FYI: router BillyGoat is offline

Kyle Williams kyle.kwilliams at gmail.com
Wed Jul 1 01:43:27 UTC 2009 

On Tue, Jun 30, 2009 at 6:37 PM, Michael <cozzi at cozziconsulting.com> wrote:

> Kyle Williams wrote:
>
>> reject 0.0.0.0/8:* <http://0.0.0.0/8:*>
>> reject 169.254.0.0/16:* <http://169.254.0.0/16:*>
>> reject 127.0.0.0/8:* <http://127.0.0.0/8:*>
>> reject 192.168.0.0/16:* <http://192.168.0.0/16:*>
>> reject 10.0.0.0/8:* <http://10.0.0.0/8:*>
>> reject 172.16.0.0/12:* <http://172.16.0.0/12:*>
>> reject 66.109.20.52:*
>> accept *:80
>> accept *:443
>> accept *:43
>> reject *:*
>>
>
>   Kyle,
>
>   One more question if you would indulge my curiosity. What service was the
> course of the "spam"?
>
>   Michael
>

Here's the whole thing.  Don't follow the links in this e-mail, it's not
worth your time.


------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* WebMaster AFBNetwork [mailto:webmaster at afbnetwork.com]
*Sent:* Tuesday, June 30, 2009 10:24 AM
*To:* abuse at frienster.com; help at friendster.com; events at friendster.com
*Cc:* abuse at 1and1.fr; abuse at gmail.com; abuse at galaxyvisions.com
*Subject:* Complaint about spammers
*Importance:* High

*From :* webmaster at afbnetwork.com
*To :* abuse at friendster.com & help at friendster.com & events at friendster.com
*Copy To :* abuse at 1an1.fr & abuse at gmail.com & abuse at galaxyvisions.com

*Dear Madam, Dear Sir,*

I am the webmaster of www.afbnetwork.com. My name is Alain Bippus and I also
own the said site hosted by 1and1.fr
Due to harassment and spam from some of your members, I would like you to
register your following members as "intensive spammers",
both by e-mail and by registering news in our web site:

http://profiles.friendster.com/109627291 - NAKED CELEBRITIES
http://profiles.friendster.com/109628091 - CELEBRITY SEX
http://profiles.friendster.com/109629116 - CELEBRITY SEX TAPES
http://profiles.friendster.com/109629302 - CELEBRITY FAKE FREE GALLERY
http://profiles.friendster.com/109629590 - CELEBRITIES EXPOSED

These members of yours are spamming mainly throug email address
triarmmex at gmail.com
with "erydranient" as Pseudo. (most probably forger email address).
Their spam actually originate from *IP address : 66.109.20.52*
This IP address is owned by Galaxyvisions Inc - Domain Name : efnet.net -
Registrar : Godaddy.com Inc.
All this spamming is of pornographic type, which is not accepted by us as it
is clearly written in the public rules of our site.

*COPY OF LOGS :*

*1)- Last Access to web site :*

*66.109.20.52 - - [30/Jun/2009:12:48:03 +0200]* "GET /poster.php HTTP/1.0"
200 15290 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
*66.109.20.52 - - [30/Jun/2009:12:48:12 +0200]* "POST /poster.php HTTP/1.0"
200 15481 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
*2)- Last Spamming mail :*

*2009-06-30 12:48:12* u39437102 4AgGp3-1MLasm18N1-0001py |< *
REMOTE=66.109.20.52* SCRIPT=/afbnetworkcom/poster.php -- /usr/sbin/sendmail
-t -i
*2009-06-30 12:48:12* u39437102 4AgGp3-1MLasm18N1-0001py <=
S=cgi-mailer-bounces-148125414 at kundenserver.de SZ=2108 D=0 SID=148125414
*2009-06-30 12:48:12* u39437102 4AgGp3-1MLasm18N1-0001py =>
webmaster at afbnetwork.com msmtp.kundenserver.de[172.19.35.7] 250 Message
0MKv1o-1MLasm1cJb-000cNe accepted bymreu1.kundenserver.de

Please note that the .php page of our news service is protected by program
against news messages containing the word "frienster" in insensitive case,
but despite this, those news messages still succeed to reach in our base. It
means that the spammers must be using some robot or program in order to
short-circuit the web site control.

So, we would like you to investigate the matter and take appropriate action.

Thanks in advance.
I am at your disposal at Phone: 0033 (4) 67.23.83.70
Your faithfully,
Alain Bippus,
webmaster at afbnetwork.com
------------------------------------------------------------------------------------------------------------------------------------------------------

That's all they had to say.  I have not heard back in regards to my reply.

- Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090630/f0c43dad/attachment.htm>

More information about the tor-talk mailing list