69.50.170.18
I’ve gotten a LOT of trackbacks lately. But with temperatures hovering in the low eighties, I’ve avoided the computer as much as possible. Now, with a rainy day, it’s time to expose some spammers.
One of the latest, who may be a new one, is now spamvertizing dynamic IP subdomains hosted on 69.50.170.18.
Earlier he was pushing an orgfree.com subdomain, but they booted him. Either for spamming or for having adult content - either is against their rules.
The spam is always coming through 203.116.214.2, which is an open proxy.
User agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.
Payoff:
searchadv.com ID: 10092
There are no domains associated with this spammer, so I can’t track him further yet. I’ll update if/when I get more.
The list of referring/linked clone — casino/gambling — spammer sites directing “traffic” to my own is growing daily such that it now comprises a great deal of my server resources. While the most often used open proxies are now banned at the server firewall level (I have a great webhost who offered to ban the worst and then did at the server level), and although most of any repeat spammer IPA is banned by me from even accessing my site, this one site of mine is now showing huge permutations of casino/gambling crud as to referrers. When visiting those referrers to look at what/who/why, they’re cookie-cutter “sites” of the same gambling crud. However, I can find no links there to my site such that I assume all those links are created by zombie P.C.s? Otherwise, can someone explain who it is who is driving this madness?
I don’t gamble, I don’t write or host anything remotely related to gambling or casinos or anything similar, such that I think what it is is that this particular site of mine is targeted by this spammer crud for malicious reasons. Certainly there’s no content correlation, is my point, and yet the spammer referrers grow. I also never allow spammer trackbacks, nor comments, such that they’ve never managed a foothold on my site, so perhaps by ongoing bans of ongoing zombie IPAs they’re just become incensed?
How does anyone on the internet counter this nuttiness? The “texasholdemcentral.com” one domain is defined easily through a search as follows:
domain: texasholdemcentral.com
Name Servers:
ns1.quiecom.com
ns2.quiecom.com
Server Name: NS1.QUIECOM.COM
IP Address: 66.98.144.73
Registrar: INTERCOSMOS MEDIA GROUP,
INC. D/B/A DIRECTNIC.COM
Whois Server: whois.directnic.com
Referral URL:
http://www.directnic.com
Server Name: NS2.QUIECOM.COM
IP Address: 66.98.144.73
Registrar: INTERCOSMOS MEDIA GROUP,
INC. D/B/A DIRECTNIC.COM
Whois Server: whois.directnic.com
Referral URL:
http://www.directnic.com
Registrant:
quiecom
210 Pioneer dr.
Pontiac, MI 48341
US
248-202-2397
Domain Name: QUIECOM.COM
Administrative Contact:
polerecky, eric eric@quiecom.com
210 Pioneer dr.
Pontiac, MI 48341
US
248-202-2397
Technical Contact:
polerecky, eric eric@quiecom.com
210 Pioneer dr.
Pontiac, MI 48341
US
248-202-2397
Record expires on 08-13-2005
Record created on 08-12-2002
Domain servers in listed order:
NS1.QUIECOM.COM 66.98.144.73
NS2.QUIECOM.COM 66.98.144.73
Administrative Contact:
Quiecom Internet Services
Eric Polerecky (eric@quiecom.com)
+1.2483790445
Fax: na
210 Pioneer Dr.
Pontiac, MI 48341
US
Billing Contact:
Quiecom Internet Services
Eric Polerecky (eric@quiecom.com)
+1.2483790445
Fax: na
210 Pioneer Dr.
Pontiac, MI 48341
US
Technical Contact:
Quiecom Internet Services
Eric Polerecky (eric@quiecom.com)
+1.2483790445
Fax: na
210 Pioneer Dr.
Pontiac, MI 48341
US
Registrant Contact:
Quiecom Internet Services
Eric Polerecky (eric@quiecom.com)
+1.2483790445
Fax: na
But who do individuals complain to? It looks like the entire ISP is the spammer from those stats, if I read them correctly. I just googled “quiecom.com” and I read that some people who have bravely telephoned the ISP get “a woman with a thick foreign accent” who just may be feigning sympathy by then giving them another tel. number that rings an answering machine (like that really helps anyone out)…
Any ideas? I think I can honestly speak for the internet in general that I am completely tired of casino/gambling/”texas holdem”/texasholdemcentral.com crap. I don’t even understand what their point is at this point other than harassment of everyone else. If there’s one thing on the internet I would never, ever do, at this point, it is visit any site remotely related to ‘texasholdem’. It’s like marketing gone mad: stay away, stay away, don’t visit us! Um, alright, I won’t.
