NOOS - hosting the persistent repeating guestbooks spammer, Alexis Soulard, and ignore all complaints - the spammer spams from exactly the same account of his for months! noos.fr, noos.com, noos.net, cybercable.fr: Access denied! [81.64.0.0 - 81.67.255.255], [194.117.218.78], [195.132.0.0 - 195.132.255.255], [212.198.0.0 - 212.198.255.255]: Firewalled! === The first spam, my 1st complaint === From: Admin Organization: Private person To: abuse-Jul@2005.dolphinwave.org, nanas@killfile.org, tech@ovh.net, abuse@ovh.net, postmaster@wanadoo.fr, abuse@wanadoo.fr, abuse@noos.fr Subject: [misc] Guestbook spammers: tout-telecharger.com / Alexis Soulard Date: Fri, 15 Jul 2005 12:32:53 +0300 User-Agent: KMail/1.8.1 X-Complaints-To: abuse[@]dolphinwave[.]org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200507151232.54274@2005.dolphinwave.org> Status: RO X-Status: RSC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Guest books spammers, spamming search engines! Direct hit on the Guestbook posting from Google search for the Achim Winkler's Guestbook engine, used on my web site. The spammer did not even browse the web site! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ======= GUESTBOOK SPAM WAS ======= name = Mike mail = Mike1454@hotmail.com icq = aim = yim = msn = location = url = http://www.tout-telecharger.com/scripts/ text = this site made me think a lot about a lot of stuff. it\\\'s always good to stop at sites like this one. thanks date = 07.06.2005 21:00 ip = 81.64.126.136 ======= WEB SERVER LOGS (GMT+0300) ======= 81.64.126.136 - - [06/Jul/2005:21:00:10 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" 81.64.126.136 - - [06/Jul/2005:21:00:12 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" <...> 81.64.126.136 - - [07/Jul/2005:10:30:44 +0300] "GET /Guestbook/guestbook.php?act=show&page=1 HTTP/1.1" 200 14836 "http://www.google.com/search?hl=en&q=%22Copyright+%28C%29+2001+Achim+Winkler%22&btnG=Google+Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" Spammer: m136.net81-64-126.noos.fr [81.64.126.136] Date: 06/Jul/2005, 21:00:10 +0300 Spamvertised web page: http://www.tout-telecharger.com Used for spam domain registration: alexis.soulard@wanadoo.fr alexis.soulard@noos.fr www.tout-telecharger.com [213.251.133.212] (ns31924.ovh.net) ======================== domain: TOUT-TELECHARGER.COM owner: person: Soulard Alexis address: 55 rue Pauline Roland adresse: LA ROCHE SUR YON, 85 85000 adresse: FR phone: 02 51 34 92 68 fax: email: alexis.soulard@wanadoo.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: ns.ovh.net nserver: ns31924.ovh.net created: 2004-11-06 09:00:00 expires: 2005-11-06 15:48:09 changed: 2004-11-06 15:51:20 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: ovh.net (p19-11-m1.routers.ovh.net). Nameservers: ovh.net. Registrar: ovh.com. === NOOS' auto-ignore === Received: from mailgw3.noos.com (mailgw3.noos.com [195.132.2.195]) by mail.dolphinwave.org (8.13.1/8.13.1) with ESMTP id j6F9ZjKm002092 for ; Fri, 15 Jul 2005 12:35:49 +0300 Received: from localhost (unknown [127.0.0.1]) by mailgw3.noos.com (Microsoft Exchange) with ESMTP id 18AEE65C63; Fri, 15 Jul 2005 11:32:44 +0200 (CEST) Received: from BER10002.noos.com ([172.16.1.82]) by ber10009.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005071511353343:1014 ; Fri, 15 Jul 2005 11:35:33 +0200 Received: from strife2.noos.com ([172.16.1.14]) by BER10002.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005071511351898:324 ; Fri, 15 Jul 2005 11:35:18 +0200 Received: from strife2.noos.com (localhost.localdomain [127.0.0.1]) by strife2.noos.com (8.13.1/8.13.1) with ESMTP id j6F9ZFhp008963; Fri, 15 Jul 2005 11:35:15 +0200 Received: (from rtnoos@localhost) by strife2.noos.com (8.13.1/8.13.1/Submit) id j6F9Z57K008952; Fri, 15 Jul 2005 11:35:05 +0200 Date: Fri, 15 Jul 2005 11:35:05 +0200 Message-Id: <200507150935.j6F9Z57K008952@strife2.noos.com> X-Authentication-Warning: strife2.noos.com: rtnoos set sender to securite@noos.fr using -f From: NOOS Abuse Reply-To: NOOS Abuse To: abuse-Jul@2005.dolphinwave.org Subject: [NOOS #657892] [misc] Guestbook spammers: tout-telecharger.com / Alexis Soulard X-Request-ID: 657892 X-Loop-Prevention: NOOS Precedence: bulk X-MIMETrack: Itemize by SMTP Server on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 15/07/2005 11:35:18, Serialize by Router on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 15/07/2005 11:35:33, Serialize complete at 15/07/2005 11:35:33, Itemize by SMTP Server on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 15/07/2005 11:35:33, Serialize by Router on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 15/07/2005 11:35:34, Serialize complete at 15/07/2005 11:35:34 X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-6; AVE: 6.31.0.9; VDF: 6.31.0.209; host: mail.dolphinwave.org) X-Loop: dev.null@dolphinwave.org X-IMAPbase: 1113180229 2168 Status: R X-UID: 2166 Content-Length: 2503 X-Keywords: X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Madame, Monsieur, Tout d'abord merci d'avoir contacté abuse@noos.fr. Ceci est une réponse automatique, pour vous confirmer la création d'un nouveau ticket d'incident suite à la réception par la Cellule Abuse de votre email intitulé [misc] Guestbook spammers: tout-telecharger.com / Alexis Soulard La référence d'identification et de suivi de ce ticket d'incident est [NOOS #657892] Nous vous prions d'inclure cette référence dans le sujet de tout e-mail que vous nous enverrez concernant l'incident que vous évoquez dans votre message. Vous ne recevrez pas de