I assume the ongoing problems that forum administrators have with people randomly signing up to forums - even closed ones requiring admin approval for all accounts - for the purpose of spamming their web urls around the place is an old one.
I run such a forum and have started implementing /16 level bans to try to slow them down. Obviously not the best solution.
The forum in question is phpBB (I know - whos isn't) and i'm yet to have time to actually start digging into whether there are better ways of responding to this issue. (Volume isnt prohibitive - yet.)
In the most recent case the IP address space that the website concerned points back to is in the Ukraine and the listed abuse contact is on a domain which is canned due to invalid contact details provided.
My question then is - what happens now? The IP address space is essentially 'untraceable' except perhaps through bandwidth-supplier-agreements or somesuch. Shouldn't IP's with similarly invalid contact details be 'suspended' after being given opportunity to provide updated, correct details?
The IP range in question is 195.225.176.0 - 195.225.179.255 and a snippet of the whois info provided is as follows:
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
person: Vsevolod Stetsinsky
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
phone: +38 050 6226676
e-mail: vs@netcathost.com
nic-hdl: VS1142-RIPE
source: RIPE # Filtered
Forgive the relative noobishness of the question, but I've not had to deal with this sort of situation before. Should I be forwarding to RIPE?
I don't think RIPE will be that interested.
The address range gets connectivity from someone. I suggest reporting
upstream.
Oh dear upstream is ISPrime -- anyone here think they are anything but a spam
house? Is not then why are they still in NY?
This is a known problem with known solutions. There are RBL's, bayesian
filters, behaviour filters, and what not.
For a phpbb forum I'd suggest a captcha, although that's extremely
annoying.
This is becoming the next (last) spamvertising medium and Google poisoning
medium. I and others spend hours on this issue every day. We even have a
mailing list for this.
Good luck,
Gadi.
Hello,
Forgive the relative noobishness of the question, but I've not had to deal
with this sort of situation before. Should I be forwarding to RIPE?
I don't think RIPE will be that interested.
The address range gets connectivity from someone. I suggest reporting
upstream.
Oh dear upstream is ISPrime -- anyone here think they are anything but a spam
house? Is not then why are they still in NY?
We are very much anti-spam and I will look into Mark's issue - I'm looking through the tickets for abuse@ and there is no email sent in from blakjak@blakjak.net ...
Mark - Please email me off list with whatever issue you're having and I'll have it dealt with, please cc: abuse@isprime.com.
Thanks,
--Phil
I suspect he tried abuse@netcathosting.com which seems to be in rfc-ignorant.
Looks like the server;
195.225.177.31
Has been spewing guest book spam (and wiki spam) out, as a quick google of
"195.225.177.31 nice site" will show hundreds of links, although quite a lot
of it just looks bizarre, and Dshield shows 80,000 odd reports port 80 probes
in the last month from this address.
We've just cleaned up a lot of address book spam promoted sites, so I know it
is relentless and tedious thing to squash.