[91104] in North American Network Operators' Group
Re: IP Delegations for Forum Spammers and Invalid Whois info
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Jul 3 04:08:12 2006
Date: Mon, 3 Jul 2006 03:07:33 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: Mark Foster <blakjak@blakjak.net>
Cc: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.62.0607031710130.31497@maverick.blakjak.net>
Errors-To: owner-nanog@merit.edu
This is a known problem with known solutions. There are RBL's, bayesian
filters, behaviour filters, and what not.
For a phpbb forum I'd suggest a captcha, although that's extremely
annoying.
This is becoming the next (last) spamvertising medium and Google poisoning
medium. I and others spend hours on this issue every day. We even have a
mailing list for this.
Good luck,
=09Gadi.
On Mon, 3 Jul 2006, Mark Foster wrote:
> I assume the ongoing problems that forum administrators have with people=
=20
> randomly signing up to forums - even closed ones requiring admin approval=
=20
> for all accounts - for the purpose of spamming their web urls around the=
=20
> place is an old one.
>=20
> I run such a forum and have started implementing /16 level bans to try to=
=20
> slow them down. Obviously not the best solution.
>=20
> The forum in question is phpBB (I know - whos isn't) and i'm yet to have=
=20
> time to actually start digging into whether there are better ways of=20
> responding to this issue. (Volume isnt prohibitive - yet.)
>=20
> In the most recent case the IP address space that the website concerned=
=20
> points back to is in the Ukraine and the listed abuse contact is on a=20
> domain which is canned due to invalid contact details provided.
>=20
> My question then is - what happens now? The IP address space is=20
> essentially 'untraceable' except perhaps through=20
> bandwidth-supplier-agreements or somesuch. Shouldn't IP's with similarly=
=20
> invalid contact details be 'suspended' after being given opportunity to=
=20
> provide updated, correct details?
>=20
> The IP range in question is 195.225.176.0 - 195.225.179.255 and a snippet=
=20
> of the whois info provided is as follows:
>=20
> remarks: ****************************************
> remarks: * Abuse contacts: abuse@netcathost.com *
> remarks: ****************************************
>=20
> person: Vsevolod Stetsinsky
> address: 01110, Ukraine, Kiev, 20=C1, Solomenskaya street. room 206.
> phone: +38 050 6226676
> e-mail: vs@netcathost.com
> nic-hdl: VS1142-RIPE
> source: RIPE # Filtered
>=20
>=20
> Forgive the relative noobishness of the question, but I've not had to dea=
l=20
> with this sort of situation before. Should I be forwarding to RIPE?
>=20
>=20
