Page 1 of 3 123 LastLast
Results 1 to 40 of 94
  1. #1
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842

    Watch Out - Spammer: <<<removed>>> [Domain: hamptonsballer.com]

    I got a signup from this guy and everything seemed to check out (fraud check wise that is), so I activated the account. Within 5 minutes of activating the account, I got notified by the server that the account was spamming. I suspended it and the guy demanded a refund or he'd post all about me on WHT - I figured I'd beat him to the chase

    Avoid this guy!
    <<<removed>>>
    Domain = hamptonsballer.com
    IP Address = 24.186.203.157

    Time: Wed Apr 2 01:14:29 2008
    Path: /home/hamptons/public_html
    Count: 101 emails sent

    Sample of the first 10 emails:

    2008-04-02 01:09:50 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvEM-000362-CM
    2008-04-02 01:12:57 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvHN-0003Ag-5X
    2008-04-02 01:12:57 1JgvHN-0003Al-Fe <= [email protected] U=hamptons P=local S=654 T="Mortgage Relief"
    2008-04-02 01:12:59 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvHP-0003Aq-3R
    2008-04-02 01:12:59 1JgvHP-0003Av-CS <= [email protected] U=hamptons P=local S=654 T="Mortgage Relief"
    2008-04-02 01:13:01 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvHR-0003B0-1p
    2008-04-02 01:13:01 1JgvHR-0003B5-Ak <= [email protected] U=hamptons P=local S=654 T="Mortgage Relief"
    2008-04-02 01:13:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvHS-0003BB-Mn
    2008-04-02 01:13:02 1JgvHS-0003BG-Vb <= [email protected] U=hamptons P=local S=654 T="Mortgage Relief"
    2008-04-02 01:13:04 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1JgvHU-0003BL-EP


    Possible Scripts:

    /home/hamptons/public_html/seed.php
    Last edited by SoftWareRevue; 05-21-2008 at 09:47 AM. Reason: Removed name
    Nick Hudson - Prevail Host LLC - http://www.prevail.host/
    Premium Quality cPanel Hosting Services - CloudLinux, LiteSpeed & SSD
    WHMControl - Secure Your Server Logins & Automate Password Changes

  2. #2
    Join Date
    Jan 2007
    Location
    Miami Beach, FL, USA
    Posts
    764
    Since you are a premium member, you can view another thread about this guy.

    http://www.webhostingtalk.com/forumdisplay.php?f=87

    Look on the bottom.
    Website Design and Marketing in France
    www.SagaNET.fr

  3. #3
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842

  4. #4
    Join Date
    Jul 2005
    Location
    Los Angeles, California
    Posts
    1,369
    Thanks for the heads up. I'll be sure to watch out for this guy and if he tries to sign up I'll block him .
    Rageki Web Hosting Solutions - Canada & United States Web Hosting
    DirectAdmin & cPanel Control Panels
    99% Uptime!
    30 Day Money Back Guaranteed!

  5. #5
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,911
    Thank you for the heads up Nick!

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    +1, if I could give rep I would. Thank you for the heads up.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  7. #7
    Join Date
    Jul 2007
    Location
    Does it matter?
    Posts
    146
    Thanks for the info. But i dont think one can stop the spam seriously he can register with another name and another e-mail, Basically i say phone verification Might solve the problems.

  8. #8
    Join Date
    Jan 2005
    Location
    NSW, Australia
    Posts
    307
    Had this guy sign up recently under a different name.
    We do web hosting on the cloud. And we do it well. | catsnine.com

  9. #9
    Join Date
    Oct 2007
    Location
    United States
    Posts
    563
    Yeah had this guy sign up with us last week, fortunately we caught what he was doing early on before he sent out too much.

    Used the same domain name and email but registered with the name Nick Dazzalo
    eLief - Where your business matters.
    cPanel Hosting - Reseller Hosting - VPS - Dedicated Servers - Magento Specialists
    Celebrating over 4 years of providing quality hosting.
    cPanel/WHM - LiteSpeed - CloudFlare - R1Soft Backups - 15k Cheetah's - 24x7 Support ›› eLief.com

  10. #10
    Join Date
    Jan 2005
    Location
    Richmond, VA
    Posts
    3,102
    Thank you very much for the alert!
    Daniel B., CEO - Bezoka.com and Ungigs.com
    Hosting Solutions Optimized for: WordPress • Joomla • OpenCart • Moodle
    Data Centers in: Chicago (US), London (UK), Sydney (AU), Sofia (BG), Pori (FI)
    Email Daniel directly: ceo [at] bezoka.com

  11. #11
    Join Date
    Jul 2005
    Location
    Los Angeles, California
    Posts
    1,369
    Quote Originally Posted by James Peter View Post
    Thanks for the info. But i dont think one can stop the spam seriously he can register with another name and another e-mail, Basically i say phone verification Might solve the problems.
    If he has a static IP you could always just block it with the firewall incase he turns out to be a future hacker.
    Rageki Web Hosting Solutions - Canada & United States Web Hosting
    DirectAdmin & cPanel Control Panels
    99% Uptime!
    30 Day Money Back Guaranteed!