Ideas?
Hi S,
First of all, it’s not personal, and it’s not malicious in a personal manner. They’re not after YOUR site. They do this to thousands of sites. The point is hitting at least a few sites with public referrers.
Read up on linkspam and referrer spam:
http://spamhuntress.com/wiki/Spam_types
As to who individuals can complain to… How about your congress man? Because until linkspam gets the same status as e-mail spam, we’re not going to win the war. They’re going to keep doing it. Also, most linkspammers are from east block countries, such as Russia. Their favorite webhosts are spam supporters.
The example you brought is a site that’s hosted on EV1. We’ve sent loads of complaints to them, and nothing has worked. My experience is that the only thing that registers with them is if you wait until they try to get some IP numbers out of the SPEWS blocklist, and then reply to that thread on NANAB on usenet, telling all and sundry that they shouldn’t be unblocked because they’re harboring spammers.
I actually don’t think EV1 ARE spam lovers. My site is on there even. I think they try to avoid doing anything about spam unless forced to. It’s possible because they consider the abuse department waste of money, I don’t know.
As for the person that someone talked to, I’d have to know what webhost that was in relation to in order to offer any constructive comments.
Thanks for all that…about that phone call, I google’d the two terms, “spam” and “quiecom.com” and then a number of the first ten/fifteen links and found someone corresponding as having called the phone number published, and then all the rest. However, I wasn’t expecting you to comment on that, I was just writing that information, having just read the other, via google.
That information you’ve shared here, however, probably identifies most of the volume of the texasholdem/casinogambling spam — which is just volumes upon volumes of spam. Thanks for all the information, although from what you write, I doubt me complaining would amount to much. I think it’s going to take a far larger organization than this lone site admin./user here to make a point. Primarily, groups such as that won’t respond to reason and will continue their bad deeds regardless of complaints. In which case, some government/utility has to either remove their wiring and/or remove them from wiring, if I make myself clear.
Thanks, though, for those helps. As to the volume I mentioned increasing substantially, in that sense, it IS “personal” although not specifically so, in that the volume one of my sites was receiving increased dramatically/substantially, after I wrote a complaint about that type of spam on a spam forum…their form of “punishment” and/or retaliation, I guess, for whoever draws attention to their sites in reference to that particular type of spam.
Complaining does help. Generally I’d say use an e-mail address that has good spam filtering, just in case. Then send complaints. BUT, you need to do thorough research first. I’ve seen cases of complaints sent to upstream providers who ignore them, because they say they’re not the hosting company.
Case in point, Atrivo (upstream) and ESThost (webhost). Then there was MCI who kept saying Send-Safe was hosted on a downstream provider. We never found out exactly who.
Some downstream providers try to hide, and many do very efficiently. They don’t want abuse complaints.
But back to complaining.
I’ve found that the more leverage you can get, the more it helps. Leverage comes in many forms. For the most part, it’s a game. And the name of the game is consequences. Some of these webhosts are spam supporters, maybe even spam lovers. As long as the spam is linkspam (which comprises LOTS of different forms, but not e-mail spam). Some of these hosts WANT to keep the linkspammers when possible. The only way to get some of them to lose the spammers is when the consequences become to grave, so the price the spammers pay for the hosting isn’t enough to cover the downside.
That’s why I said to contact your congressman. Ultimately, we need to go that route. I’m in a different country (Norway), one where an untested law could stretch to include linkspam under the same language as e-mail spam. So you who are in the US (or even Russia), would be better situated to inform legislators about this.
First please let me point out that the google search and spam references you mention which pertain to information about the following:
http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0905.html
Is a posting I made “Bones” about a virus outbreak in 2003? I uploaded a copy of the virus text to my site so I did not have to include it in the email message (it would be filtered by AV software). I was trying to protect my customers from such spam; please read the posts before making assumptions.
Second, why on gods earth would I spam people for a site with no content?
Third, why would you not at least contact Quiecom about the alleged spam? With a great deal of hosting customers on shared servers, if one of our customers where spamming, it would jeopardize the whole server.
Also, yes http://texasholdemcentral.com/ is registered to me but I assure you there has been nothing done with the site in months. Did you even happen to look at the email headers to find out where the spam was coming from?
Really, I think you should do some more investigative work before you create a neat-o little site about how you hate spam. Especially if you are going to allow your users to post whois information.
PS: in case someone was using an insecure php script included in mambo I’ve disabled the site.
I don’t know how the poster zeroed in on your operation. Never got that part. And it’s not something I went after personally. As for whois information, it’s public information.
rooney555us@yahoo.com i neeps you to send me smap, lots of it