| { brad brace } on Sat, 2 Oct 1999 11:53:43 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> the Tom Saylor spam operation. |
Cut and paste the letter below, and send to:
abuse@home.net
sanj@nsiweb.com
support@nsiweb.com
abuse@exodus.net
domains@flashhost.com
If enough of us complain, this SPAMMER will be TOSsed!
It's a NUMBERS GAME! Only a large number of complaints from a
large number of users will get any action done.
Keep fighting!
Kryton Rev. D
---------------------------CUT HERE------------------------------------
CC:
abuse@home.net
sanj@nsiweb.com
support@nsiweb.com
abuse@exodus.net
domains@flashhost.com
Dear abuse departments:
Another @home NNTP server hiijacked?
(news.rdc1.ct.home.com 938662944 209.125.171.20)
The headers of this SPAM post indicate that this USENET SPAM
post originated from @home.net.
This USENET SPAM was posted by the same spammer who hiijacked
two @home proxys recently- see partial messages below to refresh your
memory:
--------- Forwarded Message ---------
DATE: Sun, 26 Sep 1999 08:26:28
From: David Ritz <dritz@primenet.com>
To: abuse@rogers.home.net
Cc:abuse@home.net, postmaster@flashhost.com, support@nsiweb.com,
sanj@nsiweb.com, abuse@exodus.net, johnb@jbx.com, abuse@digex.net
-----BEGIN PGP SIGNED MESSAGE-----
[24.112.94.99] (cr799697-a.rchrd1.on.wave.home.com) is running a
wide open proxy to NEWS1.RDC1.ON.WAVE.HOME.COM. This WAVE server
is being hijacked by professional spammers. Please take immediate
steps to ensure that this proxy is closed.
[24.6.164.234] (GRATZ1.DHS.ORG) is wide open to POST. While
there's a Leafnode server located at this address, there's nothing
on spool, GRATZ1.DHS.ORG feeds upstream, via POST, to
NEWS.RDC1.AZ.HOME.COM. Please take immediate step to secure this
server. If @HOME is unable to contact there user, it is time to
router block this box at port 119.
usr10# telnet gratz1.dhs.org nntp
Trying 24.6.164.234...
Connected to gratz1.dhs.org.
Escape character is '^]'.
200 Leafnode NNTP Daemon, version 1.9.4 running at gratz1.dhs.org
post
340 Go ahead.
.
441 Formatting error, article not posted
quit
205 Always happy to serve!
Connection closed by foreign host.
usr10# getdate
28-Sep-1999 03:43:28 GMT
This server is currently being hijacked by Usenet's Public Enemy
#1, the Tom Saylor spam operation.
=======================================================================
SPAM POST HEADERS: <-------------------------------------------------
Path:
news1.frmt1.sfba.home.com!newshub1.home.com!news.home.com!news.rdc1.ct.home.com.POSTED!not-for-mail
From:
Umu Yasvi02 <minda@mbsin3rtekru.de>
Subject:
Circle Suck Wanted
Newsgroups:
alt.binaries.nude.celebrities.female,
alt.binaries.photography.glamour, alt.binaries.pictures.12hr,
alt.binaries.pictures.bigbutts,
alt.binaries.pictures.bisexuals, alt.binaries.pictures.black.erotic,
alt.binaries.pictures.black.erotic.females,
alt.binaries.pictures.bluebird
Lines:
447
Message-ID:
<A_AI3.2232$S32.2103@news.rdc1.ct.home.com>
Date:
Thu, 30 Sep 1999 03:42:24 GMT
NNTP-Posting-Host:
209.125.171.20
X-Complaints-To:
abuse@home.net
X-Trace:
news.rdc1.ct.home.com 938662944 209.125.171.20 (Wed, 29
Sep 1999 20:42:24 PDT)
NNTP-Posting-Date:
Wed, 29 Sep 1999 20:42:24 PDT
Organization:
@Work Internet powered by @Home Network
Xref:
newshub1.home.com
alt.binaries.nude.celebrities.female:30638940
alt.binaries.photography.glamour:30032285
alt.binaries.pictures.12hr:30012693
alt.binaries.pictures.bigbutts:30305767
alt.binaries.pictures.bisexuals:30550246
alt.binaries.pictures.black.erotic:30128389
alt.binaries.pictures.black.erotic.females:30590814
alt.binaries.pictures.bluebird:30709741
========================================================================
This SPAMMER even went as far as attacking an open proxy in
Holland! Tom Saylor also used SAIX.NET in South Africa, rmi.net,
videotron.net, verio.net, intnet.net, demon.net, multiweb.nl,
news-service.com, worldonline.nl, concentric.net, insync.net,
and @home.net to flood the USENET with his spam.
