1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Revenge of the SPAMed!

Discussion in 'Virus & Other Malware Removal' started by bassetman, Feb 6, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    I have one particularily annoying peice of SPAM that manges to come everyday even though I have blocked sender!
    Sooo last night I went to Geektools.com, used whois and used the domain name I got from message properties.

    I found the owner of the domain as well as domain host, technical contact etc (even have a toll free # :D )

    I am now going to forward every piece of SPAM I get from them to everyone on that list. I may even forward every peice of SPAM I get to them! :D

    The offender is 00fun.com
    Here is THEIR contact info [email protected] ;[email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]

    Care to add your most hated SPAMMER to a list here? :D

    "It's not nice to fight, so if you fight, don't fight nice"!
     
  2. joe2cool

    joe2cool

    Joined:
    Feb 7, 2002
    Messages:
    5,994
    Good 1 BASSETMAN ;)
     
  3. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Thanks! I hope we can get a grass roots revolt going here! :D
     
  4. joe2cool

    joe2cool

    Joined:
    Feb 7, 2002
    Messages:
    5,994
  5. suzi

    suzi

    Joined:
    Dec 27, 2002
    Messages:
    362
    Way to go Bassetman! :D

    I do almost the same thing. I do a whois lookup of the domain name and forward a complaint along with the header of the email and the email itself to the contacts listed. The other thing I do is do a dns lookup to see who the website's host is. The whois lookup will say the DNS, for example - NS1 THEHOST.COM
    NS2 THE HOST.COM, (or sometimes it will show the actual IP address of the DNS. If it shows the IP address, you can look it up with ARIN whois and it will tell you the name of the hosting company. If it doesn't have an abuse reporting email address listed there, I will go to the website of the hosing company and look for an abuse reporting email address there, also read their Acceptable Use Policy; sometimes I will copy and paste the portion of the AUP or TOS into my complaint and send it there also.

    You can look up the DNS name at this site:

    http://www.dataphone.se/~astilbe/inetcheck/

    After you get the IP address of the host, then look it up with ARIN whois to see the name of the hosting company.

    Some hosting companies will terminate the account the the website will be down and out of business - for a few days at least until they get a new one.

    My most hated spammer...I have never had a recurrent one like yours. I have got a lot of spams from a site called the perfecthealthgroup.net. The ones that *really* tick me off are the ones trying to sell email addresses to spammers so they can do more spamming. :mad:

    If you want to read my I Hate Spam page on my website, it might give you some more ideas on how to fight these **##XX**'s.

    http://www.netrn.net/fight_spam.htm

    My friend put a list of the people who spam him on his website, and some of them have sent him threatening emails... :D

    http://www.burzurq.com/spam/spam.html
     
  6. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Thanks :D

    Plenty of good information there!
     
  7. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Hi John!

    Sorry I took so long to reply but I found it hard to add to what has already been spread about this entire issue of computer freedoms and privacy.

    I feel the spam issue is strongly linked to that of Spyware. For those of you that are interested please read my Spyware thread HERE!

    It is still my opinion that the profit mongers that truly run our countries actually support this vile crap. The business motto: "Never let a sense of morals or fair play get in the way of profits!".

    I put up a challenge and nobody answered. And don't be surprised to in believing that there are members here that actually support spyware and spam and are silent on this protest in the hopes that it will go away and die without support.

    Yes, some brainwashed robots actually think that the profit pimps have more rights than you do. They are business driven and represent the true spirirt of what makes your nation "great", while you are mere consumers. Shame on you for not swallowing their filth and putrid products without complaint. As long as you have your elected politicians in bed with these business pimps your interests and rights will always be compromised in the name of the almighty buck.
     
