Spammer

Place to discuss anything, almost. No politics, religion, Microsoft, or anything else that I (the nazi censor) deem inappropriate.
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Spammer

Post by Void Main » Wed Mar 24, 2004 8:36 pm

Some crack head signed up for an account this morning just to post a SPAM message. He came in from ppp02-109.dsl.citenet.net (206.123.46.109) and posted some Casino links. It actually looks as if it was automated by looking at all the times from the message log and the Apache log. They appear to have automatically signed up for an account, received the signup message and parsed it and posted the SPAM. It would be extremely cool if people could find better things to do with their time.

Here are the entries in my maillog that have his email address "info1@bridgetocasino.com" the signup message was sent to:

http://voidmain.is-a-geek.net/files/mis ... er.maillog

It also contains his mail server (mail.bridgetocasino.com), etc. Feel free to return the favor by signing him up for all the spam one can handle, or whatever else you might like to do to a spammer.

Here are the web logs that contain his IP address etc:
http://voidmain.is-a-geek.net/files/misc/spammer.weblog

Samspade on domain (Domain just renewed a couple of days ago):
http://www.samspade.org/t/whois?a=BRIDG ... erver=auto

The www/mail and domain name all point to 216.127.78.73 (Hosted on Red Hat Linux by EV1Servers). That address reverses to "ns1.lvvh2.com".

He apparently doesn't know anything about keeping a server up (notice the uptime):

Code: Select all

# nmap -O ns1.lvvh2.com
 
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-24 20:52 CST
Interesting ports on ns1.lvvh2.com (216.127.78.73):
(The 1633 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   open     smtp
53/tcp   open     domain
80/tcp   open     http
106/tcp  open     pop3pw
110/tcp  open     pop-3
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
143/tcp  open     imap
443/tcp  open     https
445/tcp  filtered microsoft-ds
465/tcp  open     smtps
539/tcp  filtered apertus-ldp
593/tcp  filtered http-rpc-epmap
993/tcp  open     imaps
995/tcp  open     pop3s
3306/tcp open     mysql
4444/tcp filtered krb524
8443/tcp open     https-alt
9999/tcp open     abyss
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.174 days (since Wed Mar 24 16:42:53 2004)
 
Nmap run completed -- 1 IP address (1 host up) scanned in 14.911 seconds
Of course with all those open ports what would you expect?

Code: Select all

# telnet bridgetocasino.com 25
Trying 216.127.78.73...
Connected to bridgetocasino.com.
Escape character is '^]'.
220 plesk.ev1servers.net ESMTP
Maybe I should start sending some SPAM of my own. Maybe send some fake forum signup messages, etc.

Enjoy,
Void

Post Reply