réponse automatique pour les e-mails ultérieurs en référence au même incident. Nous nous efforçons de donner suite à votre message dans les meilleurs délais. Nous vous signalons que pour traiter une plainte, les informations suivantes nous sont normalement nécessaires : - date et heure de l'incident (précisez la fiabilité de cette information) - adresse IP origine de l'incident - nature de l'incident et toute information supplémentaire relative à l'incident (logs firewall, entêtes (headers) des mails, notamment entêtes "Received"...) - les impacts subis - type de système d'exploitation et d'outils de sécurité Afin d'améliorer le traitement des plaintes, nous vous suggérons d'utiliser le formulaire en ligne : http://securite.noos.fr/modules/abuse/ Cordialement, Cellule Abuse - NOOS abuse@noos.fr ----------------------------------------------------------------- Madam, Sir, First of all, thank you for having contacted abuse@noos.fr. This is an automatic answer, confirming that a ticket has been created following the receipt by the NOOS abuse team of your e-mail entitled [misc] Guestbook spammers: tout-telecharger.com / Alexis Soulard The reference of the ticket is [NOOS #657892] We ask you to include the above reference in the subject line of all future correspondence concerning this ticket. We inform you that in order to process a complaint, we need the following information, where applicable: - date and time of incident (please mention the timezone used and the reliability of the timestamps) - IP address having caused the incident - type of incident and any information relevant to the incident (firewall logs, mail headers with the Received lines . . .) - the impact of the incident, if any - type of operating system and security systems used We will be handling your message as soon as possible. Sincerely, NOOS Abuse Team abuse@noos.fr === My 2nd complaint === From: Admin Organization: Private person To: abuse-Jul@2005.dolphinwave.org, nanas@killfile.org, tech@ovh.net, abuse@ovh.net, abuse@noos.fr, postmaster@wanadoo.fr, abuse@wanadoo.fr Subject: [misc] Persistent guestbook spammer: bestmobi.com/tout-telecharger.com/Alexis Soulard Date: Wed, 27 Jul 2005 16:02:04 +0300 User-Agent: KMail/1.8.1 X-Complaints-To: abuse[@]dolphinwave[.]org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200507271602.04545@2005.dolphinwave.org> Status: RO X-Status: RSC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Persistent guestbooks spamming by bestmobi.com / tout-telecharger.com / Alexis Soulard. The spammer directly hits the guestbook posting script, looking deliberately for this guestbook engine by Achim Winkler on Google! The spammer did not even browse my web pages (see the webserver logs below). All ISPs, noos.fr and OVH, were notified about this abuse 2 weeks ago, the complaint is archived on Google Groups: http://groups-beta.google.com/group/news.admin.net-abuse.sightings/msg/fdb339f19da47a1d But they took absolutely no action about this abuse, and here we have the same abuse again. Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ======= GUESTBOOK SPAMMING WAS ======= name = Mickaela mail = Mickaela1467@hotmail.com icq = aim = yim = msn = location = url = http://www.bestmobi.com/ text = Been looking for a site like this for a long time. I will be back often. date = 07.27.2005 11:40 ip = 81.64.126.136 ======= PREVIOUS GUESTBOOK SPAMMING BY THE SAME ABUSER WAS ======= name = Mike mail = Mike1454@hotmail.com icq = aim = yim = msn = location = url = http://www.tout-telecharger.com/scripts/ text = this site made me think a lot about a lot of stuff. it\\\'s always good to stop at sites like this one. thanks date = 07.06.2005 21:00 ip = 81.64.126.136 Spammer: m136.net81-64-126.noos.fr [81.64.126.136] Dates: 07/Jul/2005, 10:30:44 +0300 27/Jul/2005, 11:40:07 +0300 Spamvertised web page: http://www.bestmobi.com Previously spamvertised web page: http://www.tout-telecharger.com/scripts/ Used for spam domain registration: alexis.soulard@noos.fr alexis.soulard@wanadoo.fr ======= WEBSERVER LOGS (GMT+0300) ======= # cat httpd-access_log |grep 81\.64\.126\.136 81.64.126.136 - - [07/Jul/2005:10:30:44 +0300] "GET /Guestbook/guestbook.php?act=show&page=1 HTTP/1.1" 200 14836 "http://www.google.com/search?hl=en&q=%22Copyright+%28C%29+2001+Achim+Winkler%22&btnG=Google+Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/guestbook.css HTTP/1.1" 200 2808 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/gif/lustig.gif HTTP/1.1" 200 375 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/gif/email.gif HTTP/1.1" 200 264 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/gif/home.gif HTTP/1.1" 200 274 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/gif/wink.gif HTTP/1.1" 200 375 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:45 +0300] "GET /Guestbook/gif/msn.gif HTTP/1.1" 200 577 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:46 +0300] "GET /Guestbook/gif/tongue.gif HTTP/1.1" 200 377 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:46 +0300] "GET /Guestbook/gif/icq.gif HTTP/1.1" 200 366 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [07/Jul/2005:10:30:46 +0300] "GET /Guestbook/gif/santabgrin.gif HTTP/1.1" 200 223 "http://www.dolphinwave.org/Guestbook/guestbook.php?act=show&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 81.64.126.136 - - [27/Jul/2005:11:40:07 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" www.bestmobi.com [213.251.133.212] (ns31924.ovh.net) ================ domain: BESTMOBI.COM owner: WEBLUNA person: Soulard Alexis address: 188bis bvd Pereire adresse: Paris, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: NS31924.OVH.NET nserver: NS.OVH.NET created: 2005-04-16 10:00:00 expires: 2006-04-16 16:02:21 changed: 2005-04-16 16:06:37 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: OVH (p19-11-m2.routers.ovh.net). Their upstream: Verio (ge-1-1.a01.parsfr01.fr.ra.verio.net). Nameservers: ns.ovh.net, ns31924.ovh.net. Registrar: OVH. www.tout-telecharger.com [213.251.133.212] (ns31924.ovh.net) ======================== domain: TOUT-TELECHARGER.COM owner: person: Soulard Alexis address: 55 rue Pauline Roland adresse: LA ROCHE SUR YON, 85 85000 adresse: FR phone: 02 51 34 92 68 fax: email: alexis.soulard@wanadoo.