  8. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    just a note, I forwarded some SPAM to the Hostmaster of the site the SPAM was coming from. I had to reply to an auto reply so that he was sure it wasn't SPAM before he would accept it! :D

    Of course I replied! :D

    John
     
  9. buf

    buf

    Joined:
    Nov 4, 2001
    Messages:
    1,998
    I don't really know the "ins and outs" of Spam--I know that I do NOT like getting it!! For FWIW department, here is something I copied to my PC a long time ago, entered those sites listed in the designated place and haven't had a lot of interference from them. I have to add that I don't recall where I got this from but using it may help you--I don't see how it can hurt. Good luck:

    Q. Well how can I kill off the bad cookies but retain the useful ones?
    A. This is what I've done. I'll explain how to do it in Internet Explorer 5.01, since that's the browser I use. First you have to identify the bad guys.

    Q. How do I do that?
    A. Go into IE and select Tools | Internet Options... Under Temporary Internet Files, click Settings... In the box that pops up, look at Current location, and write this down. Click Cancel. Click Delete Files... Click OK. Click OK again. Now open up Windows Explorer and navigate yourself on over to that directory with all them Temporary Internet Files in it.

    Q. How do I do that?
    A. Look this isn't a Windows tutorial. Some stuff you'll have to learn on your own. After you get there, you should pretty much have just cookies in it because you deleted everything else, remember?

    Q. How can I tell what's a cookie?
    A. It'll have the little text document icon next to it and will start with the word "Cookie." Easy enough? Now you're going to go through these one by one and do one of three things with each one.

    Q. What's that?
    A. If it's a site you trust, that you use often, and that you want to be able to identify you and personalize content for you, leave the cookie alone. Write down the name of the domain, though, on a piece of paper labeled "Trusted Sites." (The domain is just a general area owned by the site. For example, if you have a cookie from "www.amazon.com," just write down "*.amazon.com"--the "*" is a wildcard character and means literally anything ending in amazon.com.)

    Q. What's the next category?
    A. The next category is what I call nuisance cookies. You don't really recognize the site, or use it often, but somehow it's put a cookie on your machine anyway. If you can't link it to advertising or web statistics or something evil, it's just a nuisance cookie. Just delete these. Right-click on the cookie and choose Delete. Confirm that you want to delete the cookie. You don't need to write anything down.

    Q. OK, and the third category must be the bad stuff, right?
    A. Correctamundo. Anything you can link to an ad company or something that tracks your movements across the web goes in this category. Write the domain name down on another piece of paper labeled "Restricted Sites" and delete these cookies like there's no tomorrow. These are the little guys that have been following you around the web. You've just cut them off.

    Q. That's great, but won't they come right back, like some kind of electronic plague?
    A. That's where the next step comes in. Open up Internet Explorer and go back to Tools | Internet Options... Click on the Security tab at the top. Click on the little "Do Not Enter" sign that says Restricted Sites. We're going to restrict these anti-social sites because they can't behave. Now click on the Sites... button. Start adding all those domains you copied down on your Restricted Sites list.

    Q. OK, all done, what now?
    A. Click OK to close the restricted sites. Click on Trusted Sites and do the same procedure to add all your Trusted Sites in there.

    Q. Where is all this leading?
    A. Well, we're classifying sites. What we're gonna do is set it so that IE won't accept any more cookies from the restricted sites. To do that, click on Restricted Sites again. Verify that the security level is set to high. If it's not, click Default Level. Now it should be. Then, go to Trusted Sites and verify that the security level there is set to medium. If not, click on Default Level again. Now move the slider from low to medium. That will allow your Trusted Sites to place cookies on your machine without asking you first.

    Q. What about all the other sites out there that aren't either Trusted or Restricted?
    A. Well, that's next. We want to set those sites to be able to set temporary cookies without asking you but force them to ask before putting permanent cookies on your hard drive. We do that by setting the security level to medium in the same way that we set the level for Trusted Sites. Click on the little globe Internet icon. Now, click on Custom Level... Scroll down to the Cookies section and change "Allow cookies that are stored on your computer" from Enable to Prompt. Click OK twice to close all the dialogs. Now all other random internet sites will have to ask before placing cookies on your machine, and you'll have the choice of accepting them or declining them.

