|
 Author |
 How to remove many spammer sites at once (currently 9,161 views) |
| MarkGiles |
| Posted on: Monday, January 8th, 2007, 6:17pm |
 |
|
Posts: 363
|
re MIZALDO.HK - an Illegal RX site, you have it exactly right.
Quoted Text AND today on this search ive got this: WHOIS results for justlom.com Generated by http://www.DNSstuff.comRegistrar: NETFIRMS, INC. Status: ok Dates: Created 13-dec-2006 Updated 21-dec-2006 Expires 13-dec-2007 DNS Servers: NS2.ASDERDUB.COM NS1.THEBLACKRAINS.NET NS1.XETOPNET.COM NS2.LOERJAMM.COM |
Requesting Netfirms (affiliate of Tucows, both in Toronto) to act on this will take out one of the literally THOUSANDS of Illegal RX sites. Better to request the nameservers be inactivated, as before. See the title of this thread.
Quoted Text I dont understand it dont the registrars
see the name servers that they are using are blacklisted in many places such as URIBL.com
or dont they care |
Guess what? I asked that question of myself, too. I got no answer. Then I got an idea. I asked some of the registrars. The result was dramatic. I know two registrars who were delighted to learn about this uribl lookup method, and do precisely that!
So don't ask yourself. Don't ask this forum. Ask the registrars, and teach them how to do it.
|
|
|
|
 |
Reply: 60 - 80 |
|
|
| Dave |
| Posted on: Thursday, January 11th, 2007, 2:53pm |
|
|
Posts: 19
|
Thanks - a few more clues for me and others I hope.I did ask Netfirms - (Probably not the right question and possibly not the right tone- but they were good enough to reply
but again I dont fully understand their answer.
" Hello, Thank you for your e-mail.
Please be advised that the domains(s) you have listed are not hosted with Netfirms. While the domains were originally registered through Netfirms, we have no affiliation with them other than the registration themselves.
If you are receiving spam from these domains, we recommend that you contact the host provider currently hosting these domains and file your complaint with them.
Netfirms is listed as the technical contact for these domains because they were registered through us. However, there is nothing that we can do in regards to your complaint since the spam e-mail you are receiving is coming from a different host provider and mail server.
Therefore, we recommend that you refrain from sending us any further notifications regarding your spam complaints as these will need to be re-directed to the host provider for the domain you are filing a complaint against.
We thank you for your compliance in this matter.
Regards,
Todd
Netfirms Inc.
http://www.netfirms.com
Thank you,
Netfirms Support Team
Netfirms Inc.
http://www.netfirms.com
-----Original Message-----
From: Dave
Date: Monday, January 08, 2007 03:13 PM
To: support@netfirms.com (support@netfirms.com)
Subject: Domain - http://www.justlom.com
Domain Name: www.justlom .com
Hi I have received an email from
JUSTLOM.COM and you appear to be the registrars. The name servers they
are using are blacklisted on many sites throughout the world and I just wonder why
when you are ICANN registered you can allow this to go on?
The site they are using is at best gathering credit card information and at worst selling illegal drugs.
Dont you have laws in america or canada to stop that sort of thing. |
|
|
|
|
Reply: 61 - 80 |
|
|
| Ryan |
| Posted on: Thursday, January 11th, 2007, 3:15pm |
|
|
Spam Fighter 
Posts: 76
|
Their key words:
"...other than the registration themselves..."
They are taking the cowardly position that they are immune to the action of the domain, since they are not hosting the site.
|
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
 |
Reply: 62 - 80 |
|
|
| MarkGiles |
| Posted on: Thursday, January 11th, 2007, 3:16pm |
|
|
Posts: 363
|
Hi Dave,
You need to approach it differently. You are not complaining because the site was spammed, you are comlaining because they are sponsoring a criminal operation.
