Saturday, August 05, 2006

a (somewhat) brief program note

I've started getting comment spam again, over the last couple of weeks. Turns out that captcha/"word verification" was off, although I don't recall doing that, so I choose to blame Google for screwing that up. I've turned captchas on again, and I humbly apologize for the inconvenience, in the unlikely event you've ever felt like commenting here, and in the even more unlikely event that the captcha deterred you from commenting. Or whatever.

The most egregious spammer was/is someone who kept posting anonymous comments to randomly selected posts of mine, all of which read simply "Here are some links that I believe will be interested", with "Here" a link to various (allegedly) Austrian domains: weel.at or iover.at.

So I'm going to play the name-and-shame game again, in the hope that random spambots visiting this page might harvest so-and-so's email address and give 'em a taste of their own medicine. I mean, if the following info is 100% bogus I wouldn't be exactly surprised, but this is what I've got right now:

The WHOIS data for weel.at:

domain: weel.at
registrant: DM2389844-NICAT
admin-c: HT2389845-NICAT
tech-c: ESA2389846-NICAT
zone-c: ESA2389846-NICAT
nserver: ns1.eurodns.com
remarks: 80.92.65.2
nserver: ns2.eurodns.com
remarks: 80.92.67.140
changed: 20060725 18:26:50
source: AT-DOM

personname: Dillon Matthew
organization:
street address: 504 Skyway Rd
postal code: 38125
city: Memphis
country: USA
phone: +17430546134
e-mail: webmaster@reesellclub.net
nic-hdl: DM2389844-NICAT
changed: 20060725 18:26:49
source: AT-DOM

personname: Holeksa Tomasz
organization:
street address: ul. Ogrodowa 547
postal code: 34-382
city: Wieprz
country: Poland
phone: +48601822577
e-mail: tomasz@holeksa.com
nic-hdl: HT2389845-NICAT
changed: 20060725 18:26:49
source: AT-DOM

personname: Goubet Pierre-Yves
organization: EuroDNS S.A.
street address: 41, z.a Am Bann
postal code: L-3372
city: Leudelange
country: Luxembourg
nic-hdl: ESA2389846-NICAT
changed: 20060725 18:26:49
source: AT-DOM

A bit of googling indicates the Memphis TN address is bogus, and the associated ph# is obviously bogus as well, since US phone prefixes never start with zeroes, and there's no such thing as area code 743.

The WHOIS info for iover.at:

domain: iover.at
registrant: OB2389808-NICAT
admin-c: HT2389809-NICAT
tech-c: ESA2389810-NICAT
zone-c: ESA2389810-NICAT
nserver: ns1.eurodns.com
remarks: 80.92.65.2
nserver: ns2.eurodns.com
remarks: 80.92.67.140
changed: 20060725 18:18:47
source: AT-DOM

personname: Oddie Benjamin
organization:
street address: 778 Hill Road
postal code: 75224
city: Dallas
country: USA
phone: +12462031534
e-mail: webmaster@reesellclub.net
nic-hdl: OB2389808-NICAT
changed: 20060725 18:18:46
source: AT-DOM

personname: Holeksa Tomasz
organization:
street address: ul. Ogrodowa 547
postal code: 34-382
city: Wieprz
country: Poland
phone: +48601822577
e-mail: tomasz@holeksa.com
nic-hdl: HT2389809-NICAT
changed: 20060725 18:18:47
source: AT-DOM

personname: Goubet Pierre-Yves
organization: EuroDNS S.A.
street address: 41, z.a Am Bann
postal code: L-3372
city: Leudelange
country: Luxembourg
nic-hdl: ESA2389810-NICAT
changed: 20060725 18:18:47
source: AT-DOM

A traceroute shows both domains hosted under dllstx5.theplanet.com, and I'm guessing "dllstx" means Dallas, Texas. The "778 Hill Road" address listed in Dallas appears to be bogus, and there's no area code 246, in Texas or elsewhere.