    Q. OK, I found a lot of bad cookies on my machine. How does my list compare to yours?
    A. Here's my most up-to-date list of bad guys:

    *.adforce.com *.adknowledge.com
    *.admaximize.com *.admonitor.net
    *.adsmart.net *.adsoftware.com
    *.advertising.com *.affina.com
    *.ap-adcenter.net *.aureate-im.com
    *.aureate.com *.avenuea.com
    *.bankads.com *.beseen.com
    *.bfast.com *.bnex.com
    *.burstnet.com *.centrport.net
    *.ads.cimedia.com *.click2net.com
    *.clickagents.com *.commission-junction.com
    *.datais.com *.doubleclick.com
    *.doubleclick.net *.engage.com
    *.engageaudience.net *.enliven.com
    *.eu-adcenter.net *.flycast.com
    *.focalink.com *.hitbox.com
    *.ads.home.net *.hyperbanner.net
    *.imgis.com *.link4ads.com
    *.linkexchange.com *.linksynergy.com
    *.livestat.com *.maximumpcads.com
    *.maximumpcads.net *.mediaplex.com
    *.mediasynergy.com *.adserver.monster.com
    *.narrowcastmedia.com *.networkedbanners.com
    *.ngadcenter.com *.preferences.com
    *.radiate.com *.registration-server.com
    *.sabela.com *.targetnet.com
    *.track-star.com *.track4.com
    *.utopiad.com *.valueclick.com
    *.webconnect.net *.webtrends.com
    *.webtrends.net *.webtrendslive.com
    *.worldbannerexchange.com *.ads1.zdnet.com
    *.ads2.zdnet.com *.ads3.zdnet.com
    *.ads4.zdnet.com

    Q. Wow! That's a LOT of sites. Do I have to type them all in?
    A. Hey! I had to painstakingly scour two years worth of cookies to extract those domains for you. I had to go to their sleazy websites to confirm that they really were ad tracking slimeballs. Then, I had to type each one of them in manually. Not to mention re-typing them here for your reference! However, you could cut-and-paste them, rather than trying to type them all.
     
  10. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    John
    Guess what! Just last night my Wife Judy sent me a link via 00fun.com e-mail procedure:eek:! Within minutes of receiving the E-mail from 00fun .com I received another spammer from 00fun.com:(.
    Seems Judy and I are now the on list:confused:!!!! Oh well I guess we see how well Mailwasher works:mad:!

    Dave
     
  11. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Hey but, nice info, especially that list.

    Dave Welcome to the nightmare of oofun.com! :rolleyes:

    Hope window washer works for ya!

    John
     
  12. suzi

    suzi

    Joined:
    Dec 27, 2002
    Messages:
    362
    Here is my current most hated spammer -

    Registrant:
    Freed, Dan (SRCGNTVSAD)
    2607 Freed Avenue
    Royersford, PA 19464
    US

    Domain Name: WORKATHOMEOPPSS.COM

    Administrative Contact, Technical Contact:
    Freed, Dan (UBBLFJCYYI) [email protected]

    2607 Freed Avenue
    Royersford, PA 19464
    US
    555-555-5555

    Record expires on 22-Jan-2004.
    Record created on 22-Jan-2003.
    Database last updated on 7-Feb-2003 23:06:24 EST.

    Domain servers in listed order:

    NS1.PROGOLDHOSTING.COM 69.6.1.2
    NS2.PROGOLDHOSTING.COM 69.6.1.3

    I have gotten several spams in the last 3 days promoting this outfit. Some of them were from IP addresses is Korea and one from Homg Kong. I think these people get my email address from my website.

    This Dan Freed, jerk, used a fake phone number and address to register the domain name. I looked up the address shown in Mapquest and it's not a valid address. I tried to send an abuse report to the hosting company, progoldhosting.com and it was returned. Their website hardly has anything on it. I'm betting they are part of the spam business.

