Comments on: Blocking Netcathost

by: richard rogers

Sun, 10 Jun 2007 22:52:25 +0000

why talk about the server address? why not the home address? maybe it should be personal.

by: Damn Spam! - Unwelcome new users

Thu, 30 Nov 2006 20:48:13 +0000

[…] The domain names used for the email addresses are all hosted on the same server: 195.225.176.115, which belongs to NetcatHosting in the Ukraine. In other words: Nothing good will be coming from there. […]

by: aLt.F4

Thu, 14 Sep 2006 09:54:53 +0000

Ann, xoomer.alice.it is a perfect example of why NOT to report to the provider, you truly CAN’T. I’m not saying report to EVERY single provider in which you receive spam from, I mean if your unsuccessful the first time with them, sure, don’t waste your time. But if you’re just starting with that provider on spam, why shouldn’t you report?

The thing I am talking about with automated output is to simply get the data for you to give you a leg up on why to report the spam.

Depending on how the system worked, I would ofcourse contribute to the project. But as always, I already have enough under my belt for now

by: admin

Thu, 14 Sep 2006 09:30:45 +0000

To aLt.F4,
It’s not always that easy. Take xoomer.alice.it. I still haven’t sent an abuse complaint to them. Why? Because I can’t find an address to send to, and I can’t find a webform. Why? Because I don’t understand Italian.

And just because your company has a working abuse system, doesn’t mean every other company does.

But I like your idea about software to pull relevant data. The problem is, it would have to be custom fitted to each site if you need to include log snippets too.

Your idea, if implemented, could be a good tool for anti-spammers. Pull out stuff automatically, then send manually. Not sure I’d call it a blocklist, and not sure I’d use those two functionalities together. But something that standardizes complaints, ala Spamcop, might be of interest.

Are you offering to code it too?

by: aLt.F4

Thu, 14 Sep 2006 09:21:07 +0000

The whole issue with automated reporting is it itself is used for spam. I’m not talking about having the script see where to send it to and send it. I’m saying have it output a generic reporting message in which will contain some relevent evidences. I mean sure, get spammed, block the machine, not the whole network!? For people who are into anti-spam, why not just ask the network to block you? If your going to block the whole network, how are you to continue with your anti-spam efforts if you’ve already blocked the whole network? Honestly, When people look at whois, or they have automated programs such as spamcop, they send to ALL email addresses in whois. This is rediculous and completely unneeded. Your spamming the company yourself. There is 1 place to report abuse, that’s the OrgAbuseEmail. If the company your sending to asks that you report via their website, go do that! Why is it so much of a difference for people to report to the companies that they’de rather write a multi page report on the spammer, and respond to commenting parties, and NEVER report it to the provider!? If your having connectivity trouble to a network, you contact the OrgTechEmail. I mean you don’t email all 3 just to get an abuse report in. Abuse is the only division you need to contact.

by: admin

Thu, 14 Sep 2006 08:55:07 +0000

To aLt.F4,
I’ve been thinking I’d like to have something that automatically looks up where to send abuse letters. But there’s a problem with it. The letters would come in such bulk, I’d probably be blacklisted with the webhosts.

But I think I see where you’re coming from - you don’t get enough notice there are bad guys on your network, and you want something like spamcop to make sure you get notified more quickly.

But right now, it’s a bit too theoretical. Like for instance, exactly where does the spam end up? If not on my blog, then how could I complain? Would we have ANOTHER database filled with spam, then? Just asking.

by: aLt.F4

Thu, 14 Sep 2006 01:32:16 +0000

What I’m saying is… What is the point of being so against spam, if your just going to block the ip block of the network, and continue to wait for other spam? Why not build up your filters on the spam you received from that machine and report it off to the provider? How is it such a waste of time if you have it provide you an automated report? I mean you are all generally very smart with handling spam. Why not provide yourself with a nice evidential write-up to send off manually via email or ticket to the provider and see what happens after 48 hours? I mean if you get no response, why not follow up and see if any response comes then? Wait another 24 hours after the followup. If they don’t respond or don’t take any action, take that as means to block the provider’s netblock(s).

I’m sure we’re going to get the “It’s my server, my bandwidth, my time” crap on this one, but if you put so much time in commenting and writing up articles on hosts such as this one, why not send off the 2 emails and give yourself better leverage to promote the blocking of that provider?

by: Vasily Pumpkin

Wed, 13 Sep 2006 19:06:19 +0000

Alt F4, I don’t like your overgeneralisation of how people are blocking offenders. Everyone has a different strategy and eventually chooses what serves the purpose of blocking spam best. But in general I assume, the larger the network chunks that land on block lists the greater the spam problem is.

Regarding your suggestion of having complainants blocked on the hoster site:
Why not simply terminate the spammer? Why not having ToS that make sure to have the right to shutdown people if necessary? If spammers are your preferred choice then of course many people will start blocking the network, because usually LARTing spam friendly services is a waste of time. No one is forcing the people to block these ranges, but if they do nonetheless, they surely have a reason for it.

Vasily

by: aLt.F4

Wed, 13 Sep 2006 16:15:19 +0000

An example of what I was talking about in my previous post would be about Ann’s battle with I believe it was hostgator. They had simply nullrouted traffic to her blog from their entire network. She argued how irresponsible that was and how it only allowed people to continually spam on their network, only now she couldn’t report on it. If your going to simply block a provider’s complete ip blocks, why not just have them block you instead? HeH… Just a thought, I’ll wait a few more minutes for critisizm (Sp?)

by: aLt.F4

Wed, 13 Sep 2006 15:38:52 +0000

One of the things I have come to question quite a bit is, people tend to BLOCK all IP blocks any certain Provider resides in. What is the point of this? Myself, I do not see where or why any dedicated server machine should be transmitting ANY web traffic to another site UNLESS it is reading a news feed to update it’s own site’s news, or to read some other matter on the remote site. Using a dedicated server as means for sending spam or viewing material on another site is completely un-needed. If you want anonimity, use google’s translator or something like that.

We’ve run into this problem with blocking COMPLETE IP blocks for a single machine’s abuse. What is the point of this? Why block a full range for 3-4 abusive IPs? Why not leave the rest of the network available to spam so you can notify the Provider about the abuse? I see no point in the block.