This is a true whack-a-mole spammer!
This spammer's websites are hosted by EXODUS.NET and
FLASHHOST.com
This particular SPAMMER is bad enough to have several web pages
devoted to his SPAMMING. Please see text version of web pages below,
so you can get a good idea of what you are dealing with!
Although his name is Tom Saylor, he probably used one of his
aliases to open this account.
In the last month, this Spammer has had accounts terminated at
several ISP's.
This SPAMMER is using your company as a throwaway account, and
will simply start another account at another ISP when you terminate his
account with your company. But at least you can stop the flood of
complaints YOUR company will recieve!
Please take action to stop this SPAMMER.
Thanks.
SPAMMER'S WEBSITE HOST INFORMATION: <-------------------------------
Official name: www.flashergirl.com
Addresses: 209.67.60.25
Whois for www.flashergirl.com
.com is the global domain of USA & International Commercial
(Whois queries for .com domains can be performed at
http://rs.internic.net/cgi-bin/whois)
whois -h whois.internic.net flashergirl.com
The Data in Network Solutions' WHOIS database is provided by Network
Solutions for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Network Solutions does not guarantee its accuracy. By submitting a
WHOIS query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems). Network Solutions
reserves the right to modify these terms at any time. By submitting
this query, you agree to abide by this policy.
Registrant:
Eurobahia Partners, Ltd. (FLASHERGIRL2-DOM)
P.O. Box 11434
Merrillville, IN 46410
US
Domain Name: FLASHERGIRL.COM
Administrative Contact:
major, ursula (UM76) ursula@WORLD-PREMIERE.COM
219-992-9338
Technical Contact, Zone Contact:
Domain Registrars (DR619-ORG) domains@FLASHHOST.COM
516-847-0201
Fax- 000-000-0000
Billing Contact:
major, ursula (UM76) ursula@WORLD-PREMIERE.COM
219-992-9338
Record last updated on 29-Jul-99.
Record created on 04-Feb-99.
Database last updated on 19-Sep-99 07:43:34 EDT.
Domain servers in listed order:
NS.FLASHHOST.COM 209.2.135.2
NS2.FLASHHOST.COM 209.2.135.3
IP block lookup for 209.67.60.25
whois -h whois.arin.net 209.67.60
Exodus Communications Inc. (NETBLK-ECI-5)
1605 Wyatt Dr.
Santa Clara, CA 95054
US
Netname: ECI-5
Netblock: 209.67.0.0 - 209.67.255.255
Maintainer: ECI
Coordinator:
Center, Network Control (NOC44-ARIN) support@EXODUS.NET
(408) 486-5000 (FAX) (408) 486-5001
Domain System inverse mapping provided by:
NS.EXODUS.NET 206.79.230.10
NS2..EXODUS.NET 207.82.198.150
* Rwhois reassignment information for this block is available at:
* rwhois.exodus.net 4321
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 27-Oct-98.
Database last updated on 20-Sep-99 16:19:57 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.
