{ brad brace } on Sat, 2 Oct 1999 11:53:43 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> the Tom Saylor spam operation. |
Cut and paste the letter below, and send to: [email protected] [email protected] [email protected] [email protected] [email protected] If enough of us complain, this SPAMMER will be TOSsed! It's a NUMBERS GAME! Only a large number of complaints from a large number of users will get any action done. Keep fighting! Kryton Rev. D ---------------------------CUT HERE------------------------------------ CC: [email protected] [email protected] [email protected] [email protected] [email protected] Dear abuse departments: Another @home NNTP server hiijacked? (news.rdc1.ct.home.com 938662944 209.125.171.20) The headers of this SPAM post indicate that this USENET SPAM post originated from @home.net. This USENET SPAM was posted by the same spammer who hiijacked two @home proxys recently- see partial messages below to refresh your memory: --------- Forwarded Message --------- DATE: Sun, 26 Sep 1999 08:26:28 From: David Ritz <[email protected]> To: [email protected] Cc:[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] -----BEGIN PGP SIGNED MESSAGE----- [24.112.94.99] (cr799697-a.rchrd1.on.wave.home.com) is running a wide open proxy to NEWS1.RDC1.ON.WAVE.HOME.COM. This WAVE server is being hijacked by professional spammers. Please take immediate steps to ensure that this proxy is closed. [24.6.164.234] (GRATZ1.DHS.ORG) is wide open to POST. While there's a Leafnode server located at this address, there's nothing on spool, GRATZ1.DHS.ORG feeds upstream, via POST, to NEWS.RDC1.AZ.HOME.COM. Please take immediate step to secure this server. If @HOME is unable to contact there user, it is time to router block this box at port 119. usr10# telnet gratz1.dhs.org nntp Trying 24.6.164.234... Connected to gratz1.dhs.org. Escape character is '^]'. 200 Leafnode NNTP Daemon, version 1.9.4 running at gratz1.dhs.org post 340 Go ahead. . 441 Formatting error, article not posted quit 205 Always happy to serve! Connection closed by foreign host. usr10# getdate 28-Sep-1999 03:43:28 GMT This server is currently being hijacked by Usenet's Public Enemy #1, the Tom Saylor spam operation. ======================================================================= SPAM POST HEADERS: <------------------------------------------------- Path: news1.frmt1.sfba.home.com!newshub1.home.com!news.home.com!news.rdc1.ct.home.com.POSTED!not-for-mail From: Umu Yasvi02 <[email protected]> Subject: Circle Suck Wanted Newsgroups: alt.binaries.nude.celebrities.female, alt.binaries.photography.glamour, alt.binaries.pictures.12hr, alt.binaries.pictures.bigbutts, alt.binaries.pictures.bisexuals, alt.binaries.pictures.black.erotic, alt.binaries.pictures.black.erotic.females, alt.binaries.pictures.bluebird Lines: 447 Message-ID: <[email protected]> Date: Thu, 30 Sep 1999 03:42:24 GMT NNTP-Posting-Host: 209.125.171.20 X-Complaints-To: [email protected] X-Trace: news.rdc1.ct.home.com 938662944 209.125.171.20 (Wed, 29 Sep 1999 20:42:24 PDT) NNTP-Posting-Date: Wed, 29 Sep 1999 20:42:24 PDT Organization: @Work Internet powered by @Home Network Xref: newshub1.home.com alt.binaries.nude.celebrities.female:30638940 alt.binaries.photography.glamour:30032285 alt.binaries.pictures.12hr:30012693 alt.binaries.pictures.bigbutts:30305767 alt.binaries.pictures.bisexuals:30550246 alt.binaries.pictures.black.erotic:30128389 alt.binaries.pictures.black.erotic.females:30590814 alt.binaries.pictures.bluebird:30709741 ======================================================================== This SPAMMER even went as far as attacking an open proxy in Holland! Tom Saylor also used SAIX.NET in South Africa, rmi.net, videotron.net, verio.net, intnet.net, demon.net, multiweb.nl, news-service.com, worldonline.nl, concentric.net, insync.net, and @home.net to flood the USENET with his spam. This is a true whack-a-mole spammer! This spammer's websites are hosted by EXODUS.NET and FLASHHOST.com This particular SPAMMER is bad enough to have several web pages devoted to his SPAMMING. Please see text version of web pages below, so you can get a good idea of what you are dealing with! Although his name is Tom Saylor, he probably used one of his aliases to open this account. In the last month, this Spammer has had accounts terminated at several ISP's. This SPAMMER is using your company as a throwaway account, and will simply start another account at another ISP when you terminate his account with your company. But at least you can stop the flood of complaints YOUR company will recieve! Please take action to stop this SPAMMER. Thanks. SPAMMER'S WEBSITE HOST INFORMATION: <------------------------------- Official name: www.flashergirl.com Addresses: 209.67.60.25 Whois for www.flashergirl.com .com is the global domain of USA & International Commercial (Whois queries for .com domains can be performed at http://rs.internic.net/cgi-bin/whois) whois -h whois.internic.net flashergirl.com The Data in Network Solutions' WHOIS database is provided by Network Solutions for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Network Solutions does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Network Solutions (or its systems). Network Solutions reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Registrant: Eurobahia Partners, Ltd. (FLASHERGIRL2-DOM) P.O. Box 11434 Merrillville, IN 46410 US Domain Name: FLASHERGIRL.COM Administrative Contact: major, ursula (UM76) [email protected] 219-992-9338 Technical Contact, Zone Contact: Domain Registrars (DR619-ORG) [email protected] 516-847-0201 Fax- 000-000-0000 Billing Contact: major, ursula (UM76) [email protected] 219-992-9338 Record last updated on 29-Jul-99. Record created on 04-Feb-99. Database last updated on 19-Sep-99 07:43:34 EDT. Domain servers in listed order: NS.FLASHHOST.COM 209.2.135.2 NS2.FLASHHOST.COM 209.2.135.3 IP block lookup for 209.67.60.25 whois -h whois.arin.net 209.67.60 Exodus Communications Inc. (NETBLK-ECI-5) 1605 Wyatt Dr. Santa Clara, CA 95054 US Netname: ECI-5 Netblock: 209.67.0.0 - 209.67.255.255 Maintainer: ECI Coordinator: Center, Network Control (NOC44-ARIN) [email protected] (408) 486-5000 (FAX) (408) 486-5001 Domain System inverse mapping provided by: NS.EXODUS.NET 206.79.230.10 NS2..EXODUS.NET 207.82.198.150 * Rwhois reassignment information for this block is available at: * rwhois.exodus.net 4321 ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Record last updated on 27-Oct-98. Database last updated on 20-Sep-99 16:19:57 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and nic.mil for NIPRNET Information. (You can find more IP address ownership info at http://ipindex.dragonstar.net/) Traceroute 209.67.60.25 This end is where samspade.org lives 1 206.117.161.1 (206.117.161.1) 167.714 ms 1.788 ms 2 isi-acg.ln.net (130.152.136.1) 2.579 ms 3.136 ms 3 s4-1-1.lsajca1-cr3.bbnplanet.net (4.24.40.13) 5.373 ms 3.862 ms 4 p2-0.lsanca1-ba1.bbnplanet.net (4.24.4.17) 3.232 ms 3.661 ms 5 p7-0.lsanca1-br1.bbnplanet.net (4.24.4.2) 3.400 ms 6.279 ms 6 p2-0.lsanca1-br2.bbnplanet.net (4.24.4.14) 5.378 ms 4.830 ms 7 p2-3.paloalto-nbr2.bbnplanet.net (4.24.5.198) 19.928 ms 20.352 ms 8 p1-0.paloalto-nbr1.bbnplanet.net (4.0.5.65) 22.912 ms 26.166 ms 9 p1-0-0.paloalto-cr9.bbnplanet.net (4.0.2.214) 26.467 ms 29.616 ms 10 ibr02-h8-1-0.sntc01.exodus.net (209.1.169.233) 36.361 ms 37.541 ms 11 dcr04-p0-0.sntc01.exodus.net (216.33.147.65) 23.113 ms 19.814 ms 12 bbr01-g6-0.sntc01.exodus.net (216.33.147.82) 16.755 ms 19.985 ms 13 bbr01-p2-0.sntc02.exodus.net (209.185.249.110) 19.158 ms 18.486 ms 14 bbr02-g4-0.sntc02.exodus.net (216.33.154.132) 17.213 ms 24.028 ms 15 bbr02-p5-0.hrnd01.exodus.net (216.32.173.14) 93.593 ms 101.111 ms 16 bbr01-g4-0.hrnd01.exodus.net (216.33.203.125) 94.397 ms 93.993 ms 17 bbr01-p5-0.jrcy01.exodus.net (209.185.249.213) 100.627 ms 101.283 ms 18 dcr03-g3-0.jrcy01.exodus.net (209.67.45.97) 99.201 ms 99.579 ms 19 rsm01-vlan990.jrcy02.exodus.net (216.32.222.106) 101.027 ms 100.376 ms 20 209.67.60.25 (209.67.60.25) 138.428 ms 100.876 ms This end is where the people you're tracerouting to live HEADERS AND TEXT: TEXT OF SAYLOR'S FORGERIES FAQ: http://howardk.moonfall.com/saylorfaq.html Tom Saylor's Forgeries FAQ Q: Who is Tom Saylor? A: Tom Saylor (a.k.a. Ursula Major) and his associates are currently one of the most notorious Usenet (the newsgroups) spamming operations. It is common for this organization to flood the adult newsgroups with ads for Mr. Saylor's adult