Anyone from or know anyone at: Moebius Systems Ltd ...?
Anyone on here responsible for: inetnum: 202.37.129.0 - 202.37.129.255 netname: MOEBIUS-NZ descr: Moebius Systems Ltd descr: Auckland country: NZ admin-c: JM113-AP tech-c: JM113-AP status: ASSIGNED PORTABLE mnt-by: APNIC-HM mnt-by: MNT-HIST-NZT-MOEBIUS-NON-NZ or anyone know this twit: Registrant Contact: SitesOnline Warwick Berg (soa(a)soa.net) +64.800943268 Fax: +64.75723129 P O Box 4556 Mt Maunganui, 3002 NZ ... he manages a server (202.37.129.44) and just spent a great amount ot time insulting me, and telling me how the message I gave him (that I recorded as spam here) didn't actually originate from his server (which must mean someone is faking my logs as well as the headers?!?!?!) and not actually doing anything about the fact his server is spewing 419 scam emails... If anyone can shed any light on the issue or the admin there, please contact me. Thanks, Matthew (BCC'd to the netblock registrant just incase it is still a live address)
Hi Matthew, I used to look after that netblock a couple of years ago. Why my details are still on it I don't know. Although Warwick owns those machines he's probably not the best person to be talking to. I'd try one of his tech guys: Andrew Hutchinson: 027 448 3997 Richard Haakma: 021 631 931 HTH James McGlinn BCom, BSc, Zend Certified Engineer (PHP) Director Nerds Inc. The Loft, 201 Hobson St, Auckland (09) 377 5663 / (021) 633 234 http://www.nerdsinc.co.nz/ On Jun 15, 2006, at 2:19 AM, Matthew Sullivan wrote:
Anyone on here responsible for:
inetnum: 202.37.129.0 - 202.37.129.255 netname: MOEBIUS-NZ descr: Moebius Systems Ltd descr: Auckland country: NZ admin-c: JM113-AP tech-c: JM113-AP status: ASSIGNED PORTABLE mnt-by: APNIC-HM mnt-by: MNT-HIST-NZT-MOEBIUS-NON-NZ
or anyone know this twit:
Registrant Contact: SitesOnline Warwick Berg (soa(a)soa.net) +64.800943268 Fax: +64.75723129 P O Box 4556 Mt Maunganui, 3002 NZ
... he manages a server (202.37.129.44) and just spent a great amount ot time insulting me, and telling me how the message I gave him (that I recorded as spam here) didn't actually originate from his server (which must mean someone is faking my logs as well as the headers?!?!?!) and not actually doing anything about the fact his server is spewing 419 scam emails...
If anyone can shed any light on the issue or the admin there, please contact me.
Thanks,
Matthew
(BCC'd to the netblock registrant just incase it is still a live address)
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) so perhaps he's not a complete bad guy. Maybe you could suggest to him to check that he has the latest version. *Justin Cook* Developer http://www.skull.co.nz/ *Skype* justincookskull skype:justincookskull?call My status skype:justincookskull?call Matthew Sullivan wrote:
Anyone on here responsible for:
inetnum: 202.37.129.0 - 202.37.129.255 netname: MOEBIUS-NZ descr: Moebius Systems Ltd descr: Auckland country: NZ admin-c: JM113-AP tech-c: JM113-AP status: ASSIGNED PORTABLE mnt-by: APNIC-HM mnt-by: MNT-HIST-NZT-MOEBIUS-NON-NZ
or anyone know this twit:
Registrant Contact: SitesOnline Warwick Berg (soa(a)soa.net) +64.800943268 Fax: +64.75723129 P O Box 4556 Mt Maunganui, 3002 NZ
... he manages a server (202.37.129.44) and just spent a great amount ot time insulting me, and telling me how the message I gave him (that I recorded as spam here) didn't actually originate from his server (which must mean someone is faking my logs as well as the headers?!?!?!) and not actually doing anything about the fact his server is spewing 419 scam emails...
If anyone can shed any light on the issue or the admin there, please contact me.
Thanks,
Matthew
(BCC'd to the netblock registrant just incase it is still a live address)
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) so perhaps he's not a complete bad guy. Maybe you could suggest to him to check that he has the latest version.
We have been a victim of this several times in the last couple of months. The spammer creates a legitimate account and then has a robot that he/they use to drive squirrelmail to send their spam. We have had to put a number of measures in place to prevent this form of abuse. Glen.
Glen Eustace wrote:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) so perhaps he's not a complete bad guy. Maybe you could suggest to him to check that he has the latest version.
We have been a victim of this several times in the last couple of months. The spammer creates a legitimate account and then has a robot that he/they use to drive squirrelmail to send their spam. We have had to put a number of measures in place to prevent this form of abuse.
Such spammers can be *very* persistent. One of our faculties operated a web based mail system for students (not Squirrelmail) and had a very persistent hacker who systematically worked around what ever restrictions they put in place over a period of a few months. They finally made it more trouble than it was worth to abuse. Russell.
We have been a victim of this several times in the last couple of months. The spammer creates a legitimate account and then has a robot that he/they use to drive squirrelmail to send their spam. We have had to put a number of measures in place to prevent this form of abuse.
Such spammers can be *very* persistent. One of our faculties operated a web based mail system for students (not Squirrelmail) and had a very persistent hacker who systematically worked around what ever restrictions they put in place over a period of a few months. They finally made it more trouble than it was worth to abuse.
Yep, sounds like the same sort of character. One of my obstacles, which wasn't visible in anyway only took him 2 hours to discover !! He was also quite happy to buy services using a stolen credit card in order to get access to webmail. Our current position is that we have put sufficient obstacles in place that do not adversely effect legitimate customers that he has not tried again for a couple of weeks now, but an awful lot of spam was sent through us while I was doing my best to get (and stay) ahead of him. So a general warning to people running webmail to be on the lookout. Look for multiple successive send 'POST's with between 20 and 50 receipents. This is not activity that someone using a browser is likely to produce. Glen.
Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) so perhaps he's not a complete bad guy. Maybe you could suggest to him to check that he has the latest version.
Trying to tell the guy that the spam actually came from his server is the biggest issue - he is adamant that I made up the headers and that his server couldn't possibly be spamming... :-/ / Mat
participants (5)
-
Glen Eustace -
James McGlinn -
Justin Cook -
Matthew Sullivan -
Russell Fulton