(You can find more IP address ownership info at
http://ipindex.dragonstar.net/)
Traceroute 209.67.60.25
This end is where samspade.org lives
1 206.117.161.1 (206.117.161.1) 167.714 ms 1.788 ms
2 isi-acg.ln.net (130.152.136.1) 2.579 ms 3.136 ms
3 s4-1-1.lsajca1-cr3.bbnplanet.net (4.24.40.13) 5.373 ms 3.862 ms
4 p2-0.lsanca1-ba1.bbnplanet.net (4.24.4.17) 3.232 ms 3.661 ms
5 p7-0.lsanca1-br1.bbnplanet.net (4.24.4.2) 3.400 ms 6.279 ms
6 p2-0.lsanca1-br2.bbnplanet.net (4.24.4.14) 5.378 ms 4.830 ms
7 p2-3.paloalto-nbr2.bbnplanet.net (4.24.5.198) 19.928 ms 20.352 ms
8 p1-0.paloalto-nbr1.bbnplanet.net (4.0.5.65) 22.912 ms 26.166 ms
9 p1-0-0.paloalto-cr9.bbnplanet.net (4.0.2.214) 26.467 ms 29.616 ms
10 ibr02-h8-1-0.sntc01.exodus.net (209.1.169.233) 36.361 ms 37.541 ms
11 dcr04-p0-0.sntc01.exodus.net (216.33.147.65) 23.113 ms 19.814 ms
12 bbr01-g6-0.sntc01.exodus.net (216.33.147.82) 16.755 ms 19.985 ms
13 bbr01-p2-0.sntc02.exodus.net (209.185.249.110) 19.158 ms 18.486 ms
14 bbr02-g4-0.sntc02.exodus.net (216.33.154.132) 17.213 ms 24.028 ms
15 bbr02-p5-0.hrnd01.exodus.net (216.32.173.14) 93.593 ms 101.111 ms
16 bbr01-g4-0.hrnd01.exodus.net (216.33.203.125) 94.397 ms 93.993 ms
17 bbr01-p5-0.jrcy01.exodus.net (209.185.249.213) 100.627 ms 101.283
ms
18 dcr03-g3-0.jrcy01.exodus.net (209.67.45.97) 99.201 ms 99.579 ms
19 rsm01-vlan990.jrcy02.exodus.net (216.32.222.106) 101.027 ms
100.376 ms
20 209.67.60.25 (209.67.60.25) 138.428 ms 100.876 ms
This end is where the people you're tracerouting to live
HEADERS AND TEXT:
TEXT OF SAYLOR'S FORGERIES FAQ:
http://howardk.moonfall.com/saylorfaq.html
Tom Saylor's Forgeries FAQ
Q:
Who is Tom Saylor?
A:
Tom Saylor (a.k.a. Ursula Major) and his associates are currently
one of the most notorious Usenet (the newsgroups) spamming
operations. It is common for this organization to flood the adult
newsgroups with ads for Mr. Saylor's adult sites. Here is a list of some
of
Mr. Saylor's Adult web sites:
208.2.81.58 (click-through to Saylor's other sites)
www.acdcgirl.com
www.amateurgynecologist.com
www.amateursexphoto.com
www.asian-girl-erotica.com
www.backdoorgirl.com
www.bi-girl.com
www.bjgirl.com
www.black-girl.com
www.classic-erotica.com
WWW.flashergirl.com
www.female-sex.com
www.girlgirllove.com
www.girliegirl.com
www.girlielesbian.com
www.hipgirl.com
www.interracialerotica.com
www.lesbiansexfun.com
www.lingeriegirl.com
www.lipstick-lesbian.com
www.myeroticdiary.com
www.naturalgirl.com
www.plumpgirl.com
www.pregnanterotica.com
www.prettysexygirls.com
www.sassygirl.com
www.sex-group.com
www.slitlickers.com
www.splitbeaver.com
www.strap-ongirl.com
www.toy-sex.com
www.twingirlsex.com
www.world-premiere.com
Mr. Saylor's ads typically contain forged email addresses and/or
forged domain names in the "From" line of his posts.
Q:
Why are these people picking on me? I never did anything to them!
A:
Mr. Saylor and his associates haphazardly pick domain names and
usernames for their ads with out regard to the fact that they are
legitimate. Do not take it personally. Basically, they do not care
who they victimize. They have been doing this for quite a while now, and
there is no reason to believe that they will change this behavior.
That is why it is important for you to act.
Q:
Is there any way to stop these people from violating my email
address and/or domain name?
A:
Yes. Mr. Saylor receives his bandwidth connectivity from NSI Web
(NSIWEB.COM/FLASHHOST.COM) in Farmingdale, NY. NSI Web in
turn, gets their connectivity from Exodus Communications
(EXODUS.NET) in Santa Clara, CA. Exodus has a policy that forbids its
customers from transmitting fraudulent information. Here is an
excerpt from their acceptible use policy (
http://www.exodus.net/about_us/policies.html ):
"Customer will not, and will not permit...
Intentionally omit, delete, forge or misrepresent transmission
information, including headers, return addressing information
and IP addresses or take any other actions intended to cloak
Customer's or its users' identity or contact information."
Make sure to send a letter of complaint to NSI Web, and Exodus.
Include a copy of the newsgroup posting (make sure to include all of the
headers) in your complaint. Here are the email addresses to send
your complaint to:
support@nsiweb.com
sanj@NSIWEB.COM
domains@NSIWEB.COM
webinfo@nsiweb.com
support@EXODUS.NET
abuse@exodus.net
hostmaster@EXODUS.NET
Also, you may want to send Mr. Saylor a personal note and tell him
that forging your email address or domain name must cease and
desist. You can contact him at:
escherin@world-premiere.com
tomsaylor@usa.net
ursulamajor@HOTMAIL.COM
eurobahia@HOTMAIL.COM
446-4@usa.net
losangeles1@iname.com
Q:
Why should I bother sending a complaint?
A:
Having your email address and/or domain name forged is a serious
matter. Not only should you send a complaint to protect yourself, you
should send it to help put an end to this organization's abuse and
to protect others (many others) from becoming victims too.
Q:
Where can I get more information on this Tom Saylor character?
A:
Ed Falk has provided information about Tom Saylor at:
http://www.rahul.net/falk/quickref.html#saylor.
Also, subscribe to the news.admin.net-abuse.usenet newsgroup where
Tom Saylor is often a topic of discussion.
Saylor, Tom
Porn spammer. Owner of World Premiere porn site. Email
saylor@mail.icongrp.com. 3572 W. State Rd. 10; Lake Village,
IN 46349 USA; 219-992-2413, fax 219-992-2644. Aliases
include Ursula Major, ursula@ns2.galaxy-net.net,
becca@world-premiere.com, photos@world-premiere.com,
photovault@world-premier.com,
photographer@world-premier.com, tippy@world-premier.com,
ursulamajor@HOTMAIL.COM, saylor@netnitco.net.
"saylor@netnitco..net" address is also used by Pamela
Calica (wife?). Business: Central Control Systems, 617 N. 70 E
Valparaiso, IN 46383.
http://www.centralcontrolsystems.com/saylordesign/
__
The_12hr-ISBN-JPEG_Project since 1994 <<<
> episodic ftp://ftp.wco.com/pub/users/bbrace <
> eccentric ftp://ftp.netcom.com/pub/bb/bbrace <
> continuous ftp://ftp.teleport.com/users/bbrace <
> hypermodern ftp://ftp.rdrop.com/pub/users/bbrace <
> imagery online ftp://ftp.pacifier.com/pub/users/bbrace <
Usenet News://alt.binaries.pictures.12hr/ a.b.p.fine-art.misc
Mailing-list: listserv@netcom.com / subscribe 12hr-isbn-jpeg
Reverse Solidus: http://www.teleport.com/~bbrace/bbrace.html
{ brad brace } <<<< bbrace@netcom.com >>>> ~finger for pgp
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net