sites. Here is a list of some of Mr. Saylor's Adult web sites: 208.2.81.58 (click-through to Saylor's other sites) www.acdcgirl.com www.amateurgynecologist.com www.amateursexphoto.com www.asian-girl-erotica.com www.backdoorgirl.com www.bi-girl.com www.bjgirl.com www.black-girl.com www.classic-erotica.com WWW.flashergirl.com www.female-sex.com www.girlgirllove.com www.girliegirl.com www.girlielesbian.com www.hipgirl.com www.interracialerotica.com www.lesbiansexfun.com www.lingeriegirl.com www.lipstick-lesbian.com www.myeroticdiary.com www.naturalgirl.com www.plumpgirl.com www.pregnanterotica.com www.prettysexygirls.com www.sassygirl.com www.sex-group.com www.slitlickers.com www.splitbeaver.com www.strap-ongirl.com www.toy-sex.com www.twingirlsex.com www.world-premiere.com Mr. Saylor's ads typically contain forged email addresses and/or forged domain names in the "From" line of his posts. Q: Why are these people picking on me? I never did anything to them! A: Mr. Saylor and his associates haphazardly pick domain names and usernames for their ads with out regard to the fact that they are legitimate. Do not take it personally. Basically, they do not care who they victimize. They have been doing this for quite a while now, and there is no reason to believe that they will change this behavior. That is why it is important for you to act. Q: Is there any way to stop these people from violating my email address and/or domain name? A: Yes. Mr. Saylor receives his bandwidth connectivity from NSI Web (NSIWEB.COM/FLASHHOST.COM) in Farmingdale, NY. NSI Web in turn, gets their connectivity from Exodus Communications (EXODUS.NET) in Santa Clara, CA. Exodus has a policy that forbids its customers from transmitting fraudulent information. Here is an excerpt from their acceptible use policy ( http://www.exodus.net/about_us/policies.html ): "Customer will not, and will not permit... Intentionally omit, delete, forge or misrepresent transmission information, including headers, return addressing information and IP addresses or take any other actions intended to cloak Customer's or its users' identity or contact information." Make sure to send a letter of complaint to NSI Web, and Exodus. Include a copy of the newsgroup posting (make sure to include all of the headers) in your complaint. Here are the email addresses to send your complaint to: [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Also, you may want to send Mr. Saylor a personal note and tell him that forging your email address or domain name must cease and desist. You can contact him at: [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Q: Why should I bother sending a complaint? A: Having your email address and/or domain name forged is a serious matter. Not only should you send a complaint to protect yourself, you should send it to help put an end to this organization's abuse and to protect others (many others) from becoming victims too. Q: Where can I get more information on this Tom Saylor character? A: Ed Falk has provided information about Tom Saylor at: http://www.rahul.net/falk/quickref.html#saylor. Also, subscribe to the news.admin.net-abuse.usenet newsgroup where Tom Saylor is often a topic of discussion. Saylor, Tom Porn spammer. Owner of World Premiere porn site. Email [email protected]. 3572 W. State Rd. 10; Lake Village, IN 46349 USA; 219-992-2413, fax 219-992-2644. Aliases include Ursula Major, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]. "[email protected]" address is also used by Pamela Calica (wife?). Business: Central Control Systems, 617 N. 70 E Valparaiso, IN 46383. http://www.centralcontrolsystems.com/saylordesign/ __ The_12hr-ISBN-JPEG_Project since 1994 <<< > episodic ftp://ftp.wco.com/pub/users/bbrace < > eccentric ftp://ftp.netcom.com/pub/bb/bbrace < > continuous ftp://ftp.teleport.com/users/bbrace < > hypermodern ftp://ftp.rdrop.com/pub/users/bbrace < > imagery online ftp://ftp.pacifier.com/pub/users/bbrace < Usenet News://alt.binaries.pictures.12hr/ a.b.p.fine-art.misc Mailing-list: [email protected] / subscribe 12hr-isbn-jpeg Reverse Solidus: http://www.teleport.com/~bbrace/bbrace.html { brad brace } <<<< [email protected] >>>> ~finger for pgp # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]