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: ns.ovh.net nserver: ns31924.ovh.net created: 2004-11-06 09:00:00 expires: 2005-11-06 15:48:09 changed: 2004-11-06 15:51:20 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: ovh.net (p19-11-m1.routers.ovh.net). Their upstream: Verio (ge-1-1.a01.parsfr01.fr.ra.verio.net). Nameservers: ovh.net. Registrar: ovh.com. === NOOS' 2nd auto-ignore === Received: from mailgw3.noos.com (mailgw3.noos.com [195.132.2.195]) by mail.dolphinwave.org (8.13.1/8.13.1) with ESMTP id j6RD5Osj010924 for ; Wed, 27 Jul 2005 16:05:25 +0300 Received: from localhost (unknown [127.0.0.1]) by mailgw3.noos.com (Microsoft Exchange) with ESMTP id 418DE65C68; Wed, 27 Jul 2005 15:02:20 +0200 (CEST) Received: from BER10002.noos.com ([172.16.1.82]) by ber10009.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005072715051606:2781 ; Wed, 27 Jul 2005 15:05:16 +0200 Received: from strife2.noos.com ([172.16.1.14]) by BER10002.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005072715051458:551 ; Wed, 27 Jul 2005 15:05:14 +0200 Received: from strife2.noos.com (localhost.localdomain [127.0.0.1]) by strife2.noos.com (8.13.1/8.13.1) with ESMTP id j6RD5BVW020719; Wed, 27 Jul 2005 15:05:11 +0200 Received: (from rtnoos@localhost) by strife2.noos.com (8.13.1/8.13.1/Submit) id j6RD55Qu020709; Wed, 27 Jul 2005 15:05:05 +0200 Date: Wed, 27 Jul 2005 15:05:05 +0200 Message-Id: <200507271305.j6RD55Qu020709@strife2.noos.com> X-Authentication-Warning: strife2.noos.com: rtnoos set sender to securite@noos.fr using -f From: NOOS Abuse Reply-To: NOOS Abuse To: abuse-Jul@2005.dolphinwave.org Subject: [NOOS #664941] [misc] Persistent guestbook spammer: bestmobi.com/tout-telecharger.com/Alexis Soulard X-Request-ID: 664941 X-Loop-Prevention: NOOS Precedence: bulk X-MIMETrack: Itemize by SMTP Server on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 27/07/2005 15:05:14, Serialize by Router on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 27/07/2005 15:05:16, Serialize complete at 27/07/2005 15:05:16, Itemize by SMTP Server on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 27/07/2005 15:05:16, Serialize by Router on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 27/07/2005 15:05:17, Serialize complete at 27/07/2005 15:05:17 X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-6; AVE: 6.31.1.0; VDF: 6.31.1.27; host: mail.dolphinwave.org) X-Loop: dev.null@dolphinwave.org Status: R X-UID: 2860 Content-Length: 2545 X-Keywords: X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Madame, Monsieur, Tout d'abord merci d'avoir contacté abuse@noos.fr. Ceci est une réponse automatique, pour vous confirmer la création d'un nouveau ticket d'incident suite à la réception par la Cellule Abuse de votre email intitulé [misc] Persistent guestbook spammer: bestmobi.com/tout-telecharger.com/Alexis Soulard La référence d'identification et de suivi de ce ticket d'incident est [NOOS #664941] Nous vous prions d'inclure cette référence dans le sujet de tout e-mail que vous nous enverrez concernant l'incident que vous évoquez dans votre message. Vous ne recevrez pas de réponse automatique pour les e-mails ultérieurs en référence au même incident. Nous nous efforçons de donner suite à votre message dans les meilleurs délais. Nous vous signalons que pour traiter une plainte, les informations suivantes nous sont normalement nécessaires : - date et heure de l'incident (précisez la fiabilité de cette information) - adresse IP origine de l'incident - nature de l'incident et toute information supplémentaire relative à l'incident (logs firewall, entêtes (headers) des mails, notamment entêtes "Received"...) - les impacts subis - type de système d'exploitation et d'outils de sécurité Afin d'améliorer le traitement des plaintes, nous vous suggérons d'utiliser le formulaire en ligne : http://securite.noos.fr/modules/abuse/ Cordialement, Cellule Abuse - NOOS abuse@noos.fr ----------------------------------------------------------------- Madam, Sir, First of all, thank you for having contacted abuse@noos.fr. This is an automatic answer, confirming that a ticket has been created following the receipt by the NOOS abuse team of your e-mail entitled [misc] Persistent guestbook spammer: bestmobi.com/tout-telecharger.com/Alexis Soulard The reference of the ticket is [NOOS #664941] We ask you to include the above reference in the subject line of all future correspondence concerning this ticket. We inform you that in order to process a complaint, we need the following information, where applicable: - date and time of incident (please mention the timezone used and the reliability of the timestamps) - IP address having caused the incident - type of incident and any information relevant to the incident (firewall logs, mail headers with the Received lines . . .) - the impact of the