>Does "tracked down" mean that the web logs show an IP of an ISP in >Virginia? If it is a dialup user of theirs, you're lucky -- you just have >to produce a subpoena and you'll get the contact information the user >provided (if any), which is likely fake. If you're not lucky, the IP is >an open proxy of some sort, and the spammer was coming from another location.
I've contacted them, and they seem to be more of a provider - dedicated circuits. Tracking down the IP should be no problem at all. >The easiest way to really track them down is to look at some of the spam, >and track them down the same way you would if you were buying their wares >(which will lead you to a PO box, a street address, a phone number, a >merchant account, etc.). These morons were shooting out thousands of blank messages to AOL addresses. I don't know if they were doubly attacking AOL with undeliverables. I don't see how they could be testing for deliverable / undeliverable because the bounced message would not come back to them. For now, I'm pulling down the latest formmail.pl & tweaking for blat. Hopefully that will take care of it for now. Thanks Chris At 11:21 AM 4/30/2002, you wrote: >>We've had someone spamming / attacking our network last night / today. >>We finally tracked it down. They were "relaying" off of a formmail >>script on a website. > >Ah, yes. That's nasty stuff, the modern version of yesterday's open >relay. Formmail and proxies. > >>I've since blocked the IP addresses being used and so far, so good. > >Until the next spammer uses it. > >>Anyone see this kind of abuse / attack / "relay" before? > >Yes, it's quickly becoming very common. > >>Any good way to block the abuse of someone's formmail or other script? > >I'm not familiar with the formmail script, but I've heard that the latest >version prevents this problem. > >>Also, I've tracked this down to a provider in Virginia. Don't they have >>some tough >>laws down there? Anyone familiar with it and what can realistically be >>done there? > >Does "tracked down" mean that the web logs show an IP of an ISP in >Virginia? If it is a dialup user of theirs, you're lucky -- you just have >to produce a subpoena and you'll get the contact information the user >provided (if any), which is likely fake. If you're not lucky, the IP is >an open proxy of some sort, and the spammer was coming from another location. > >The easiest way to really track them down is to look at some of the spam, >and track them down the same way you would if you were buying their wares >(which will lead you to a PO box, a street address, a phone number, a >merchant account, etc.). > > -Scott >--- >Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for >IMail. http://www.declude.com > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > > >Please visit http://www.ipswitch.com/support/mailing-lists.html to be >removed from this list. > >An Archive of this list is available at: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Please visit the Knowledge Base for answers to frequently asked >questions: http://www.ipswitch.com/support/IMail/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