Take a look at the useful and somewhat amusing entries in the McAfee Site Advisor details at
http://www.siteadvisor.com/sites/justlom.com
You need do little more than to ask Netfirms to read it, and decide whether they should continue to risk their reputation in continuing to do business with Alex Polyakov. |
|
|
|
|
Reply: 63 - 80 |
|
|
| Ryan |
| Posted on: Thursday, January 11th, 2007, 3:22pm |
|
|
Spam Fighter
Posts: 76
|
Absolutely. Mark is right on the ball there Dave.
They need to take a stand like this: http://www.gandibar.net/post/2007/01/11/Gandi-fights-back-against-domain-abuse
(Ok - that cat is DEFINATELY out of the bag now. what the hell. Anyway, check out the hidden reference to this forum in the title, and please visit and voice your support!! 
Other solutions? You bet!!
Why not throw their own contracts in their faces?
Look at Point 2 of their "Domain Registration Agreement", it states,
Quoted Text "...nor the manner in which it is used infringes the legal rights of a third party, and that the Domain Name is not being registered for any unlawful purpose...." |
 |
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
| |
Reply: 64 - 80 |
|
|
| Dave |
| Posted on: Thursday, February 1st, 2007, 3:45pm |
|
|
Posts: 19
|
Hi - still on the case with your help this time it is shares- dont usually bother with them
but this one caught my interest as it wasnt the usual Image spam stuff.
"You are subscribed to leandershantaserver.com with the email address *********@*********.
If you wish to be excluded from future leandershantaserver.com mailings,
please click here
or write us at:
21218 St Andrews Blvd #323, Boca Raton, FL 33433 "
naturally I did neither ( subscribed eh, I dont think so )
leandershantaserver.com is blacklisted on Uribl and registrar is
Registrar: TUCOWS INC.
Status: ok
Dates: Created 19-sep-2006 Updated 19-sep-2006 Expires 19-sep-2007
DNS Servers: NS1.LEANDERSHANTASERVER.COM NS2.LEANDERSHANTASERVER.COM
I was about to write to Tucows.inc but - what does this mean
Domain Type Class TTL Answer
leandershantaserver.com. A IN 60 69.30.227.40
leandershantaserver.com. A IN 60 69.30.227.34
leandershantaserver.com. NS IN 60 ns2.leandershantaserver.com.
leandershantaserver.com. NS IN 60 ns1.leandershantaserver.com.
ns1.leandershantaserver.com. A IN 60 69.30.227.34
ns2.leandershantaserver.com. A IN 60 69.30.227.40
- - - - - - - - - - - - - - - - - - - -- - - - - - - - -
WHOIS results for 69.30.227.40
Generated by http://www.DNSstuff.com
Location: United States [City: ]
Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).
OrgName: WholeSale Internet
OrgID: WHOLE-125
Address: 1102 Grand
Address: Suite 905
City: Kansas City
StateProv: MO
PostalCode: 64106
Country: US
NetRange: 69.30.192.0 - 69.30.255.255
CIDR: 69.30.192.0/18
NetName: WHOLESALEINTERNET
NetHandle: NET-69-30-192-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.KCNOC.COM
NameServer: NS2.KCNOC.COM
- - - - - - - -- -- - - - -- - - - - - -- - - -- - -- - --- -
WHOIS results for KCNOC.COM
Generated by http://www.DNSstuff.com
Registrar: ENOM, INC.
Status: clientTransferProhibited
Dates: Created 19-jun-2003 Updated 12-nov-2006 Expires 19-jun-2007
DNS Servers: DNS1.NAME-SERVICES.COM DNS2.NAME-SERVICES.COM DNS3.NAME-SERVICES.COM DNS4.NAME-SERVICES.COM DNS5.NAME-SERVICES.COM
I was referred to whois.enom.com; I'm looking it up there.
An old "favourite"???!!
So whilst I would be more than happy to write to Tucows should it be Tucows or ENOM or both?
I did ask in a previous post if anyone -Giles? could explain DNS traversal in very simple terms but couldnt see a response.