incident, if any - type of operating system and security systems used We will be handling your message as soon as possible. Sincerely, NOOS Abuse Team abuse@noos.fr === My 3rd complaint === From: Admin Organization: Private person To: abuse-Aug@2005.dolphinwave.org, nanas@killfile.org, tech@ovh.net, abuse@ovh.net, abuse@noos.fr, postmaster@wanadoo.fr, abuse@wanadoo.fr, abuse@gblx.net, postmaster@networksolutions.com, abuse@networksolutions.com, abuse@amen.fr, postmaster@amen.fr Subject: [misc] Persistent guestbook spammer: pacman2005.com/bestmobi.com/tout-telecharger.com/Alexis Soulard Date: Tue, 2 Aug 2005 15:16:41 +0300 User-Agent: KMail/1.8.2 X-Complaints-To: abuse[@]dolphinwave[.]org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508021516.42234@2005.dolphinwave.org> Status: RO X-Status: RSC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Persistent guestbooks spamming by bestmobi.com / tout-telecharger.com / Alexis Soulard. The spammer directly hits the guestbook posting script, looking deliberately for this guestbook engine by Achim Winkler on Google! The spammer did not even browse my web pages (see the webserver logs below). All ISPs, noos.fr and OVH, were notified about this abuse 2 and 3 weeks ago, the first complaint is archived on Google Groups: http://groups-beta.google.com/group/news.admin.net-abuse.sightings/msg/fdb339f19da47a1d But they took absolutely no action about this abuse, and here we have the same abuse again and again. Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ======= GUESTBOOK SPAMMING WAS ======= name = Sophia mail = Sophia3788@hotmail.com icq = aim = yim = msn = location = url = http://www.pacman2005.com text = Exelente sitio , los felcito de verdad es asombroso , genialmente increible , me eh asombrado , se lo eh recomendado a mucha gente lo voy a seguir haciendo , increible tema de conversacion de verdad tan bueno que me ah dejado con la boca abierta , verdaderamente asombroso y genial date = 08.02.2005 11:41 ip = 81.64.126.136 ======= PREVIOUS GUESTBOOK SPAMMING BY THE SAME ABUSER WAS ======= name = Mike mail = Mike1454@hotmail.com icq = aim = yim = msn = location = url = http://www.tout-telecharger.com/scripts/ text = this site made me think a lot about a lot of stuff. it\\\'s always good to stop at sites like this one. thanks date = 07.06.2005 21:00 ip = 81.64.126.136 name = Mickaela mail = Mickaela1467@hotmail.com icq = aim = yim = msn = location = url = http://www.bestmobi.com/ text = Been looking for a site like this for a long time. I will be back often. date = 07.27.2005 11:40 ip = 81.64.126.136 Spammer: m136.net81-64-126.noos.fr [81.64.126.136] Date: 02/Aug/2005, 11:41:15 +0300 Spamvertised web page: http://www.pacman2005.com Previously spamvertised web pages: http://www.tout-telecharger.com/scripts/ http://www.bestmobi.com Used for spam domain registration: alexis.soulard@noos.fr alexis.soulard@wanadoo.fr ======= WEBSERVER LOGS (GMT+0300) ======= # cat httpd-access_log |grep 81\.64\.126\.136 81.64.126.136 - - [02/Aug/2005:11:41:15 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" ======= THE GUESTBOOK SCRIPT GOOGLE SEARCH EXAMPLE (GMT+0300) ======= 81.64.126.136 - - [07/Jul/2005:10:30:44 +0300] "GET /Guestbook/guestbook.php?act=show&page=1 HTTP/1.1" 200 14836 "http://www.google.com/search?hl=en&q=%22Copyright+%28C%29+2001+Achim+Winkler%22&btnG=Google+Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" pacman2005.com [213.186.33.2] (90plan.ovh.net) ============== Registrant: ALEXIS, SOULARD 55 Rue Pauline Roland LA ROCHE SUR YON 85000 FR Domain Name: PACMAN2005.COM Administrative Contact: ALEXIS, SOULARD alexis.soulard@wanadoo.fr 55 Rue Pauline Roland LA ROCHE SUR YON 85000 FR +33251349268 Technical Contact: AMEN internic@amen.fr 12-14, rond point des Champs Elysees Paris, France 75008 FR +33 892 55 66 77 Record expires on 22-Sep-2005. Record created on 22-Sep-2004. Database last updated on 2-Aug-2005 08:11:46 EDT. Domain servers in listed order: DNS.OVH.NET 213.186.33.99 NS.OVH.NET 212.27.32.132 OVH IP block [213.186.33.0 - 213.186.33.254]. Upstream: OVH (p19-9-m2.routers.ovh.net). Their upstream: Global Crossing (so3-0-0-2488M.ar2.CDG2.gblx.net). Nameservers: ovh.net. Registrar: networksolutions.com. www.bestmobi.com [213.251.133.212] (ns31924.ovh.net) ================ domain: BESTMOBI.COM owner: WEBLUNA person: Soulard Alexis address: 188bis bvd Pereire adresse: Paris, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: NS31924.OVH.NET nserver: NS.OVH.NET created: 2005-04-16 10:00:00 expires: 2006-04-16 16:02:21 changed: 2005-04-16 16:06:37 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: OVH (p19-11-m2.routers.ovh.net). Their upstream: Verio (ge-1-1.a01.parsfr01.fr.ra.verio.net). Nameservers: ns.ovh.net, ns31924.ovh.net. Registrar: OVH. www.tout-telecharger.com [213.251.133.212] (ns31924.ovh.net) ======================== domain: TOUT-TELECHARGER.COM owner: person: Soulard Alexis address: 55 rue Pauline Roland adresse: LA ROCHE SUR YON, 85 85000 adresse: FR phone: 02 51 34 92 68 fax: email: alexis.soulard@wanadoo.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: ns.ovh.net nserver: ns31924.ovh.net created: 2004-11-06 09:00:00 expires: 2005-11-06 15:48:09 changed: 2004-11-06 15:51:20 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: ovh.net (p19-11-m1.routers.ovh.net). Their upstream: Verio (ge-1-1.a01.parsfr01.fr.ra.verio.net). Nameservers: ovh.net. Registrar: ovh.com. === NOOS' 3rd auto-ignore === Received: from mailgw3.noos.com (mailgw3.noos.com [195.132.2.195]) by mail.dolphinwave.org (8.13.1/8.13.1) with ESMTP id j72CKu4A000305 for ; Tue, 2 Aug 2005 15:21:00 +0300 Received: from localhost (unknown [127.0.0.1]) by mailgw3.noos.com (Microsoft Exchange) with ESMTP id 878C165C68; Tue, 2 Aug 2005 14:17:37 +0200 (CEST) Received: from BER10002.noos.com ([172.16.1.82]) by ber10009.