    I didn't go look at the website, I might go look at using a proxy to hide my IP address.

    These owners of these business and websites that recruit spammers and sell the email lists are the ones who most need to be stopped.

    If you look at this site:

    http://www.spamhaus.org/rokso/index.lasso

    It has interesting info about the big spam organizations and how they use aliases, change webhosts quickly etc. etc. to keep them selves in the spam business. I bet this Dan Freed is in that category.
     
  13. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Seeing he is using a hotmail email address as his contact email you could:

    Forward all the SPAM to him there, and
    Send a note to [email protected] , they want the original email want you to use the email addreess that it was sent to you under (if I remember right) when you send it to them.


    I decided to try going one level deeper and I think I found something worthwhile! ;)

    Registrant:
    Goldberg & Co. Corporation (PROGOLDHOSTING-DOM)
    1630 N.W. 108 Avenue
    Miami, FL 33172
    US

    Domain Name: PROGOLDHOSTING.COM

    Administrative Contact, Technical Contact:
    Goldberg & Co. Corporation (EKFFAHCRRO) [email protected]
    Goldberg & Co. Corporation
    1630 N.W. 108 Avenue
    Miami, FL 33172
    US
    305-591-2200

    Record expires on 23-Jul-2003.
    Record created on 23-Jul-2002.
    Database last updated on 8-Feb-2003 14:36:06 EST.

    Domain servers in listed order:

    NS2.PROGOLDHOSTING.COM 69.6.1.3
    NS1.PROGOLDHOSTING.COM 69.6.1.2

    The domain host has an abuse contact too! :D
     
  14. suzi

    suzi

    Joined:
    Dec 27, 2002
    Messages:
    362
    John,

    That's the email address that I keep getting my complaints returned from. I think they are part of the spam scam. If you look at progoldhosting.com's website, it hardly has anything on it. I also looked up the IP address of their DNS and it's another company,

    Search results for: 69.6.1.2

    OrgName: WholesaleBandwidth, Inc.
    OrgID: WHOLE
    Address: 8318 Assembly Way
    Address: Suite 301
    City: Mechanicsville
    StateProv: VA
    PostalCode: 23116
    Country: US

    NetRange: 69.6.0.0 - 69.6.63.255
    CIDR: 69.6.0.0/18
    NetName: WHOLE-2
    NetHandle: NET-69-6-0-0-1
    Parent: NET-69-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.WHOLESALEBANDWIDTH.COM
    NameServer: NS2.WHOLESALEBANDWIDTH.COM
    Comment:
    RegDate: 2002-11-21
    Updated: 2002-11-21

    OrgAbuseHandle: ABUSE71-ARIN
    OrgAbuseName: Abuse Department
    OrgAbusePhone: +1-866-212-3673
    OrgAbuseEmail: [email protected]

    OrgNOCHandle: NOC197-ARIN
    OrgNOCName: Network Operations Center
    OrgNOCPhone: +1-866-212-3673
    OrgNOCEmail: [email protected]

    OrgTechHandle: SUPPO14-ARIN
    OrgTechName: Customer Support
    OrgTechPhone: +1-866-212-3673
    OrgTechEmail: [email protected]

    So this progoldhosting.com is getting their web space from wholesalebandwidth.com. I cc'd their abuse reporting address on my complaints.

    I think these spammers start their own hosting companies, like progoldhosting, by leasing from a bigger company.

    It's like the spam mafia or something.

    I wonder if that hotmail address is even valid. I included it on my cc's with the spam complaint. Next time, I will add [email protected] to the cc list also :D

    I cc all this stuff to the ftc also. Supposedly they put them into a data base and go after the most problematic ones.
     
  15. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten Thread Starter

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Cool, I hadn't thought of that! :cool:

    Can we have their email? :D

    I have received answers from abouse at hotmail.

    John
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/117394

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice