Update: ELI and, later, TechnoTwist have replied claiming the insecure web form exploitation on the TechnoTwist web page. TechnoTwist said that they've removed the page and nothing like this should be repeated. Removed from the blocklist. Old: Secure Independence/TechnoTwist/Jerry Zalenski - spammers and WHOIS database harvesters! ttlvhost.net, technotwist.net, [216.190.175.0 - 216.190.175.255]: Access denied! === My complaint === === Note: bitch-list.net had some temporary problems with accepting e-mails, === === so it was removed from the queue and resent to ELI contacts, separately: === === abuse@eli.net, postmaster@eli.net, hostmaster@eli.net, support@eli.net, === === noc@eli.net, webmaster@eli.net, ipadmin@eli.net, billing@eli.net, === === peering@eli.net (Message-Id: <200210150318.15304@2002.dolphinwave.org>)=== Content-Type: text/plain; charset="iso-8859-1" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person Subject: [email] Spam (WHOIS harvest: ttlvhost.net/Secure Independence Inc)! [Fwd: Hi Abuse, here's information on $100 in advertising.] Date: Tue, 15 Oct 2002 03:18:15 +0200 User-Agent: KMail/1.4.1 X-KMail-Link-Message: 200109 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, eli.net@bitch-list.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200210150318.15304@2002.dolphinwave.org> Status: RO X-Status: S Spam on my e-mail address used on the WHOIS database for my domain registration only (abuse@ - tagged)! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! (I never unsubscribe from any lists that I didn't subscribe to, myself)! Spammer: [216.190.175.5] (virtualweb.ttlvhost.net, eatmyflame.com) Abused SMTP: mail.ttlvhost.net [216.190.175.3] Mail from: info@nameyourpricewebhosting.com Spamvertised web pages: ======================= http://www.NameYourPriceWebHosting.com http://www.NameYourPriceAdvertising.com www.NameYourPriceWebHosting.com [216.190.175.5] =============================== Jerry Zalenski 2756 N Green Valley Pkwy #367 Henderson, NV, 89014-2120 Domain Name: NAMEYOURPRICEWEBHOSTING.COM Administrative Contact- Jerry Zalenski: info@nameyourpricewebhosting.com Jerry Zalenski 56 El Rio Ct Henderson, NV 89012-5693 US Phone- 702-313-6000 702-313-9000 Fax- Technical Contact- Jerry Zalenski: info@technotwist.net Jerry Zalenski 56 El Rio Ct Henderson, NV 89012-5693 US Phone- 702-314-9901 702-313-9000 Fax- Record update date: 2002-04-02 18:31:44 Record create date: 2000-06-24 Record expires on: 2003-06-24 Database last updated on: 2002-10-14 21:10:32 EST Domain servers in listed order: NS1.TTLVHOST.NET 216.190.175.3 NS2.TTLVHOST.NET 208.186.75.3 www.NameYourPriceAdvertising.com [216.190.175.5] ================================ Jerry Zalenski 2756 N Green Valley Pkwy #367 Henderson, NV 89014-2120 Domain Name: NAMEYOURPRICEADVERTISING.COM Administrative Contact: Jerry Zalenski info@technotwist.net Jerry Zalenski 56 El Rio Ct Henderson, NV 89012-5693 US Phone: 702-314-9901 702-313-9000 Fax: Technical Contact: Jerry Zalenski info@technotwist.net Jerry Zalenski 56 El Rio Ct Henderson, NV 89012-5693 US Phone: 702-314-9901 702-313-9000 Fax: Record updated on 2002-04-02 18:31:44 Record created on 2000-06-25 Record expires on 2003-06-25 Database last updated on 2002-10-14 21:10:32 EST Domain servers in listed order: NS1.TTLVHOST.NET 216.190.175.3 NS2.TTLVHOST.NET 208.186.75.3 technotwist.net [216.190.175.5] =============== TechnoTwist 56 El Rio Ct Henderson, NV 89012-5693 US Domain Name: TECHNOTWIST.NET Administrative Contact Jerry Zalenski-> info@technotwist.net TechnoTwist LLC 56 El Rio Ct Henderson, NV 89012-5693 US Phone 702-313-6000 Fax 702-313-9000 Technical Contact Jerry Zalenski-> info@technotwist.net TechnoTwist LLC 56 El Rio Ct Henderson, NV 89012-5693 US Phone 702-313-6000 Fax 702-313-9000 Record updated on-> 2001-11-06 00:46:03 Record created on-> 1999-01-28 Record expiring date-> 2003-01-28 Database last updated on-> 2002-10-14 21:10:32 EST Domain servers in listed order: NS1.TTLVHOST.NET 216.190.175.3 NS2.TTLVHOST.NET 208.186.75.3 ttlvhost.net [216.190.175.5] ============ Secure Independence Inc 56 El Rio Ct Henderson, NV 89012-5693 US Domain Name: TTLVHOST.NET Administrative Contact Host Master: hostmaster@NameYourPriceWebHosting.com Secure Independence 56 El Rio Ct Henderson, NV 89012-5693 US Phone 702-313-6000 Fax 702-313-9000 Technical Contact Host Master: hostmaster@NameYourPriceWebHosting.com Secure Independence 56 El Rio Ct Henderson, NV 89012-5693 US Phone 702-313-6000 Fax 702-313-9000 Record updated date: 2002-03-05 17:57:51 Record created date: 1999-05-25 Record expires on date: 2003-05-25 Database last updated on: 2002-10-14 21:15:11 EST Domain servers in listed order: NS1.TTLVHOST.NET 216.190.175.3 NS2.TTLVHOST.NET 208.186.75.3 Secure Independence Inc IP block [216.190.175.0 - 216.190.175.255] <== SPAMMERS! which is in the ELI IP range [216.190.0.0 - 216.190.255.255]. Upstream: ELI (gw-cust-TTLVHOST-NET.lsvl.eli.net). ---------- Forwarded Message ---------- Received: from host1.ttlvhost.net (mail.ttlvhost.net [216.190.175.3]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g9F0QZ008726 for ; Tue, 15 Oct 2002 02:26:37 +0200 Received: from AspEmail (unverified [216.190.175.5]) by host1.ttlvhost.net (Vircom SMTPRS 4.5.186) with SMTP id for ; Mon, 14 Oct 2002 17:26:24 -0700 Message-ID: From: "Secure Independence" To: abuse@### Subject: Hi Abuse, here's information on $100 in advertising. Date: Mon, 14 Oct 2002 17:26:24 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=6B9C5A62DFD411D684DA_204C_4F4F_5020" Status: R X-Status: N Congratulations Abuse! You have been added to our list to receive web hosting updates and news from Name Your Price Web Hosting. Claim Your $100 Worth of FREE Advertising NOW! In order to claim your $100 worth of FREE ADVERTISING, if you haven't done so, you must register within 48 hours (for free) at either of these locations: http://www.NameYourPriceWebHosting.com/index.asp?id=#-##-#### http://www.NameYourPriceAdvertising.com/index.asp?id=#-##-#### Then place an ad at Name Your Price Advertising for your business so you can bring in more customers and make more sales! Please Note: If you have already registered, you already have a Company ID. Your $100 worth of Free Advertising will be credited to your Company ID within 1 hour. There is no need to register more than once. Want EVEN MORE Advertising? Use our handy Tell A Friend to tell your friends and family about Name Your Price Web Hosting. When they come to our site and enter their first name and email address, you'll get another $25 worth of Advertising! The more people you refer, the more advertising you'll get. Tell 4 friends and get $100 worth of advertising. Tell 20 friends and get $500 worth of advertising! There's no limit to how many people you tell and no limit to the Advertising you can get! So don't wait. Tell everyone you know about Name Your Price Web Hosting and Name Your Price Advertising TODAY! Again, congratulations. Yours For Success, The Secure Independence Staff ------------------------------------------------------- === They also did a Google search to look at the results of this spam run === Path: uni-berlin.de!cust-62-219-88-73.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS: S1094 update. Spam from TechnoTwist/ttlvhost.net, themselves Date: 16 Oct 2002 11:03:15 GMT Organization: Private person Lines: 35 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: cust-62-219-88-73.cust.bezeqint.net (62.219.88.73) X-Trace: fu-berlin.de 1034766195 23913245 62.219.88.73 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1837443 On 15 Oct 2002 16:36:09 GMT Dolphin wrote in message : > Today they've spammed my abuse@dolphinwave e-mail box, used on the WHOIS > database for my domain registration only (archived on NANAS): > http://groups.google.com/groups?selm=200210150318.15304%402002.dolphinwave.org And they watch the Usenet newsgroups for results of their spamming, doing a search for "nameyourpricewebhosting" on groups.google.com: 216.190.175.254 - - [16/Oct/2002:07:27:52 +0200] "GET / HTTP/1.1" 200 5086 "http://groups.google.com/groups?q=nameyourpricewebhosting&hl=en&lr=&ie=UTF-8 &oe=UTF-8&selm=slrnaqogvk.dgv.usenet-oct%2Bnanae%40orca.dolphinwave.org&rnum=3 &filter=0" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)" [whois.arin.net] Electric Lightwave Inc ELI-NETBLK99 (NET-216-190-0-0-1) 216.190.0.0 - 216.190.255.255 Secure Independence Inc - TechnoTwist LLC ELI-D8-BE-AF-00-24 (NET-216-190-175-0-1) 216.190.175.0 - 216.190.175.255 > They are listed as Level 2 at this moment: > 2, 216.190.175.5, pdai.com (host1.ttlvhost.net) > 2, 216.190.175.3, mail.pdai.com (ttlv.net) SPEWS is fast, as usually: already moved them to Level 1. Thanks, SPEWS! ELI has nothing to thank for here: the spammers are still connected. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === TechnoTwist replies === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: spamfilter@ttlvhost.net (Administrator) Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS: S1094 update. Spam from TechnoTwist/ttlvhost.net, themselves Date: 18 Oct 2002 16:19:11 -0700 Organization: http://groups.google.com/ Lines: 95 Message-ID: <55e34840.0210181519.16573eb8@posting.google.com> References: NNTP-Posting-Host: 216.190.175.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1034983151 7114 127.0.0.1 (18 Oct 2002 23:19:11 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 18 Oct 2002 23:19:11 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1839229 Greetings folks, I am the admin of the network in question, and I wanted to take this opportunity to shed a little light on how this all happened. The message that was quoted was a result of an online signup form. Unfortunately, the person who implemented never forsaw the possiblity of it being abused in this way. Someone had been filling it out with false information (namely admin addresses for people like yourselves), presumably to cause us to get blacklisted. Unfortunately, this form was designed to automatically send a welcome message to the address that was submitted. This was the message that you saw. We have since taken the email portion of the form offline, and all submissions will go through a (human) sanity filter. Unforunately, this problems seems to have been going on for some time, but since until a few days ago, no one took the initiative to contact me at admin@ or postmaster@, etc, I was unaware of it. I was finally contacted by someone at GTE by phone, and immediately took care of the problem. Thankfully, the person also recommended I check out this group to see what people were saying about us. We are NOT spam-friendly. You don't get more anti-spam than me. :) I have seen several other messages regarding this matter, and I will respond to them as well. If someone would like to speak with me personally regarding any of this, I would be more than happy to at: seven-zero-two-three-one-three-six-thousand. For future reference, this would have stopped sooner if someone had just let me know. I am registered with spamcop so I get notifications fast, I cancel accounts as fast as humanly possible, and I have been known to show up (armed) on the doorstep of the offender. :) Dolphin wrote in message news:... > Today they've spammed my abuse@dolphinwave e-mail box, used on the WHOIS > database for my domain registration only (archived on NANAS): > http://groups.google.com/groups?selm=200210150318.15304%402002.dolphinwave.org > > They are listed as Level 2 at this moment: > 2, 216.190.175.5, pdai.com (host1.ttlvhost.net) > 2, 216.190.175.3, mail.pdai.com (ttlv.net) > > The spam came from [216.190.175.5], using mail.ttlvhost.net [216.190.175.3] > as SMTP-out, and spamvertising domains NameYourPriceWebHosting.com and > NameYourPriceAdvertising.com, whose admin contact, Jerry Zalenski, is the > same as for technotwist.net and ttlvhost.net (and also hosted at the same > [216.190.175.5] IP as of now). > > Please, consider updating your listing based on the new info. > > === Spam headers were === > Received: from host1.ttlvhost.net (mail.ttlvhost.net [216.190.175.3]) > by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g9F0QZ008726 > for ; Tue, 15 Oct 2002 02:26:37 +0200 > Received: from AspEmail (unverified [216.190.175.5]) by host1.ttlvhost.net > (Vircom SMTPRS 4.5.186) with SMTP id for ; > Mon, 14 Oct 2002 17:26:24 -0700 > Message-ID: > From: "Secure Independence" > To: abuse@### > Subject: Hi Abuse, here's information on $100 in advertising. > Date: Mon, 14 Oct 2002 17:26:24 -0700 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--=6B9C5A62DFD411D684DA_204C_4F4F_5020" > Status: R > X-Status: N > > Congratulations Abuse! > > You have been added to our list to receive > web hosting updates and news from > Name Your Price Web Hosting. > > > > http://www.NameYourPriceWebHosting.com/index.asp?id=#-##-#### > http://www.NameYourPriceAdvertising.com/index.asp?id=#-##-#### > > > > Again, congratulations. > > Yours For Success, > > The Secure Independence Staff > > === Spam end === > > Dolphin. === Another reply, also about the PDAI spamhaus === From spamfilter@ttlvhost.net Sat Oct 19 11:00:13 2002 Path: uni-berlin.de!fu-berlin.de!nntp.cs.ubc.ca!newsfeed.stanford.edu!postnews1.google.com!not-for-mail From: spamfilter@ttlvhost.net (Administrator) Newsgroups: news.admin.net-abuse.email Subject: Spews S1094 - Response - NameYourPriceWebHosting / TTLVHOST / TTLV / Etc Date: 18 Oct 2002 16:41:25 -0700 Organization: http://groups.google.com/ Lines: 59 Message-ID: <55e34840.0210181541.672d7139@posting.google.com> NNTP-Posting-Host: 216.190.175.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1034984485 8878 127.0.0.1 (18 Oct 2002 23:41:25 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 18 Oct 2002 23:41:25 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1839243 Greetings folks, I am the admin of the network in question, and I wanted to take this opportunity to shed a little light on how this all happened. The message that was quoted was a result of an online signup form. Unfortunately, the person who implemented never forsaw the possiblity of it being abused in this way. Someone had been filling it out with false information (namely admin addresses for people like yourselves), presumably to cause us to get blacklisted. Unfortunately, this form was designed to automatically send a welcome message to the address that was submitted. This was the message that you saw. We have since taken the email portion of the form offline, and all submissions will go through a (human) sanity filter. Unforunately, this problems seems to have been going on for some time, but since until a few days ago, no one took the initiative to contact me at admin@ or postmaster@, etc, I was unaware of it. I was finally contacted by someone at GTE by phone, and immediately took care of the problem. Thankfully, the person also recommended I check out this group to see what people were saying about us. We are NOT spam-friendly. You don't get more anti-spam than me. :) I have seen several other messages regarding this matter, and I will respond to them as well. If someone would like to speak with me personally regarding any of this, I would be more than happy to at: seven-zero-two-three-one-three-six-thousand. For future reference, this would have stopped sooner if someone had just let me know. I am registered with spamcop so I get notifications fast, I cancel accounts as fast as humanly possible, and I have been known to show up (armed) on the doorstep of the offender. :) Lastly, I need to clear up a few things. PDAI.com - Former dialup and hosting provider based in Las Vegas. >From what I see of past postings, they were a spam house. In speaking to them on the phone, they claim not to be, but I'll let the evidence speak for itself. When they went out of business this past summer, we (also a dialup and hosting provider in Las Vegas) started getting many of their former customers just by phone book referral. Realizing something was up, we contacted them and made an arrangement to take over their domains and customers. We were somewhat aware of their history at that point. We had a few spam incidents with what was formerly their customers, and those users were promptly cancelled. Unfortunately, it would seem that this series of circumstances have gotten us pigeon-holed as spammers ourselves. But let me reiterate, we are not! We are a victim of circumstance in this case, and have had to pay the penalties by being blacklisted, etc. We are NOT the same people that owned PDAI, we are not in any way afilliated with those people. We took over their customer base, and that is all. One more thing: If anyone gets ANYTHING they consider spam, PLEASE get in touch with me so I can resolve the matter ASAP. admin-at- any of the above domains, or by phone at the number above.