Re: [anti-spam-wg] Spam coming from ripe.net IP's
-
To: Pieter Collier contact@localhost
-
From: Nuno Vieira - nfsi telecom <nuno.vieira@localhost
-
Date: Mon, 14 Jul 2008 10:16:28 +0100 (WEST)
-
Reply-to: Nuno Vieira - nfsi telecom <nuno.vieira@localhost
Dear Pieter,
If your properly check the whois records, you will find out the proper spammer, which is OBVIOUSLY NOT RIPE.
# whois -B -G 193.53.87.113
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 193.53.87.0 - 193.53.89.255
netname: Connect2IP-NET02
descr: Infinite Technologies
remarks: Use in Capgemini/ TeleCity IDC Facility
country: IN
notify: noc@localhost
admin-c: ITGR-RIPE
tech-c: ITGR-RIPE
status: ASSIGNED PI
org: ORG-ITPL2-RIPE
mnt-by: CT2IP-MNT
mnt-by: ITECH-MNT
mnt-domains: ITECH-MNT
changed: noc@localhost 20080101
source: RIPE
route: 193.53.87.0/24
descr: Use in Capgemini, AMS/NL
origin: AS29073
mnt-by: ITECH-MNT
changed: noc@localhost 20080101
source: RIPE
organisation: ORG-ITPL2-RIPE
org-name: Infinite Technologies
org-type: OTHER
address: FF-2, #17, 5th Main
address: Airport Road
address: Bangalore - 560 017
address: Karnataka, India
e-mail: noc@localhost
remarks: +--------------------------+
remarks: Abuse Complaints = Email Only
remarks: Technical Support = Email & Phone
remarks: +--------------------------+
abuse-mailbox: abuse@localhost
mnt-ref: ITECH-MNT
mnt-by: ITECH-MNT
changed: noc@localhost 20080101
source: RIPE
person: Ganesh Rao
address: FF-2, #17, 5th Main
address: Vinayaka Nagar, Airport Road
address: Bangalore 560 017
phone: +91-9916971255
remarks: +--------------------------
remarks: Head of Operations
remarks: Technical / Sales / Abuse Dept.
remarks: +--------------------------
nic-hdl: ITGR-RIPE
mnt-by: ITECH-MNT
changed: noc@localhost 20080101
source: RIPE
Regards,
---
Nuno Vieira
nfsi telecom, lda.
nuno.vieira@localhost
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/
----- "Pieter Collier" contact@localhost wrote:
> Dear Ripe.net,
>
> My contact form is being spammed on a constant basis, resulting into 5
> or so
> spam mails every 10 minutes. All spam mails come from IP's which are
> from
> your company.
>
> For example: 193.53.87.113, 193.53.87.109, and others within your
> range.
>
> The error I receive is the following:
> Server attack "Many URLS in a field" detected. Your server is safe as
> FormMail is invulnerable to this attack. You can disable these
> messages by
> setting ALERT_ON_ATTACK_DETECTION to false in FormMail's
> configuration
> section.
>
> More information:
>
> Field "mesg" contained 30 URLs
>
> Is there any way you can stop this spamming? I'm sure it is not you
> directly
> doing this, but someone using these IP's is. I have blocked this kind
> of
> attacks (but keep logs), since I have no interest in any of the 30
> url's
> inside the mail message.
>
> My kindest regards,
>
> Pieter Collier, Tolkienlibrary.com
> Sint-Franciesdijk 22
> 9185 Wachtebeke
> Belgium
>
> +0032 (0) 495908283
> contact@localhost
>
> ----------------------------------------------------------------------------
> 'It is fulfilled. Even now a Silmaril is in my hand.' -
> tolkienlibrary.com
>
> Receive all the latest news on new Tolkien books, reviews, articles,
> interviews, events, exhibitions
> by inscribing to Tolkien Library Site News:
> http://feeds.feedburner.com/TolkienLibrary
---------------------------------------------------
** AVISO DE CONFIDENCIALIDADE **
Esta mensagem de correio electrónico e qualquer dos seus ficheiros anexos, caso existam, são confidenciais e destinados apenas à(s) pessoa(s) ou entidade(s) acima referida(s), podendo conter informação confidencial, privilegiada, a qual não deverá ser divulgada, copiada, gravada ou distribuída nos termos da lei vigente. Se não é o destinatário da mensagem, ou se ela lhe foi enviada por engano, agradecemos que não faça uso ou divulgação da mesma. A distribuição ou utilização da informação nela contida é interdita. Se recebeu esta mensagem por engano, por favor avise-nos de imediato, por correio electrónico, para o endereço acima e apague este e-mail do seu sistema. Obrigado.