Lack of contact from ORG-LA16-RIPE regarding spam / 46.109.195.227
46.109.195.227 is a well known, abusive IP address that is likely an open proxy used to send out spam messages on Wordpress. I have contacted abuse@lattelecom.lv numerous times and this IP address continues to be abusive. Nameservers for the domain are from Hostkey - RIPE-ERX-141 / AS49335 Domain is xrumerservice.org, which should not be difficult to find online. Anyone care to instruct me how RIPE handles abuse differently than ARIN because this guy is getting pretty annoying when I have 50+ blogs getting 5 messages each from him and if you think Akismet / anti spam plugins are the solution, it has made the problem this much worse and encourages "fast flux" use of IP address, such as with cloud hosting services, to temporarily abuse an IP address and dump it before it gets traditionally blacklisted. -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Chris, Chris wrote, On 18/04/2012 20:54:
Anyone care to instruct me how RIPE handles abuse differently than ARIN because this guy is getting pretty annoying when I have 50+ blogs getting 5 messages each from him and if you think Akismet / anti spam plugins are the solution, it has made the problem this much worse and encourages "fast flux" use of IP address, such as with cloud hosting services, to temporarily abuse an IP address and dump it before it gets traditionally blacklisted.
The information on how to deal with alleged abusive behaviour by RIPE NCC members or resources in the RIPE DB is here: http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming and here: http://www.ripe.net/contact/reporting-procedure Hopefully this helps? Brian. Although
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 18/04/2012 20:54, Chris wrote:
46.109.195.227 is a well known, abusive IP address that is likely an open proxy used to send out spam messages on Wordpress. I have contacted abuse@lattelecom.lv numerous times and this IP address continues to be abusive.
Have you tried to contact CERT.LV? about this? I've not actually passed any incidents their way before but have met with them on several occasions and I understand that they have close links with telecoms providers within Latvia. Please feel free to let me know if there's something I can do to help or introduce you to them. Regards, James - -- James Davis 0300 999 2340 (+44 1235 822340) Senior CSIRT Member Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk+P0FEACgkQjsS2Y6D6yLyxCwEAkqybZdlx2oJ/MwzJkW+T1MiV UCX3vo56XP7PIspEE+IBAOO18zkAsKZEHSmoKx32uNtuU04msSj1/WwIVEc7CxJ+ =ayC8 -----END PGP SIGNATURE----- Janet is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
* Chris:
46.109.195.227 is a well known, abusive IP address that is likely an open proxy used to send out spam messages on Wordpress. I have contacted abuse@lattelecom.lv numerous times and this IP address continues to be abusive.
Isn't this a case for the IPRAs? 46.109.195.227 lies with an unassigned range, it's only allocated.
Thanks for all the replies. I have contacted CERT. As for blocking IP addresses, not a wise solution and blacklisting/blocking has got us to where we are right now.
participants (4)
-
Brian Nisbet -
Chris -
Florian Weimer -
James Davis