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005080214203642:2060 ; Tue, 2 Aug 2005 14:20:36 +0200 Received: from strife2.noos.com ([172.16.1.14]) by BER10002.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005080214203608:1500 ; Tue, 2 Aug 2005 14:20:36 +0200 Received: from strife2.noos.com (localhost.localdomain [127.0.0.1]) by strife2.noos.com (8.13.1/8.13.1) with ESMTP id j72CKDCj017408; Tue, 2 Aug 2005 14:20:13 +0200 Received: (from rtnoos@localhost) by strife2.noos.com (8.13.1/8.13.1/Submit) id j72CK7mk017384; Tue, 2 Aug 2005 14:20:08 +0200 Date: Tue, 2 Aug 2005 14:20:08 +0200 Message-Id: <200508021220.j72CK7mk017384@strife2.noos.com> X-Authentication-Warning: strife2.noos.com: rtnoos set sender to securite@noos.fr using -f From: NOOS Abuse Reply-To: NOOS Abuse To: abuse-Aug@2005.dolphinwave.org Subject: [NOOS #668862] [misc] Persistent guestbook spammer: pacman2005.com/bestmobi.com/tout-telecharger.com/Alexis Soulard X-Request-ID: 668862 X-Loop-Prevention: NOOS Precedence: bulk X-MIMETrack: Itemize by SMTP Server on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 02/08/2005 14:20:36, Serialize by Router on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 02/08/2005 14:20:36, Serialize complete at 02/08/2005 14:20:36, Itemize by SMTP Server on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 02/08/2005 14:20:36, Serialize by Router on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 02/08/2005 14:20:37, Serialize complete at 02/08/2005 14:20:37 X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-6; AVE: 6.31.1.0; VDF: 6.31.1.45; host: mail.dolphinwave.org) X-Loop: dev.null@dolphinwave.org Status: R X-UID: 3241 Content-Length: 2575 X-Keywords: X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Madame, Monsieur, Tout d'abord merci d'avoir contacté abuse@noos.fr. Ceci est une réponse automatique, pour vous confirmer la création d'un nouveau ticket d'incident suite à la réception par la Cellule Abuse de votre email intitulé [misc] Persistent guestbook spammer: pacman2005.com/bestmobi.com/tout-telecharger.com/Alexis Soulard La référence d'identification et de suivi de ce ticket d'incident est [NOOS #668862] Nous vous prions d'inclure cette référence dans le sujet de tout e-mail que vous nous enverrez concernant l'incident que vous évoquez dans votre message. Vous ne recevrez pas de réponse automatique pour les e-mails ultérieurs en référence au même incident. Nous nous efforçons de donner suite à votre message dans les meilleurs délais. Nous vous signalons que pour traiter une plainte, les informations suivantes nous sont normalement nécessaires : - date et heure de l'incident (précisez la fiabilité de cette information) - adresse IP origine de l'incident - nature de l'incident et toute information supplémentaire relative à l'incident (logs firewall, entêtes (headers) des mails, notamment entêtes "Received"...) - les impacts subis - type de système d'exploitation et d'outils de sécurité Afin d'améliorer le traitement des plaintes, nous vous suggérons d'utiliser le formulaire en ligne : http://securite.noos.fr/modules/abuse/ Cordialement, Cellule Abuse - NOOS abuse@noos.fr ----------------------------------------------------------------- Madam, Sir, First of all, thank you for having contacted abuse@noos.fr. This is an automatic answer, confirming that a ticket has been created following the receipt by the NOOS abuse team of your e-mail entitled [misc] Persistent guestbook spammer: pacman2005.com/bestmobi.com/tout-telecharger.com/Alexis Soulard The reference of the ticket is [NOOS #668862] We ask you to include the above reference in the subject line of all future correspondence concerning this ticket. We inform you that in order to process a complaint, we need the following information, where applicable: - date and time of incident (please mention the timezone used and the reliability of the timestamps) - IP address having caused the incident - type of incident and any information relevant to the incident (firewall logs, mail headers with the Received lines . . .) - the impact of the incident, if any - type of operating system and security systems used We will be handling your message as soon as possible. Sincerely, NOOS Abuse Team abuse@noos.fr === My 4th complaint === From: Admin Organization: Private person To: abuse-Aug@2005.dolphinwave.org, nanas@killfile.org, tech@ovh.net, abuse@ovh.net, abuse@noos.fr, hostmaster@noos.net, postmaster@wanadoo.fr, abuse@wanadoo.fr, abuse@gblx.net, postmaster@networksolutions.com, abuse@networksolutions.com, abuse@amen.fr, postmaster@amen.fr Subject: [misc] Persistent guestbook spammer: Alexis Soulard - pacman2005.com/bestmobi.com/tout-telecharger.com/down-fr.com Date: Thu, 18 Aug 2005 17:13:19 +0300 User-Agent: KMail/1.8.2 X-Complaints-To: abuse[@]dolphinwave[.]org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508181713.19552@2005.dolphinwave.org> Status: RO X-Status: RSC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Persistent guestbooks spamming by bestmobi.com / tout-telecharger.com / Alexis Soulard. The spammer directly hits the guestbook posting script, looking deliberately for this guestbook engine by Achim Winkler on Google! The spammer did not even browse my web pages (see the webserver logs below). All ISPs, noos.fr and OVH, were notified about this abuse 2 times in July and once in August, the first complaint is archived on Google Groups: http://groups-beta.google.com/group/news.admin.net-abuse.sightings/msg/fdb339f19da47a1d But they took absolutely no action about this abuse, and here we have the same abuse again and again. Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ATTENTION: NOOS, OVH! For this blatant abuse by your customers and you absolutely ignoring all abuse complaints, your whole IP ranges will be blocked from accessing of my networks ever again! Enjoy your intranet! ======= GUESTBOOK SPAMMING WAS ======= name = Jose mail = Jose1163@hotmail.com icq = aim = yim = msn = location = url = http://www.down-fr.com/scripts/ text = Enjoy the site! Keep up the good work ur a great instructor date = 08.18.2005 15:15 ip = 81.64.126.136 ======= PREVIOUS GUESTBOOK SPAMMINGS BY THE SAME ABUSER WERE ======= name = Mike mail = Mike1454@hotmail.com icq = aim = yim = msn = location = url = http://www.tout-telecharger.com/scripts/ text = this site made me think a lot about a lot of stuff. it\\\'s always good to stop at sites like this one. thanks date = 07.06.2005 21:00 ip = 81.64.126.136 name = Mickaela mail = Mickaela1467@hotmail.com icq = aim = yim = msn = location = url = http://www.bestmobi.com/ text = Been looking for a site like this for a long time. I will be back often. date = 07.27.2005 11:40 ip = 81.64.126.136 name = Sophia mail = Sophia3788@hotmail.com icq = aim = yim = msn = location = url = http://www.pacman2005.com text = Exelente sitio , los felcito de verdad es asombroso , genialmente increible , me eh asombrado , se lo eh recomendado a mucha gente lo voy a seguir haciendo , increible tema de conversacion de verdad tan bueno que me ah dejado con la boca abierta , verdaderamente asombroso y genial date = 08.02.2005 11:41 ip = 81.64.126.136 Spammer: m136.net81-64-126.noos.fr [81.64.126.136] Date: 18/Aug/2005, 15:15:03 +0300 Spamvertised web page: http://www.down-fr.com/scripts/ Previously spamvertised web pages: http://www.tout-telecharger.com/scripts/ http://www.bestmobi.com http://www.pacman2005.com Used for spam domain registration: alexis.soulard@noos.fr alexis.soulard@wanadoo.fr ======= WEBSERVER LOGS (GMT+0300) ======= # cat httpd-access_log |grep 81\.64\.126\.136 81.64.126.136 - - [02/Aug/2005:11:41:15 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" 81.64.126.136 - - [18/Aug/2005:15:15:03 +0300] "POST /Guestbook/guestbook.php HTTP/1.1" 302 1 "-" "-" ======= THE GUESTBOOK SCRIPT GOOGLE SEARCH EXAMPLE (GMT+0300) ======= 81.64.126.136 - - [07/Jul/2005:10:30:44 +0300] "GET /Guestbook/guestbook.php?act=show&page=1 HTTP/1.1" 200 14836 "http://www.google.com/search?hl=en&q=%22Copyright+%28C%29+2001+Achim+Winkler%22&btnG=Google+Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" www.down-fr.com [213.251.133.212] (ns31924.ovh.net) =============== domain: DOWN-FR.COM owner: WEBLUNA person: Soulard Alexis address: 188bis bvd Pereire adresse: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: NS31924.OVH.NET nserver: NS.OVH.NET created: 2005-07-10 05:00:00 expires: 2006-07-10 11:56:55 changed: 2005-07-10 11:56:56 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: OVH (p19-11-m1.routers.ovh.net). Their upstream: Global Crossing (so4-0-0-2488M.ar2.CDG2.gblx.net). Nameservers: ns31924.ovh.net, ns.ovh.net. Registrar: OVH. pacman2005.com [213.186.33.2] (90plan.ovh.net) ============== Registrant: ALEXIS, SOULARD 55 Rue Pauline Roland LA ROCHE SUR YON 85000 FR Domain Name: PACMAN2005.COM Administrative Contact: ALEXIS, SOULARD alexis.soulard@wanadoo.fr 55 Rue Pauline Roland LA ROCHE SUR YON 85000 FR +33251349268 Technical Contact: AMEN internic@amen.fr 12-14, rond point des Champs Elysees Paris, France 75008 FR +33 892 55 66 77 Record expires on 22-Sep-2005. Record created on 22-Sep-2004. Database last updated on 2-Aug-2005 08:11:46 EDT. Domain servers in listed order: DNS.OVH.NET 213.186.33.99 NS.OVH.NET 212.27.32.132 OVH IP block [213.186.33.0 - 213.186.33.254]. Upstream: OVH (p19-9-m2.routers.ovh.net). Their upstream: Global Crossing (so3-0-0-2488M.ar2.CDG2.gblx.net). Nameservers: ovh.net. Registrar: networksolutions.com. www.bestmobi.com [213.251.133.212] (ns31924.ovh.net) ================ domain: BESTMOBI.COM owner: WEBLUNA person: Soulard Alexis address: 188bis bvd Pereire adresse: Paris, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: NS31924.OVH.NET nserver: NS.OVH.NET created: 2005-04-16 10:00:00 expires: 2006-04-16 16:02:21 changed: 2005-04-16 16:06:37 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.251.132.0 - 213.251.135.255]. Upstream: OVH (p19-11-m2.routers.ovh.net). Their upstream: Verio (ge-1-1.a01.parsfr01.fr.ra.verio.net). Nameservers: ns.ovh.net, ns31924.ovh.net. Registrar: OVH. www.tout-telecharger.com [213.186.34.13] (ns1bis.telecharger.com) ======================== domain: TOUT-TELECHARGER.COM owner: person: Soulard Alexis address: 55 rue Pauline Roland adresse: LA ROCHE SUR YON, 85 85000 adresse: FR phone: 02 51 34 92 68 fax: email: alexis.soulard@wanadoo.fr admin-c: SA225-OVH tech-c: SA225-OVH bill-c: SA225-OVH nserver: ns.ovh.net nserver: ns31924.ovh.net created: 2004-11-06 09:00:00 expires: 2005-11-06 15:48:09 changed: 2004-11-06 15:51:20 nic-hdl: SA225-OVH person: Soulard Alexis organisation: WEBLUNA address: 188bis bvd Pereire address: PARIS, 0 75017 adresse: FR phone: 0673446164 fax: email: alexis.soulard@noos.fr created: 2002-05-28 18:45:29 changed: 2005-07-03 21:42:22 OVH IP block [213.186.34.0 - 213.186.34.255]. Upstream: ovh.net (p19-5-m1.routers.ovh.net). Their upstream: Global Crossing (so3-0-0-2488M.ar2.CDG2.gblx.net). Nameservers: ovh.net. Registrar: ovh.com. === NOOS' 4th auto-ignore === Received: from mailgw3.noos.com (mailgw3.noos.com [195.132.2.195]) by mail.dolphinwave.org (8.13.1/8.13.1) with ESMTP id j7IEKVSe015820 for ; Thu, 18 Aug 2005 17:20:32 +0300 Received: from localhost (unknown [127.0.0.1]) by mailgw3.noos.com (Microsoft Exchange) with ESMTP id B3E3F65C65; Thu, 18 Aug 2005 16:17:06 +0200 (CEST) Received: from BER10002.noos.com ([172.16.1.82]) by ber10009.