| View previous topic :: View next topic |
| Author |
Message |
jkcunningham
l33t
Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W
|
 Posted: Mon Jul 28, 2003 3:30 pm Post subject: I'm being attacked - advice? |
 |
|
For the past two days I seem to be under attack from some spammer. There are two messages I receive over and over at intervals of about ten seconds. Here is the full header of one:
Return-Path: <72523.0600@hotmail.com>
Delivered-To: cunningham.net%jeffrey@cunningham.net
Received: from mail.cunningham.net.criticalpath.net [209.231.81.83]
by localhost with POP3 (fetchmail-6.2.3)
for jeffrey@localhost (single-drop); Mon, 28 Jul 2003 08:24:53 -0700 (PDT)
Received: (cpmta 14075 invoked from network); 11 Jul 2003 06:00:12 -0700
Received: from 61.101.121.162 (HELO 61.101.121.162)
by smtp.c000.snv.cp.net (209.228.33.183) with SMTP; 11 Jul 2003 06:00:12 -0700
X-Received: 11 Jul 2003 13:00:12 GMT
From: "Esperanza" <72523.0600@hotmail.com>
To: <jeffrey@cunningham.net>
Subject: What can I do for you today?
Content-Type: text/html;
charset="windows-1251"
X-Bogosity: Yes, tests=bogofilter, spamicity=1.000000, version=0.13.7.2
When I do an nslookup, host and dig on the IP addresses I don't get anything that appears useful. I have already defined a procmail rule to shitcan these things, but I'm thinking I should make some attempt to contact their ISP, and if its spoofed, then contact mine and tell them they need to do something.
What do you think? How do I tell from this header where its coming from and who to contact.
-Thanks.\
-Jeff |
|
| Back to top |
|
 |
Brown Eyed Boy
Tux's lil' helper
Joined: 08 Jun 2003
Posts: 85
Location: England
|
| Posted: Mon Jul 28, 2003 4:16 pm Post subject: |
|
|
Well, you know what website/product/etc. the spam is advertising, so there's (probably) your culprit.
I suppose your options include a legal reprisal - threatening them with legal action - or illegally cracking thier website and replacing the front page with something like "STOP SPAMMING ME OR I'LL DO MORE DAMAGE NEXT TIME" 
~Brown Eyed Boy |
|
| Back to top |
|
|
jkcunningham
l33t
Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W
|
| Posted: Mon Jul 28, 2003 4:31 pm Post subject: |
|
|
| Actually, I don't know anything about them - there is no body to the messages - the header is the only thing I receive. That's why I figure its some kind of attack: there can be no point otherwise that I can see. |
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Mon Jul 28, 2003 5:00 pm Post subject: |
|
|
It looks like 61.101.121.162 is an open proxy.
| Code: | $ whois -h whois.nic.or.kr 61.101.121.162
query: 61.101.121.162
# ENGLISH
KRNIC is not ISP but National Internet Registry similar with APNIC.
The IP address is allocated and still held by the following ISP, or
they did not update whois information after assigning to end-user.
Please see the following ISP contacts for relevant information
or network abuse complaints.
[ ISP Organization Information ]
Org Name : Thrunet Co., Ltd (THRUNET)
Service Name : THRUNET
Org Address : 1337-20 Seocho-2dong, Seocho-ku
[ ISP IP Admin Contact Information ]
Name : Noh myung sun
Phone : +82-2-3488-8452
Fax : +82-2-3488-8777
E-Mail : ip@thrunet.com
[ ISP IP Tech Contact Information ]
Name : YU Hye Sook
Phone : +82-2-3488-8452
Fax : +82-2-3488-8777
E-mail : ip@thrunet.com
[ ISP Network Abuse Contact Information ]
Name : Yang eun won
Phone : +82-2-3488-8452
Fax : +82-2-3488-8777
E-mail : abuse@thrunet.com |
Check out:
http://www3.mail-abuse.org/cgi-bin/nph-ops?query=61.101.121.162
http://njabl.org/cgi-bin/lookup.cgi?query=61.101.121.162 |
|
| Back to top |
|
|
jkcunningham
l33t
Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W
|
| Posted: Mon Jul 28, 2003 5:31 pm Post subject: |
|
|
Thank you. It looks like they have already been contacted about the open proxy.
Does anyone know how to integrate this www3.mail-abuse.org open proxy database with spam filtering? That would be the way to go - have procmail automatically reject anything from any of the open-proxy serving domains.
-Jeff |
|
| Back to top |
|
|
|
Networking & Security