  12. #12
    Join Date
    Oct 2007
    Location
    United States
    Posts
    563
    Last edited by SoftWareRevue; 05-21-2008 at 09:49 AM. Reason: Removed name
    eLief - Where your business matters.
    cPanel Hosting - Reseller Hosting - VPS - Dedicated Servers - Magento Specialists
    Celebrating over 4 years of providing quality hosting.
    cPanel/WHM - LiteSpeed - CloudFlare - R1Soft Backups - 15k Cheetah's - 24x7 Support ›› eLief.com

  13. #13
    Join Date
    Mar 2008
    Location
    South England
    Posts
    62
    Cheers

    Peace

  14. #14
    Join Date
    Jul 2007
    Location
    Jupiter, Florida
    Posts
    405
    neither of his domains are live to the net - odd goat
    Barak Hosting
    http://barakhosting.com
    Shared, VPS & Dedicated Hosting - Lunatic Support is what sets us apart

  15. #15
    Join Date
    Mar 2008
    Location
    Port Saint Lucie, Florida
    Posts
    35
    very interesting. Good heads up on this guy.
    Jason Jersey, C.E.O.
    Optic Burst Communications Group, Inc.
    Cloud Web Hosting

  16. #16
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    This individual just signed up with us, and thanks to this forum I recognized the domain and the e-mail account.

    IP Address: 24.190.11.55
    Host: ool-18be0b37.dyn.optonline.net

    The IP is changing as it is most likely issued by DHCP.

    Due to our privacy policy I cannot disclose any further information about this, but guys keep your eyes open.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  17. #17
    Join Date
    May 2007
    Location
    London, UK
    Posts
    53

  18. #18
    Join Date
    Dec 2007
    Location
    Ringgold, GA
    Posts
    52
    Another instance:

    <<<removed>>>
    [email protected]
    <<<removed>>>

    IP: 69.114.22.111
    Host: ool-4572166f.dyn.optonline.net

    Domain Used: imagine8.com

    E-Mail Address Folder: ./staxxwaffles


    Same instance of seed.php used resulting in access to hamptonsballer.com.

    Also be on the look out for any folders matching waffle* or *waffle. We found thousands of e-mail addresses in a folder with a similar name in which the script was using and mass mailing by way of seed.php.
    Last edited by SoftWareRevue; 05-21-2008 at 09:52 AM. Reason: Removed name and address

  19. #19
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by AirborneFive View Post
    Another instance:

    <<<removed>>>
    [email protected]
    <<<removed>>>

    IP: 69.114.22.111
    Host: ool-4572166f.dyn.optonline.net

    Domain Used: imagine8.com

    E-Mail Address Folder: ./staxxwaffles


    Same instance of seed.php used resulting in access to hamptonsballer.com.

    Also be on the look out for any folders matching waffle* or *waffle. We found thousands of e-mail addresses in a folder with a similar name in which the script was using and mass mailing by way of seed.php.
    This is confirmed - and this individual appears to be using stolen PayPal accounts to sign up. Just keep your eyes open.
    Last edited by SoftWareRevue; 05-21-2008 at 09:53 AM. Reason: Quoted text edited
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  20. #20
    Join Date
    Sep 2005
    Location
    In canada
    Posts
    3,213
    Same script used by some spammer i reported here at wht few weeks back. Hmm time to block seed.php somehow files from even running on server !

  21. #21
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,686
    I just had this file uploaded this morning and used on one of our servers.

    The clients name was Ricardo Perez.

    I notified LiquidWeb, who seem to be hosting the hamptonsballer.com domain name and Verizon, the ISP from signup.

    The domain that was used was trafficmonster.com
    EZPZ Hosting - Dependable and Affordable Web Hosting
    LiteSpeed SSD Powered cPanel Shared & Reseller Hosting | Budget VPS, Managed VPS and Dedicated
    Reseller Hosting Specialists | WHMCS-Based End User Support | Unlimited SSLs | UK and USA
    99.9% Uptime Guarantee | 24/7 Support | 30 Day Money Back Guarantee

  22. #22
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,482
    I have not had this person sign up with us so thats a bonus
    If so I will keep an open eye Thanks
    l Dedigeeks (Twitter) • Shared • Reseller • Cloud VPS • Since 2010
    l Leading AU Hosting Provider • Multiple locations - around the globe!
    l cPanel/WHM • R1Soft Backups • 24/7/365 Support • 99.9% Uptime Guarantee
    l www.yourcompanynamehere.com • Customer Service Rep. • Superior Service Guarantee

  23. #23
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by Jaxair View Post
    I have not had this person sign up with us so thats a bonus
    If so I will keep an open eye Thanks
    I think the person is probably browsing these forums and watching this thread. They've signed up with us twice. Once after my "thanks for the warning" and then again after I posted that they had signed up for our service and been shut down.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  24. #24
    Join Date
    May 2008
    Location
    U.S.A.
    Posts
    77
    I received a signup from a spammer with extremely similar behavior to the one mentioned on this thread. He signed up with a PayPal account under the name <<<removed>>> - maybe a typo or just a different PayPal account).