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005081816201509:2288 ; Thu, 18 Aug 2005 16:20:15 +0200 Received: from strife2.noos.com ([172.16.1.14]) by BER10002.noos.com (Lotus Domino Release 5.0.11) with ESMTP id 2005081816201447:631 ; Thu, 18 Aug 2005 16:20:14 +0200 Received: from strife2.noos.com (localhost.localdomain [127.0.0.1]) by strife2.noos.com (8.13.1/8.13.1) with ESMTP id j7IEKBIW029748; Thu, 18 Aug 2005 16:20:11 +0200 Received: (from rtnoos@localhost) by strife2.noos.com (8.13.1/8.13.1/Submit) id j7IEK5wc029739; Thu, 18 Aug 2005 16:20:05 +0200 Date: Thu, 18 Aug 2005 16:20:05 +0200 Message-Id: <200508181420.j7IEK5wc029739@strife2.noos.com> X-Authentication-Warning: strife2.noos.com: rtnoos set sender to securite@noos.fr using -f From: NOOS Abuse Reply-To: NOOS Abuse To: abuse-Aug@2005.dolphinwave.org Subject: [NOOS #674932] [misc] Persistent guestbook spammer: Alexis Soulard - pacman2005.com/bestmobi.com/tout-telecharger.com/down-fr.com X-Request-ID: 674932 X-Loop-Prevention: NOOS Precedence: bulk X-MIMETrack: Itemize by SMTP Server on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 18/08/2005 16:20:14, Serialize by Router on BER10002/W/LC/SLE(Release 5.0.11 |July 24, 2002) at 18/08/2005 16:20:15, Serialize complete at 18/08/2005 16:20:15, Itemize by SMTP Server on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 18/08/2005 16:20:15, Serialize by Router on BER10009/F/LC/SLE(Release 5.0.11 |July 24, 2002) at 18/08/2005 16:20:16, Serialize complete at 18/08/2005 16:20:16 X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-6; AVE: 6.31.1.0; VDF: 6.31.1.123; host: mail.dolphinwave.org) X-Loop: dev.null@dolphinwave.org Status: R X-UID: 3995 Content-Length: 2603 X-Keywords: X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Madame, Monsieur, Tout d'abord merci d'avoir contacté abuse@noos.fr. Ceci est une réponse automatique, pour vous confirmer la création d'un nouveau ticket d'incident suite à la réception par la Cellule Abuse de votre email intitulé [misc] Persistent guestbook spammer: Alexis Soulard - pacman2005.com/bestmobi.com/tout-telecharger.com/down-fr.com La référence d'identification et de suivi de ce ticket d'incident est [NOOS #674932] Nous vous prions d'inclure cette référence dans le sujet de tout e-mail que vous nous enverrez concernant l'incident que vous évoquez dans votre message. Vous ne recevrez pas de réponse automatique pour les e-mails ultérieurs en référence au même incident. Nous nous efforçons de donner suite à votre message dans les meilleurs délais. Nous vous signalons que pour traiter une plainte, les informations suivantes nous sont normalement nécessaires : - date et heure de l'incident (précisez la fiabilité de cette information) - adresse IP origine de l'incident - nature de l'incident et toute information supplémentaire relative à l'incident (logs firewall, entêtes (headers) des mails, notamment entêtes "Received"...) - les impacts subis - type de système d'exploitation et d'outils de sécurité Afin d'améliorer le traitement des plaintes, nous vous suggérons d'utiliser le formulaire en ligne : http://securite.noos.fr/modules/abuse/ Cordialement, Cellule Abuse - NOOS abuse@noos.fr ----------------------------------------------------------------- Madam, Sir, First of all, thank you for having contacted abuse@noos.fr. This is an automatic answer, confirming that a ticket has been created following the receipt by the NOOS abuse team of your e-mail entitled [misc] Persistent guestbook spammer: Alexis Soulard - pacman2005.com/bestmobi.com/tout-telecharger.com/down-fr.com The reference of the ticket is [NOOS #674932] We ask you to include the above reference in the subject line of all future correspondence concerning this ticket. We inform you that in order to process a complaint, we need the following information, where applicable: - date and time of incident (please mention the timezone used and the reliability of the timestamps) - IP address having caused the incident - type of incident and any information relevant to the incident (firewall logs, mail headers with the Received lines . . .) - the impact of the incident, if any - type of operating system and security systems used We will be handling your message as soon as possible. Sincerely, NOOS Abuse Team abuse@noos.fr === Some data === $ jwhois noos.fr [Querying whois.nic.fr] [whois.nic.fr] <...