Re: [anti-spam-wg] Spam coming from ripe.net IP's


Dear Pieter,

If your properly check the whois records, you will find out the proper spammer, which is OBVIOUSLY NOT RIPE.

# whois -B -G 193.53.87.113
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum:        193.53.87.0 - 193.53.89.255
netname:        Connect2IP-NET02
descr:          Infinite Technologies
remarks:        Use in Capgemini/ TeleCity IDC Facility
country:        IN
notify:         noc@localhost
admin-c:        ITGR-RIPE
tech-c:         ITGR-RIPE
status:         ASSIGNED PI
org:            ORG-ITPL2-RIPE
mnt-by:         CT2IP-MNT
mnt-by:         ITECH-MNT
mnt-domains:    ITECH-MNT
changed:        noc@localhost 20080101
source:         RIPE

route:          193.53.87.0/24
descr:          Use in Capgemini, AMS/NL
origin:         AS29073
mnt-by:         ITECH-MNT
changed:        noc@localhost 20080101
source:         RIPE

organisation:   ORG-ITPL2-RIPE
org-name:       Infinite Technologies
org-type:       OTHER
address:        FF-2, #17, 5th Main
address:        Airport Road
address:        Bangalore - 560 017
address:        Karnataka, India
e-mail:         noc@localhost
remarks:        +--------------------------+
remarks:        Abuse Complaints = Email Only
remarks:        Technical Support = Email & Phone
remarks:        +--------------------------+
abuse-mailbox:  abuse@localhost
mnt-ref:        ITECH-MNT
mnt-by:         ITECH-MNT
changed:        noc@localhost 20080101
source:         RIPE

person:         Ganesh Rao
address:        FF-2, #17, 5th Main
address:        Vinayaka Nagar, Airport Road
address:        Bangalore 560 017
phone:          +91-9916971255
remarks:        +--------------------------
remarks:        Head of Operations
remarks:        Technical / Sales / Abuse Dept.
remarks:        +--------------------------
nic-hdl:        ITGR-RIPE
mnt-by:         ITECH-MNT
changed:        noc@localhost 20080101
source:         RIPE

Regards,
---
Nuno Vieira
nfsi telecom, lda.

nuno.vieira@localhost
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/



----- "Pieter Collier" contact@localhost wrote:

> Dear Ripe.net,
> 
> My contact form is being spammed on a constant basis, resulting into 5
> or so
> spam mails every 10 minutes. All spam mails come from IP's which are
> from
> your company.
> 
> For example: 193.53.87.113, 193.53.87.109, and others within your
> range.
> 
> The error I receive is the following:
> Server attack "Many URLS in a field" detected. Your server is safe as
> FormMail is invulnerable to this attack.  You can disable these
> messages by
> setting ALERT_ON_ATTACK_DETECTION to false in FormMail's
> configuration
> section.
> 
> More information:
> 
> Field "mesg" contained 30 URLs
> 
> Is there any way you can stop this spamming? I'm sure it is not you
> directly
> doing this, but someone using these IP's is. I have blocked this kind
> of
> attacks (but keep logs), since I have no interest in any of the 30
> url's
> inside the mail message.
> 
> My kindest regards,
> 
> Pieter Collier, Tolkienlibrary.com
> Sint-Franciesdijk 22
> 9185 Wachtebeke
> Belgium
> 
> +0032 (0) 495908283
> contact@localhost
>  
> ----------------------------------------------------------------------------
>  'It is fulfilled. Even now a Silmaril is in my hand.' -
> tolkienlibrary.com
> 
> Receive all the latest news on new Tolkien books, reviews, articles,
> interviews, events, exhibitions
> by inscribing to Tolkien Library Site News:
> http://feeds.feedburner.com/TolkienLibrary
---------------------------------------------------
** AVISO DE CONFIDENCIALIDADE **
Esta mensagem de correio electrónico e qualquer dos seus ficheiros anexos, caso existam, são confidenciais e destinados apenas à(s) pessoa(s) ou entidade(s) acima referida(s), podendo conter informação confidencial, privilegiada, a qual não deverá ser divulgada, copiada, gravada ou distribuída nos termos da lei vigente. Se não é o destinatário da mensagem, ou se ela lhe foi enviada por engano, agradecemos que não faça uso ou divulgação da mesma. A distribuição ou utilização da informação nela contida é interdita. Se recebeu esta mensagem por engano, por favor avise-nos de imediato, por correio electrónico, para o endereço acima e apague este e-mail do seu sistema. Obrigado.