Im off to Burma (myanmar) for a couple of weeks but if anyone can post a reply Ill get on to it when I get back. |
|
|
|
|
Reply: 65 - 80 |
|
|
| MarkGiles |
| Posted on: Thursday, February 1st, 2007, 4:09pm |
|
|
Posts: 363
|
| Please edit or modify your posting, and remove your email address. |
|
|
|
|
Reply: 66 - 80 |
|
|
| MarkGiles |
| Posted on: Thursday, February 1st, 2007, 4:15pm |
|
|
Posts: 363
|
You would complain about leandershantaserver.com to Tucows (compliance at opensrs.org) - this is the most effective.
The complaint about the IP address where their system is hosted would go to Wholesale Internet's abuse dept
OrgAbuseHandle: NETWO1111-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-314-431-5200
OrgAbuseEmail: abuse at wholesaleinternet.com |
|
|
|
|
Reply: 67 - 80 |
|
|
| MarkGiles |
| Posted on: Tuesday, February 27th, 2007, 11:41pm |
|
|
Posts: 363
|
Capital Networks (Pacnames) is an unresponsive registrar. They provide the domain for the name servers ns1.srul5.com and ns2.srul5.com. There are over 250 OEM Software sites selling obviously pirated software. It is more worthwhile reporting these to the Business Software Alliance (www.bsa.org) than to the registrar.
But today, all of these sites are failing to load. Take a few at random
http://oemblagodat.com
http://recover-oem.com
http://oemschaste.com
http://cyber-oem.com
It's gratifying to see hundreds of illegal scam sites fail all at once. |
|
|
|
|
Reply: 68 - 80 |
|
|
| pensioner |
| Posted on: Thursday, March 1st, 2007, 11:49am |
|
|
Posts: 21
|
A few questions and remarks.
1. At February 1st 4.15 pm Mark wrote the address to complain to Tucows. How come this address is not listed in the InterNIC Registrar list? I will try the address Mark provided, as mails to the listed banterwebhelp1 at tucows.com bounce;
2. I find Ace of Domains also a very unresponsive registar. In the last weeks I have sent them -using the complainterator- numerous motivated removal requests for driedoutdns.com and hairyolddns.com. With each request I included the original full UBE, and pointed out the violations of ICANN and CAN-SPAM Act terms (including cc's to ICANN and FTC). Each time I DO get a confirmation mail from ICANN, but nada from Moniker or FTC;
3. Since I started using the complainterator, using hotmail to send the complaints, the following has happened: spam at my yahoo and gmail has almost stopped. I used to get there several daily spams for Pharmacy Express, haven't seen Leo's spam for days now. However spam at my hotmail (=sending complaints address) has sharply increased with spam almost exclusively from Polyakov, originating from driedoutdns and haryolddns;
4. I am unable to tackle the (prun-) spam I receive at hotmail. Until recently that was about the only spam I got at hotmail, but persistent: once a day for well over a year. The original spam (variations like "SEXUALY--ExpLiCIT") linked through a yahoo.uk-account has ceased, but has been moved to zoneedit.com, where the name servers ns7,8 and 9 were used (the subject is now referring to incest and/or older women).
Upon removal requests for zoneedit.com to Dotster, I got replies from zoneedit.com, that the abused site has been "suspended". Nice, but the spamvertized sites behind those links are still running.
As complainterator once suggested me to send a removal request for yahoo.com, I guess that zoneedit.com itself is not the spammer. What approach to take? Like I now do, continue to ask zoneedit to remove ns7~9.zoneedit.com?
In addition to 3 : I get the impression that after starting to make removal requests (i.e. using the complainterator) my gmail and yahoo seem to have been 'white-washed' by Leo (not the effect I wanted, but better than no result at all). It looks like Polyakov gets pissed of by the complainterator. He moved his spam from my gmail and yahoo to my "offending?" hotmail.
