anyway to tell who owns the first octet?

[Murdock]

Its too bad that this list doesn't go up to 128

http://www.modemspeedtest.com/ipadd.htm

And this is a great page...with pretty colors too.

http://www.firewall.cx/ip-classes.php

[coold8]

Just to give you guys a quick insight,

A. Tora Bora, they are most likely using a spam bot, meaning yelling at them is probably a waste of time.
B. Banning their IP address is also a waste of time, as the address is clearly not static, meaning that banning their IP address at this point is more likely to be a valid user at this point than the spammer that was on the forum before. Your best bet is to just upgrade the forum security and hope it works. I am not sure if this is possible as I have not worked in PHPBB in a while, but if audio verification of letters and numbers is available, I highly recommend you do that kind of solution instead of doing the current image verification, it is less likely they would be able to get in that way. If that is not an option, you can always do admin approval, but of course the downside is, you would literally have to approve everyone that wants to join the site, which may not even work because sometimes it is difficult to tell a spammer apart from a real user.

[Digger[NJLP]]

Dude who are you and why are you offering us insight, do you have 19 years in IT?

Because most of the people here do and we are quite capable of blocking addresses.

Please refrain from anwering technical questions if not on your own board.

************************************************************
***********-Edited between 7:26 PM- and 8:30********************

That was a bit harsh and I should not have posted that from work so I should clear the air.

Coold8 you need to learn some skills in writing and responding to posts. I don't think the one line post "Really!" would warrant a post that has really nothing to do with the conversation. I do think if Tora Bora had a question of some type he would probably post one that included a question mark…

But the thing that amazes me is your total lack of etiquette, which one should apply when new to a forum like this. If I were to join a forum, technical or other wise, and see a thread which consists of a conversation between the forum moderator and the site owner. Even though I may see a flaw in their line of thought, I would either PM the person, or refrain from posting a comment I would have had no business posting. So think about what you post and why you’re posting it next time.

I also retract that statement about answering techinical questions. Thats why this forum is here and the more insight the better. Lets just phrase our words more carefully so as not to discourage posting from users less knowledgable on the subject matter.

[NILL]

Does anybody remember the story of when one of the largest spammers home address got found? His entire lawn got filled of with snail mail. It was on slashdot a couple of years ago. I like that kind of revenge.

While looking for that that I found this. http://www.vertical-visions.com/_temp/p ... ndex2.html It wouldn't help here, but I thought it was funny anyway.

[Digger[NJLP]]

I'll use the IP address I tracked down at the top of this post.


Ok first stop Network Solutions http://www.networksolutions.com, bottom left corner, on menu, click whois.

On the whois page set the last radio button to IP address and enter the address for spammer. 203.121.69.154

The response you get starts with,
-------------------------------------------------------------
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

So this tells me the address is overseas in Asia. APNIC is essentually what internic was here in the early startup days.

Next step go to http://www.apnic.net

At http://www.apnic.net click on the "Advanced Whois Search" link in the Whois box in the upper right hand corner. Enter the ip address on the page and press the button. Your response should have this at the top of the page,

inetnum: 203.121.64.0 - 203.121.127.255
netname: TIMETELEKOM
descr: TIME Telecommunications Sdn Bhd
descr: Kuala Lumpur
country: MY
admin-c: AM59-AP
tech-c: AM59-AP

And right at the top is the range of IP addresses this ISP has.

I'll explain how to look up who owns IP addresses a little later. My wife is kicking me out of her desk. I have to move..

[Digger[NJLP]]

Well currently iana keeps it all

http://www.iana.org/assignments/ipv4-address-space

This list only reflects IPv4, but it gets the ball rolling. ISP's usually lease address from a large GSP like MCI or AT&T.

My favorite entry is 008/8 Dec 92 Bolt Beranek and Newman Inc.
BBN was a large part of the development of packet switching (including the ARPANET and the Internet), but it is also a defense contractor, primarily for DARPA.

You can drill down and do inquiries on specific IP through the associated web site.

I have to find the info for IP v6

If your in to this stuff, the iana web site has tons of reading and charts about who owns what, protocol definintions, and procedures.