If you have a web site, chances are you deal with spam in some way. It’s become reality in the last couple years and dealing with it can be either finicky and time consuming or you spend very little time with it, thanks to effective solutions.
Here we get lots of spam even though the traffic here doesn’t warrant it. 90% of the visitors here are bots and only about 2% of those are spammers.
We have a great system for dealing with spam and so far we’ve had great success with it. No spam has been posted on this site that had to be manually removed. However we get an endless number of attempts.
One IP 195.225.177.190 has been particularly mindless in their attempt to spam our site got up to 10 to 15 attempts per day. During the latter part of September 2007, this ONE BOT generated over 100 attempts.
This is the detail of the identified spammer.
10/17/07 11:25:56 whois 195.225.177.190@whois.geektools.com
whois -h whois.geektools.com 195.225.177.190 …
GeekTools Whois Proxy v5.0.4 Ready.
Final results obtained from whois.ripe.net.
Results:
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
%
See
http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to ‘195.225.176.0 – 195.225.179.255′
inetnum: 195.225.176.0 – 195.225.179.255
netname: NETCATHOST
descr: NetcatHosting
country: PA
admin-c: VR1273-RIPE
tech-c: VR1273-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: NETCATHOST-MNT
mnt-routes: NETCATHOST-MNT
mnt-routes: WZNET-MNT
source: RIPE # Filtered
remarks: ***************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ***************************************
person: Vladislav Radchek
address: IBC Tower Floor 9 PO Box 901-2389
address: Manuel Espinosa Batista Avenue
phone: +372 7121250
nic-hdl: VR1273-RIPE
source: RIPE # Filtered
% Information related to ‘195.225.176.0/22AS31159′
route: 195.225.176.0/22
descr: NETCATHOST (full block)
mnt-routes: WZNET-MNT
mnt-routes: NETCATHOST-MNT
origin: AS31159
mnt-by: NETCATHOST-MNT
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
source: RIPE # Filtered
% Information related to ‘195.225.177.190/32AS31159′
route: 195.225.177.190/32
descr: Mark Stosberg
origin: AS31159
mnt-by: NETCATHOST-MNT
source: RIPE # Filtered
remarks: *******************************
* Mark Stosberg *
* +1 (202) 657-5440 *
* US, 47374, Indiana *
* Richmond, 914 E Main St *
****** Send abuse to: *********
* abuse@myfreepages.org *
*******************************
Results brought to you by the GeekTools WHOIS Proxy
Server results may be copyrighted and are used with permission.’,'This IP is part of the NETCATHOST.COM Domain and is a Web hosting provider. Two IP’s in this block were attributed in the spamming the one noted above and this one 195.225.176.177. This is a RIPE address space from the looks of it being used by an ISP in Europe and further used by this American either intentionally or otherwise. Given it’s a web hosting account I’d say the server has been compromised.
It was interesting that while these bots were spamming me, I received no other spam attempts. [well there were two] Once I blocked this IP block from accessing my site, the other bots started up again. Most curious.
I still average about 3 spam attempts per day and depending on the success of this article I may post further major spammers in the coming months.
Comments (0) 
