nanog mailing list archives

Re: WARNING: Whois mining operation (probably spam related).

From: Scott Francis <darkuncle () darkuncle net>
Date: Sun, 3 Feb 2002 02:53:50 -0800

On Sun, Feb 03, 2002 at 02:34:46AM -0600, nanog () adns net said:


Starting about 6am eastern time, we began getting several hundred hits per
second from IP address 195.188.22.6 to our WHOIS server.

It appears that they were running a rather well endowed dictionary against
the database.

Beware - these are spammers (I know the address very well). Check your logs
if you have any email servers or whois databases.

This is a jerk from England who is a known fraudster.

====
[sfrancis@silverlight:~]$ whois -r 195.188.22.6
<snip>
descr:        Please forward abuse issues
descr:        to abuse () blueyonder co uk
<snip>
====

http://help.blueyonder.co.uk/rules/aup.html

If this guy is obviously spamming, or data mining in preparation for
spamming, it seems that blueyonder.co.uk could be contacted to have his
access yanked. Failing that, cableinet.net could be contacted to have
blueyonder.co.uk yanked.

Of course, you may have already tried this and received little/no
cooperation. *sigh*

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

Attachment: _bin
Description:

Current thread:

WARNING: Whois mining operation (probably spam related). John Palmer (NANOG Acct) (Feb 03)
- Re: WARNING: Whois mining operation (probably spam related). Scott Francis (Feb 03)
  - Re: WARNING: Whois mining operation (probably spam related). Stephen J. Wilcox (Feb 03)
  - Re: WARNING: Whois mining operation (probably spam related). Tony Rowley (Feb 03)