« Shadow at MT | Main | Better-looking money »

These guys are holding my comments hostage

The timetable keeps getting reset on the liberation of the comments. I will start allowing HTML, links and images as well as display of the URLs you guys all so faithfully type in when you comment, if I can go for two weeks without having spam pass MT-Blacklist. Unfortunately, spam passes MT-blacklist daily; in fact, the problem continues to get worse.

Just minutes ago, I caught a glimpse of how spammers may defeat MT-blacklist altogether: by brute force. I checked my mail and was flooded with transcripts of comment spams from blackjack-123.com who sent over 100 spams from a wide range of IP addresses in a space of a few minutes. Moveable Type's builtin flood control caught a few addresses and automatically banned them (yay!) but the flood was so overwhelming that it interfered with my ability to add the casino.blackjack-123 address to MT-Blacklist. The flood continued while MT-Blacklist was unable to process the information.
I am sure that this tactic will be used again, and more powerfully.

The news on extracting much-desired retribution from blackjack-123 is also bad.

Here's the info from Sam Spade:

Server Used: [ whois.godaddy.com ]

http://casino.blackjack-123.com/ = [ 161.58.59.8 ]


Registrant:
Marketing Team
Registered through: GoDaddy.com
Domain Name: BLACKJACK-123.COM
Domain servers in listed order:
NS0.MARKETING-TEAM-2004.US
NS1.MARKETING-TEAM-2004.US
For complete domain details go to:

I wish Go-Daddy would cancel its cloaked registration service. It's intended to protect people from having the email address in their registrations used by spammers, but it's helping spammers more than it's helping us. Also, because getting the spam to stop had priority over gathering evidence that GoDaddy would act on, I have not taken a screenshot of any of the spams, so I don't hold out much hope for complaining to them.

Samspade says this about the IP address 161.58.59.8, where the site is hosted:

Server Used: [ rwhois.verio.net ]

161.58.59.8 = [ blackjack-123.com ]

network: Class-Name: network
network: Auth-Area: 161.58.0.0/18
network: ID: NETBLK-WH-161-58-59-0-24.127.0.0.1/32
network: Handle: NETBLK-WH-161-58-59-0-24
network: Network-Name: WH-161-58-59-0-24
network: IP-Network: 161.58.59.0/24
network: In-Addr-Server;I: NS8629-HST12700132
network: In-Addr-Server;I: NS8630-HST12700132
network: IP-Network-Block: 161.58.59.0 - 161.58.59.255
network: Org-Name: Verio Web Hosting (SME)
network: Street-Address: 5050 Blue Lake Drive
network: City: Boca Raton
network: State: FL
network: Postal-Code: 33431
network: Country-Code: US
network: Tech-Contact;I: WA576-VRIO.127.0.0.1/32
network: Created: 2004-07-23 19: 43: 0600
network: Updated: 2004-07-23 19: 43: 0600
network: Class-Name: network
network: Auth-Area: 161.58.0.0/18
network: ID: NETBLK-VRIO-161-058-000.127.0.0.1/32
network: Handle: NETBLK-VRIO-161-058-000
network: Network-Name: VRIO-161-058-000
network: IP-Network: 161.58.0.0/18
network: In-Addr-Server;I: NS8629-HST12700132
network: In-Addr-Server;I: NS8630-HST12700132
network: IP-Network-Block: 161.58.0.0 - 161.58.63.255
network: Org-Name: Verio Web Hosting - Vienna
network: Street-Address: 1921 Gallows Road
network: City: Vienna
network: State: VA
network: Postal-Code: 22182
network: Country-Code: US
network: Tech-Contact;I: WA575-VRIO.127.0.0.1/32
network: Created: 2000-01-11 22: 51: 1300
network: Updated: 2002-02-07 21: 23: 3200
network: Class-Name: network
network: Auth-Area: 161.58.0.0/18
network: ID: NETBLK-VRIO-161-058.127.0.0.1/32
network: Handle: NETBLK-VRIO-161-058
network: Network-Name: VRIO-161-058
network: IP-Network: 161.58.0.0/16
network: In-Addr-Server;I: NS34528-HST12700132
network: In-Addr-Server;I: NS35624-HST12700132
network: In-Addr-Server;I: NSL662-HST12700132
network: In-Addr-Server;I: NS3-VRIO-HST12700132
network: In-Addr-Server;I: NS4-VRIO-HST12700132
network: IP-Network-Block: 161.58.0.0 - 161.58.255.255
network: Org-Name: Verio Inc.
network: Street-Address: 8005 South Chester Street Suite
network: City: Englewood
network: State: CO
network: Postal-Code: 80112
network: Country-Code: US
network: Tech-Contact;I: VIA4-ORG-ARIN12700132
network: Created: 2000-01-11 19: 12: 4800
network: Updated: 2000-01-11 19: 12: 4800
network: Class-Name: network
network: Auth-Area: 161.58.0.0/18
network: ID: NETBLK-VRIO-161-058-000.127.0.0.1/32
network: Handle: NETBLK-VRIO-161-058-000
network: Network-Name: VRIO-161-058-000
network: IP-Network: 161.58.0.0/18
network: In-Addr-Server;I: NS8629-HST12700132
network: In-Addr-Server;I: NS8630-HST12700132
network: IP-Network-Block: 161.58.0.0 - 161.58.63.255
network: Org-Name: Verio Web Hosting - Vienna
network: Street-Address: 1921 Gallows Road
network: City: Vienna
network: State: VA
network: Postal-Code: 22182
network: Country-Code: US
network: Tech-Contact;I: WA575-VRIO.127.0.0.1/32
network: Created: 2000-01-11 22: 51: 1300
network: Updated: 2002-02-07 21: 23: 3200

I'm not sure Verio are worth complaining to at all. I seem to recall having seen their name before in connection to persistent spamming.

The address 161.58.59.8 does seem to be a dedicated server hosting nothing but blackjack-123. It will probably be proof against all of my readers pinging it simultaneously (just to check if it is still up, of course). How infuriating.

Comments (1)

See if you can figure out how to use a voltage spike to utterly destroy their computer. They deserve it.

About

This page contains a single entry from the blog posted on September 1, 2004 7:46 PM.

The previous post in this blog was Shadow at MT.

The next post in this blog is Better-looking money.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34