Adjust Font Size: A A       Guest settings   Register

Net Abuse from iinet.net.au

Discussion in the Administrative forum
Net Abuse from iinet.net.au
As many of you know who read the Administrative section, I take computer security seriously. And I fight SPAM as best I can. One thing I do to fight SPAM is get ISPs to investigate and shutdown computers that are conducting formmail scans. FormMail.pl is a CGI script for sending out mail based on a web form. When improperly setup, it allows SPAMmers to send out their junk to anywhere they like, using someone else's site as the origin. To cover their tracks, they often use computers with back doors or proxies installed on them without the user's knowledge. (This is one of the most popular uses for CodeRed infected machines.)

I usually allow ISPs three chances to get their abusive users cleaned up before I block them at the firewall. This is why you cannot reach this site from several QWest cities - their abuse team did nothing to curb these and/or various Microsoft based attacks. (Some ISPs in Texas are also blocked due to serious cracking attempts targeted directly at FreeBSD systems.)

But iinet.net.au is unusual on two accounts:
  1. The scans are coming from someone who actually views the site. I've never seen legitimate traffic along side attacks before.
  2. iinet.net.au says that they can't do anything without first contacting the local police.

I don't like the idea of bringing the police into this situation as, more often then not, the attacks are coming from people who "innocently" have back doors installed on their systems (thanks to Microsoft's bloatware over security inititive). However, iinet.net.au will not tell me whether or not they've contacted the offending user that he/she may be infected.

Since the attacks continue, I can only assume that they will not contact their own users to inform them that they may be helping spread SPAM, I will try before involving the police about these unauthorized access attempts. (All timestamps are in +09:00 JST.)

Recent surfing habbits:

  • May 1 17:37 - First access to top page.
  • May 1 17:38 - Looked at Open Talk forum list.
  • May 1 17:46 - Looked at Open Talk forum list.
  • May 1 17:59 - Looked at Open Talk forum list.
  • May 2 07:55 - Attack!
  • May 2 09:29 - Looked at Open Talk forum list.
  • May 2 18:16 - Attack!
  • May 3 16:36 - Attack!

This denotes the traffic from just one IP address in the iinet.net.au network block. There are others, but I have no way of knowing if they're the same person or not. Since this person seems particularly interested in the Open Talk forum, I'm guessing that he/she posted something there that was rejected. (Like something that's covered in the FAQ or, if it really is a SPAMmer's home account or proxy, a SPAM post - there have been quite a few lately.)

Nonetheless, if you fit the above description and are not intentionally running these scans, you need to have your computer investigated for trojans that make you look like the originator of these attacks. Since your ISP won't let you know about this, please look into it before the local police need to get involved.

About

This is a site about Pro Yakyu (Japanese Baseball), not about who the next player to go over to MLB is. It's a community of Pro Yakyu fans who have come together to share their knowledge and opinions with the world. It's a place to follow teams and individuals playing baseball in Japan (and Asia), and to learn about Japanese (and Asian) culture through baseball.

It is my sincere hope that once you learn a bit about what we're about here that you will join the community of contributors.

Michael Westbay
(aka westbaystars)
Founder

Search for Pro Yakyu news and information
Copyright (c) 1995-2024 JapaneseBaseball.com.
This work is licensed under a Creative Commons License.
Some rights reserved.