Hi
I hope I am not out of place here, but this is my experience today and the
problem I find I have because of the broken contacts information via the whois.
This morning I received a fraudulent spam claiming to be from the Bank of
Ireland with an attached form to be filled in. I was going to delete it as
usual but decided that these types of email fraud need to be reported in order
to protect others.
I checked out the form and found the form contact link:
<a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a>
$ host masserialojazzo.it
masserialojazzo.it has address 46.252.206.1
;; connection timed out; no servers could be reached
masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net.
masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net.
And then I whoised
$ whois 46.252.206.1
inetnum: 46.252.200.0 - 46.252.207.255
netname: GDNL-46-252-200-0-TO-207-255
descr: Customer
country: NL
admin-c: WR1096-RIPE
tech-c: WR1096-RIPE
status: ASSIGNED PA
mnt-by: MNT-GDG-NL
source: RIPE # Filtered
person: Will Regg
address: H.J.E. Wenckebachweg 127
1096 AM Amsterdam
phone: +14805058877
nic-hdl: WR1096-RIPE
source: RIPE # Filtered
As you may notice, there is no suitable email contact at all. (Writing a letter
and posting it off didn't seem a useful option!)
This was a email fraud. I, as a reasonable individual trying to do my civic duty
and possible prevent someone with less 'cop on' from being scammed, was utterly
wasting my time trying to do anything. There was no abuse contact.
If RIPE and ICANN and others want to do anything at all regarding spam, and
scams and net abuse etc one of the first actions should be to ensure there are
correct contacts for every ISP so at least scams and illegal activity can be
reported.
I would also suggest that a default abuse address be insisted upon eg
abuse(a)wherever.doh as I have found many a frustrating experience emailing a
named administrator was has left the company and whose email is dead.
Perhaps someone was scammed by this same email today. A quick report and
possibly a quick shutdown of that link may have achieved something positive.
I also have a web site which is attacked on a regular basis and I try and make a
point of reporting them all. In some cases with very positive results eg a
compromised server found etc. I consider that trying to close these people down
is the only way to prevent things getting totally out of hand. The problem is
that approximately 1 in 4 abuse email addresses are incorrect and the email is
returned undelivered.
These are my frustrating experiences.
As I said, I hope I am not out of place here, pointing this out.
Regards
Lou Gogan
Saula, Achill, Co Mayo, Ireland.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LINUX - bringing joy and creativity to computing.
Registered Linux user number 478188
www.lougogan.com
Dear RIPE List Serv members,
Good day. My name is Ravi, I've been a dormant ListServ member for the last few months. would any of the members here help me know how to report a Proxy server or VPN being used to send Spam-Email from anonymous IPs.
Thank you for your time.
Regards,
Ravi
________________________________
From: "anti-abuse-wg-request(a)ripe.net" <anti-abuse-wg-request(a)ripe.net>
To: anti-abuse-wg(a)ripe.net
Sent: Monday, October 31, 2011 7:00 AM
Subject: anti-abuse-wg Digest, Vol 2, Issue 3
Send anti-abuse-wg mailing list submissions to
anti-abuse-wg(a)ripe.net
To subscribe or unsubscribe via the World Wide Web, visit
https://www.ripe.net/mailman/listinfo/anti-abuse-wg
or, via email, send a message with subject or body 'help' to
anti-abuse-wg-request(a)ripe.net
You can reach the person managing the list at
anti-abuse-wg-owner(a)ripe.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of anti-abuse-wg digest..."
Today's Topics:
1. RIPE Abuse (Chris)
2. Re: RIPE Abuse (Michele Neylon :: Blacknight)
3. Re: RIPE Abuse (Chris)
4. Re: RIPE Abuse (Michele Neylon :: Blacknight)
5. Re: RIPE Abuse (Florian Weimer)
6. Re: RIPE Abuse (Brian Nisbet)
----------------------------------------------------------------------
Message: 1
Date: Sun, 30 Oct 2011 14:18:53 -0400
From: Chris <caldcv(a)gmail.com>
Subject: [anti-abuse-wg] RIPE Abuse
To: anti-abuse-wg(a)ripe.net
Message-ID:
<CAPF5ageYgofWUKLmzkswhAoceN4b2pJsfpgx85fzfO9en39vNg(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Vesna sent me a request to join this group and with your meeting
coming up, I would like to put some last minute issues in:
XSServer, a German virtual private server / dedicated server hosting
provider, is starting to be the new king when it comes to ignored
abuse complaints. A lot of their IP ranges are being used for spam,
including email and the new comment spam on websites / forums (mainly
Wordpress). The simple solution taken by webmasters and system
administrators are to create a list of offending IPs to have for
comparison purposes, check a potential IP against that and use that IP
to block the spam from going through. That doesn't really work in the
long term.
Examples of offending IPs are:
109.230.216.225
109.230.220.34
109.230.217.166
109.230.220.95
I could find more but I just searched 109.230 in my email client and
found these.
I have noticed also that a lot of RIPE IPs also have invalid contact
information or no abuse / admin information whatsoever on them which I
believe is against your rules / guidelines.
