[91102] in North American Network Operators' Group
IP Delegations for Forum Spammers and Invalid Whois info
daemon@ATHENA.MIT.EDU (Mark Foster)
Mon Jul 3 01:16:49 2006
Date: Mon, 3 Jul 2006 17:16:14 +1200 (NZST)
From: Mark Foster <blakjak@blakjak.net>
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--8323328-9187166-1151903774=:31497
Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
I assume the ongoing problems that forum administrators have with people=20
randomly signing up to forums - even closed ones requiring admin approval=
=20
for all accounts - for the purpose of spamming their web urls around the=20
place is an old one.
I run such a forum and have started implementing /16 level bans to try to=
=20
slow them down. Obviously not the best solution.
The forum in question is phpBB (I know - whos isn't) and i'm yet to have=20
time to actually start digging into whether there are better ways of=20
responding to this issue. (Volume isnt prohibitive - yet.)
In the most recent case the IP address space that the website concerned=20
points back to is in the Ukraine and the listed abuse contact is on a=20
domain which is canned due to invalid contact details provided.
My question then is - what happens now? The IP address space is=20
essentially 'untraceable' except perhaps through=20
bandwidth-supplier-agreements or somesuch. Shouldn't IP's with similarly=
=20
invalid contact details be 'suspended' after being given opportunity to=20
provide updated, correct details?
The IP range in question is 195.225.176.0 - 195.225.179.255 and a snippet=
=20
of the whois info provided is as follows:
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
person: Vsevolod Stetsinsky
address: 01110, Ukraine, Kiev, 20=C1, Solomenskaya street. room 206.
phone: +38 050 6226676
e-mail: vs@netcathost.com
nic-hdl: VS1142-RIPE
source: RIPE # Filtered
Forgive the relative noobishness of the question, but I've not had to deal=
=20
with this sort of situation before. Should I be forwarding to RIPE?
--8323328-9187166-1151903774=:31497--