Also -though he is sloppy- yesterday I noticed that several of his spamvertized links did not resolve at first attempt. They did resolve when I used a proxy (most recent case, about 1 hour ago, Exquisite Replicas at http://www.betsfrends.com) I also noticed that the information I get from a 'whois' at domaintools.com is now minimal, or there even is no info at all.
Resuming, spamverizing has shifted from gmail and yahoo to hotmail for:
Pharma Shop.
ED Pill Store,
Exquisite Replicas
Hoodia...
Spamvertizing for Pharmacy Express has -temporarily- stopped.
Apart from my other questions, I would like to know if other people using the complainterator have seen a similar change. |
|
|
|
|
Reply: 69 - 80 |
|
|
| dfrancocci |
| Posted on: Tuesday, March 20th, 2007, 8:17am |
|
|
Posts: 2
|
Hi. I wonder if you can tell me how to handle the following spamvertized pharmacy site: rxstation.org?
The Complainterator gets stuck trying to find COM.CN. What's happening with this one?
Dominic Francocci |
|
|
|
|
Reply: 70 - 80 |
|
|
| dfrancocci |
| Posted on: Tuesday, March 20th, 2007, 9:00am |
|
|
Posts: 2
|
I notice that Complainterator 10 offers to skip or cancel when it gets to this point. Thanks. But what is going on with this domain?
DF |
|
|
|
|
Reply: 71 - 80 |
|
|
| MarkGiles |
| Posted on: Tuesday, March 20th, 2007, 4:54pm |
|
|
Posts: 363
|
Complainterator has looked up the DNS servers that give access to rxstation.org
http://www.dnsstuff.com/tools/traversal.ch?domain=rxstation.org&type=A
It gets back the name servers as
ns1.dns.com.cn [218.30.114.205]
ns2.dns.com.cn [218.244.47.6]
These two name servers are owned by the registrar, Beijing Innovative Linkage Technology to resolve a huge number of their legitimate customers' web sites and email services.
It is therefore not appropriate to allow Complainterator to generate a request to remove the name servers, because that would shut down a multitude of legitimate sites.
Instead, you need to send an email requesting Beijing to remove the web site rxstation.org from their name servers. |
|
|
|
|
Reply: 72 - 80 |
|
|
| MarkGiles |
| Posted on: Monday, April 23rd, 2007, 5:17pm |
|
|
Posts: 363
|
Version 11 of the automated complaint generation tool has been posted in the forum at
http://thecarpcstore.com/phpbb2/viewforum.php?f=4
It generates complaints to the registrars of a spammed site's name servers, and now it also generates a omplaint to the registrar of the spammed site itself.
Used in conjunction with Spamcop, you can respond to a spam for a web site with complaints to
1. the ISP for the origin of the spam (Spamcop)
2. the ISP for the web site (Spamcop)
3. the registrar for the spammed domain (Complainterator)
4. the registrars for the name servers (Complainterator) |
|
|
|
|
Reply: 73 - 80 |
|
|
| dj |
| Posted on: Sunday, April 29th, 2007, 3:36pm |
|
|
Super Spam Fighter 
Posts: 108
|
Just downloaded Complainterator v11 (for the first time)
Send to Knujon, report to Spamcop, run Complainterator, delete.
What more could anyone want?
That would be "no more spam" .................and world peace!
(with acknowledgement to Gracie Hart)
Two small snags -
New Dream Network
jeffc@dreamhost.com was the address given in ICANN which then bounced.
<jeffc@dreamhost.com>: Recipient address rejected: User unknown in virtual alias table)
Went to their website and found abuse@dreamhost.com and when I got an automated reply from using that it gave me abuse-replies@dreamhost.com which will avoid the automated reply.
Godaddy
(reason: 554 refused mailfrom because of SPF policy) <abuse@godaddy.com>
|
Dave
"Now its personal" "Don't get mad, get even!" |
|
|
|
|
Reply: 74 - 80 |
|
|
Pages: 
Logged
Locked Board