Thank you and thank you for Vesna for recommending this mailing list
for me. I just imagine a day we rely on blacklists and rely more on
providers fixing the problems themselves, rather than having any
incompetent government intervene to cause more problems to "fix the
problem"
--
--C
"The dumber people think you are, the more surprised they're going to
be when you kill them." - Sir William Clayton
------------------------------
Message: 2
Date: Sun, 30 Oct 2011 18:34:52 +0000
From: "Michele Neylon :: Blacknight" <michele(a)blacknight.ie>
Subject: Re: [anti-abuse-wg] RIPE Abuse
To: Chris <caldcv(a)gmail.com>
Cc: "<anti-abuse-wg(a)ripe.net>" <anti-abuse-wg(a)ripe.net>
Message-ID: <8C06FA59-B1C6-420A-8E5C-11F59066538D(a)blacknight.ie>
Content-Type: text/plain; charset="us-ascii"
On 30 Oct 2011, at 18:18, Chris wrote:
>
>
> I have noticed also that a lot of RIPE IPs also have invalid contact
> information or no abuse / admin information whatsoever on them which I
> believe is against your rules / guidelines.
I'm not an expert on RIPE policy / rules, but the invalid contact info would probably be a breach and you can report it to RIPE.
The lack of an abuse contact wouldn't be a breach of any rules that I'm aware of
Regards
Michele
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/http://blog.blacknight.com/http://blacknight.mobi/http://mneylon.tel
Intl. +353 (0) 59 9183072
US: 213-233-1612
UK: 0844 484 9361
Locall: 1850 929 929
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
------------------------------
Message: 3
Date: Sun, 30 Oct 2011 14:39:30 -0400
From: Chris <caldcv(a)gmail.com>
Subject: Re: [anti-abuse-wg] RIPE Abuse
To: anti-abuse-wg(a)ripe.net
Message-ID:
<CAPF5agcgvrayj41-kO6B5nGeNzjS59VG29YMV5ARN26z5Kc9fQ(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Whats the proper way to report to RIPE for invalid contact info?
------------------------------
Message: 4
Date: Sun, 30 Oct 2011 18:52:00 +0000
From: "Michele Neylon :: Blacknight" <michele(a)blacknight.ie>
Subject: Re: [anti-abuse-wg] RIPE Abuse
To: Chris <caldcv(a)gmail.com>
Cc: "anti-abuse-wg(a)ripe.net" <anti-abuse-wg(a)ripe.net>
Message-ID: <F0F29C9D-0077-435E-868F-1CE25A4B3024(a)blacknight.com>
Content-Type: text/plain; charset="us-ascii"
I'd try the contact page on the ripe site
Mr. Michele Neylon
Blacknight
http://Blacknight.tel
Via iPhone so excuse typos and brevity
On 30 Oct 2011, at 18:40, "Chris" <caldcv(a)gmail.com> wrote:
> Whats the proper way to report to RIPE for invalid contact info?
>
------------------------------
Message: 5
Date: Mon, 31 Oct 2011 08:28:41 +0000
From: Florian Weimer <fweimer(a)bfk.de>
Subject: Re: [anti-abuse-wg] RIPE Abuse
To: Chris <caldcv(a)gmail.com>
Cc: anti-abuse-wg(a)ripe.net
Message-ID: <824nypmuo6.fsf(a)mid.bfk.de>
Content-Type: text/plain; charset=iso-8859-1
* Chris:
> XSServer, a German virtual private server / dedicated server hosting
> provider, is starting to be the new king when it comes to ignored
> abuse complaints.
Have you brought this to the attention of the folks at
optimate-server.de?
(I'm not saying that it would help, I'm just trying to get a more
complete picture.)
--
Florian Weimer <fweimer(a)bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra?e 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
------------------------------
Message: 6
Date: Mon, 31 Oct 2011 09:17:51 +0000
From: Brian Nisbet <brian.nisbet(a)heanet.ie>
Subject: Re: [anti-abuse-wg] RIPE Abuse
To: anti-abuse-wg(a)ripe.net
Message-ID: <4EAE67BF.7030205(a)heanet.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Chris,
Chris wrote, On 30/10/2011 18:18:
>
> I have noticed also that a lot of RIPE IPs also have invalid contact
> information or no abuse / admin information whatsoever on them which I
> believe is against your rules / guidelines.
>
> Thank you and thank you for Vesna for recommending this mailing list
> for me. I just imagine a day we rely on blacklists and rely more on
> providers fixing the problems themselves, rather than having any
> incompetent government intervene to cause more problems to "fix the
> problem"
You're not the only person to have noticed and raised this. There is
currently a Task Force examining abuse contact information (due to
report on current progress on Tuesday afternoon) and the NCC will be
reporting on their new abuse contact measures during the session as well.
Hopefully you'll be able to join us (either physically or via the
Internet) on Tuesday and hopefully some, if not all, of your questions
will be answered.
Thanks,
Brian.
End of anti-abuse-wg Digest, Vol 2, Issue 3
*******************************************