> domain: noos.fr address: NOOS address: 10, rue Colisee address: 75008 Paris address: FR admin-c: AI587-FRNIC tech-c: LC597-FRNIC tech-c: DP1707-FRNIC zone-c: NFC1-FRNIC nserver: ns1.noos.net nserver: ns2.noos.net mnt-by: FR-NIC-MNT mnt-lower: FR-NIC-MNT changed: frnic-dbm-updates@nic.fr 20010308 source: FRNIC person: Anne Illouz address: NOOS address: 10, rue du Colisee address: 75008 Paris address: FR phone: +33 1 56 89 36 36 fax-no: +33 1 56 89 36 37 e-mail: aillouz@noos.fr liste-r: N nic-hdl: AI587-FRNIC notify: aillouz@noos.fr changed: aillouz@noos.fr 20020904 source: FRNIC role: Lyonnaise Communications address: Lyonnaise Communications address: 20, place des Vins de France address: 75614 Paris Cedex 12 address: FR e-mail: hostmaster@cybercable.fr admin-c: DG2553-FRNIC tech-c: DP1707-FRNIC nic-hdl: LC597-FRNIC notify: hostmaster@cybercable.fr changed: hostmaster@cybercable.fr 20021016 source: FRNIC person: Denis Poirier address: Lyonnaise Communications address: 1, square Bela Bartok address: 75015 Paris address: FR phone: +33 1 53 44 86 52 fax-no: +33 1 53 44 86 55 e-mail: hostmaster@cybercable.fr e-mail: dpoirier@cybercable.fr liste-r: N nic-hdl: DP1707-FRNIC notify: dpoirier@cybercable.fr changed: marlene@cybercable.tm.fr 19990622 changed: migration-dbm@nic.fr 20001015 source: FRNIC role: NIC France Contact address: Afnic address: immeuble international address: 2, rue Stephenson address: Montigny-Le-Bretonneux address: 78181 Saint Quentin en Yvelines Cedex address: FR phone: +33 1 39 30 83 00 e-mail: hostmaster@nic.fr admin-c: NFC1-FRNIC tech-c: PL12-FRNIC tech-c: JP-FRNIC tech-c: MS1887-FRNIC tech-c: VL-FRNIC tech-c: PR1249-FRNIC tech-c: PV827-FRNIC tech-c: GO661-FRNIC tech-c: MS-FRNIC tech-c: AI1-FRNIC nic-hdl: NFC1-FRNIC mnt-by: FR-NIC-MNT changed: tech@nic.fr 20011025 changed: tech@nic.fr 20020711 changed: sylvie.lacep@afnic.fr 20040805 changed: hostmaster@nic.fr 20041207 changed: hostmaster@nic.fr 20050823 source: FRNIC $ jwhois noos.com [Querying whois.internic.net] [Redirected to whois.register.com] [Querying whois.register.com] [whois.register.com] <...> Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: noos.com Created on..............: 02 Feb 1998 00:00:00 Expires on..............: 01 Feb 2006 00:00:00 Registrant Info: AUXIPAR NA NA 20, place des vins de France NA, US Phone: NA Fax..: Email: NA Administrative Info: NA NA AUXIPAR 20, place des vins de France NA, US Phone: 20, place des vins d Fax..: Email: domaine@noos.fr Technical Info: NA Lyonnaise Communications 20, Place des Vins de France PARIS, PARIS FR Phone: +33 0153448652 Fax..: +33 0153448652 Email: domaine@NOOS.FR Billing Info: AUXIPAR NA NA 20, place des vins de France NA, US Phone: NA Fax..: Email: NA Status: Locked Domain servers in listed order: NS1.NOOS.NET NS2.NOOS.NET $ jwhois noos.net [Querying whois.internic.net] [Redirected to whois.register.com] [Querying whois.register.com] [whois.register.com] <...> Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: noos.net Created on..............: 07 Dec 1999 14:36:57 Expires on..............: 07 Dec 2005 14:36:57 Registrant Info: AUXIPAR Didier TATTEVIN 20, place des vins de France Paris, 75012 FR Phone: +33 153448181 Fax..: Email: domaine@noos.fr Administrative Info: AUXIPAR Didier TATTEVIN 20, place des vins de France Paris, 75012 FR Phone: +33 153448181 Fax..: Email: domaine@noos.fr Technical Info: Euroconnect.fr Pascal JULIENNE 130, rue du bourg Bele Le Mans, 72000 FR Phone: +33 243141276 Fax..: +33 243141277 Email: domaine@euroconnect.fr Billing Info: AUXIPAR AUXIPAR AUXIPAR 20, place des vins de France Paris, 75012 FR Phone: +33 153445959 Fax..: +33 153448704 Email: patricia.maillard@NOOS.COM Status: Locked Domain servers in listed order: ns-lemans-1.noos.net ns1.noos.net $ jwhois cybercable.fr [Querying whois.nic.fr] [whois.nic.fr] <...> domain: cybercable.fr address: Lyonnaise Communications address: 20, place des Vins de France address: 75012 Paris address: FR admin-c: DG2553-FRNIC tech-c: LC597-FRNIC zone-c: NFC1-FRNIC nserver: ns1.noos.net nserver: ns-lemans-1.noos.net mnt-by: FR-NIC-MNT mnt-lower: FR-NIC-MNT changed: frnic-dbm-updates@nic.fr 20020131 source: FRNIC person: Didier Gras address: Lyonnaise Communications address: 20, place des Vins de France address: 75614 Paris Cedex 12 address: FR phone: +33 1 53 44 65 00 fax-no: +33 1 53 44 81 80 e-mail: abuse@noos.fr liste-r: N nic-hdl: DG2553-FRNIC notify: ripe@euroconnect.fr changed: ripe@euroconnect.fr 20001010 changed: migration-dbm@nic.fr 20001015 source: FRNIC role: Lyonnaise Communications address: Lyonnaise Communications address: 20, place des Vins de France address: 75614 Paris Cedex 12 address: FR e-mail: hostmaster@cybercable.fr admin-c: DG2553-FRNIC tech-c: DP1707-FRNIC nic-hdl: LC597-FRNIC notify: hostmaster@cybercable.fr changed: hostmaster@cybercable.fr 20021016 source: FRNIC role: NIC France Contact address: Afnic address: immeuble international address: 2, rue Stephenson address: Montigny-Le-Bretonneux address: 78181 Saint Quentin en Yvelines Cedex address: FR phone: +33 1 39 30 83 00 e-mail: hostmaster@nic.fr admin-c: NFC1-FRNIC tech-c: PL12-FRNIC tech-c: JP-FRNIC tech-c: MS1887-FRNIC tech-c: VL-FRNIC tech-c: PR1249-FRNIC tech-c: PV827-FRNIC tech-c: GO661-FRNIC tech-c: MS-FRNIC tech-c: AI1-FRNIC nic-hdl: NFC1-FRNIC mnt-by: FR-NIC-MNT changed: tech@nic.fr 20011025 changed: tech@nic.fr 20020711 changed: sylvie.lacep@afnic.fr 20040805 changed: hostmaster@nic.fr 20041207 changed: hostmaster@nic.fr 20050823 source: FRNIC $ dig NS cybercable.fr ; <<>> DiG 9.3.1 <<>> NS cybercable.fr ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48439 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;cybercable.fr. IN NS ;; ANSWER SECTION: cybercable.fr. 86400 IN NS ns-lemans-1.noos.net. cybercable.fr. 86400 IN NS ns1.noos.net. ;; ADDITIONAL SECTION: ns1.noos.net. 95362 IN A 212.198.1.66 ;; Query time: 427 msec ;; SERVER: 192.168.0.77#53(192.168.0.77) ;; WHEN: Sat Aug 27 21:35:59 2005 ;; MSG SIZE rcvd: 99 $ host mx.noos.fr. mx.noos.fr has address 194.117.218.78