So let's pursue the domains listed by the contacts listed above. Here's the info for resellclub.net, such as it is:

Registrant:
Contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA

Domain name: RESELLCLUB.NET

Administrative Contact:
contactprivacy.com, resellclub.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Technical Contact:
contactprivacy.com, resellclub.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457

Registration Service Provider:
Tucows.com CO, tucowspark@tucows.com
416-535-0123

Registrar of Record: TUCOWS, INC.
Record last updated on 08-Mar-2006.
Record expires on 28-Jan-2007.
Record created on 28-Jan-2005.

Domain servers in listed order:
NS1.RENEWYOURNAME.NET 216.40.33.30
NS2.RENEWYOURNAME.NET 216.40.33.35

Resellclub appears to be using an IP address somewhere in Canada, perhaps, although this is not 100% certain.

Here's the info for holeksa.com:

DOMAIN: HOLEKSA.COM

RSP: Az.pl s.j. Albert Jerka, Andrzej Kostrzewa
URL: http://www.az.pl

created-date: 2005-10-03
updated-date: 2005-10-03
registration-expiration-date: 2006-10-03

owner-contact: P-TFH95
owner-fname: Tomasz
owner-lname: Holeksa
owner-street: Ogrodowa 547
owner-city: Wieprz
owner-zip: 34-382
owner-country: PL
owner-phone: +48.601822577
owner-email: naytro@poczta.fm

admin-contact: P-TFH95
admin-fname: Tomasz
admin-lname: Holeksa
admin-street: Ogrodowa 547
admin-city: Wieprz
admin-zip: 34-382
admin-country: PL
admin-phone: +48.601822577
admin-email: naytro@poczta.fm

tech-contact: P-TFH95
tech-fname: Tomasz
tech-lname: Holeksa
tech-street: Ogrodowa 547
tech-city: Wieprz
tech-zip: 34-382
tech-country: PL
tech-phone: +48.601822577
tech-email: naytro@poczta.fm

billing-contact: P-TFH95
billing-fname: Tomasz
billing-lname: Holeksa
billing-street: Ogrodowa 547
billing-city: Wieprz
billing-zip: 34-382
billing-country: PL
billing-phone: +48.601822577
billing-email: naytro@poczta.fm

nameserver: ns1.itcg.pl
nameserver: ns2.itcg.pl


Pozcta.FM is just a web-based email outfit a la Hotmail, so that's a bit of a dead end, too.

So we may be out of luck this time, but let's try to make lemonade out of lemons if we can. There is a Wieprz in Poland. It's not clear there's a town by that name, but at least there's a river, and a general vicinity by that name, and if you read Polish you can learn all about it at wieprz.pl (with some very nice photos, even if you don't read Polish). Seems like a very nice place, if the pictures are any indication.

The little town of Leudelange (or Leideleng), really exists too, in the deep south of Luxembourg. The town's official website is here. Again, seems like a very nice little village.

My hope here, and I admit it's a rather dim one, is that the authorities in either or both towns will somehow come across this post, realize that I'm encouraging my vast readership to visit their towns and spend lots of money. (Which I'm totally doing here: If you visit either town, be sure to spend lots and lots of money.) In undying gratitude, the local authorities track down the offending malefactors, and do whatever it is the EU does to evil criminal spammer masterminds these days. Perhaps secretly "rendering" them off to Guantanamo or something, which would be ok, naturally. I mean, they're spammers. They're barely even human. Once that's done, said authorities would let me know all about it, so I can have that all-important feeling of closure, and some fun fresh material to post here as well.

Anyway, to make a long story short, I've turned word verification on, and I'm sorry, and I may turn it off again if I think the spamstorm has passed, but I'm not making any promises just now.



I've also gotten broken-English spam advertising the business-portal.ws and games-center.ws domains. This spammer was a little smarter and registered both domains via Domains by Proxy, so it's hard to tell who's behind this. A traceroute doesn't reveal much of anything useful either. Bastards. Like I've said before, it amazes me that doing everything possible to hide from your potential customers is a viable business strategy. I guess it only takes one gullible bozo with a valid credit card to pay for the whole thing, but still. What a ridiculous business to be in.

No comments :