    The IP I have is 72.23.126.142 which traces back to Youngstown, OH.

    If this is not the same guy then it might be a friend of his. spauticalstylen.info was the domain name for the signup I recieved. This is similar to spautical.com I think his nickname is spautical on digitalgangster.com, a message board full of malicious net users:

    digitalgangster.com/4um/member.php?u=5882

    It seems other people on that message board are also from Ohio.
    Last edited by SoftWareRevue; 05-21-2008 at 09:54 AM. Reason: Removed name

  25. #25
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,482
    Does this become scarier by the minute? - I am not sure what one can do but block their attempts to buy webhosting. If in that situation can't you report them to some web authority?
    l Dedigeeks (Twitter) • Shared • Reseller • Cloud VPS • Since 2010
    l Leading AU Hosting Provider • Multiple locations - around the globe!
    l cPanel/WHM • R1Soft Backups • 24/7/365 Support • 99.9% Uptime Guarantee
    l www.yourcompanynamehere.com • Customer Service Rep. • Superior Service Guarantee

  26. #26
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by Jaxair View Post
    Does this become scarier by the minute? - I am not sure what one can do but block their attempts to buy webhosting. If in that situation can't you report them to some web authority?
    It doesn't seem that they are actually breaking any laws, other than violating the Terms of Service after signing up - and in which case unless there are damages you really don't have anything you can do besides terminating the account for ToS violation.

    Us webhosts just have to stay on our toes!
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  27. #27
    Join Date
    May 2008
    Location
    U.S.A.
    Posts
    77
    Maybe there needs to be a web authority! One that can organize information on spammers and scammers then coordinate with law enforcement when necessary, which might actually make their jobs easier if you think about it. I say law enforcement because this spammer spiked the server CPU so bad it effectively became a denial of service attack.

  28. #28
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,482
    Yeah, though How about their thefts of PayPal Accounts and signing up for Services. Wouldn't the theft of a PayPal Account be in Violation of Stealing?
    l Dedigeeks (Twitter) • Shared • Reseller • Cloud VPS • Since 2010
    l Leading AU Hosting Provider • Multiple locations - around the globe!
    l cPanel/WHM • R1Soft Backups • 24/7/365 Support • 99.9% Uptime Guarantee
    l www.yourcompanynamehere.com • Customer Service Rep. • Superior Service Guarantee

  29. #29
    Join Date
    May 2008
    Location
    U.S.A.
    Posts
    77
    PayPal account theft is stealing and probably illegal. If there was a web authority of some sort they could help to make hosting providers aware of certain people and typical suspicious activity. That might be useful even where law enforcement does not apply.

  30. #30
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,482
    Well true yes, But how would the company warn every single website host? That would be effort on its own. Stopping Fraudsters and Scammers is a major challenge.
    l Dedigeeks (Twitter) • Shared • Reseller • Cloud VPS • Since 2010
    l Leading AU Hosting Provider • Multiple locations - around the globe!
    l cPanel/WHM • R1Soft Backups • 24/7/365 Support • 99.9% Uptime Guarantee
    l www.yourcompanynamehere.com • Customer Service Rep. • Superior Service Guarantee

  31. #31
    Join Date
    May 2008
    Location
    U.S.A.
    Posts
    77
    In my idealistic dreaming I see it as an organization more than a company, though a company would be fine as long as it has the resources. Either way they would need to publish information and advertise in popular things hosting providers read. I'm sure a lot of us get Web Host Industry Review. Many of us are on this message board, too. If the web authority were to be effective it would probably have an ad here and on similar popular sites, too. If it were non-profit that would have the most impact since companies already spend so much money on anti-fraud services and still receive bogus signups.

  32. #32
    Join Date
    Aug 2004
    Location
    SF, CA, USA
    Posts
    155
    Another instance:

    <<<removed>>>
    [email protected]
    <<<removed>>>

    IP: 69.60.118.197
    Host: 197-118-60-69.serverpronto.com

    The order seems to have been placed through a proxy.

    Domain Used: latenite.com

    E-Mail Address Folder: ./staxxtequila

    Same instance of seed.php used resulting in access to hamptonsballer.com.

    Also be on the look out for any folders matching staxx*.

    We too found lots of e-mail addresses in a folder with a similar name in which the script was using and mass mailing by way of seed.php.
    Last edited by SoftWareRevue; 05-21-2008 at 09:56 AM. Reason: Removed name and address
    Robert Navarro
    Phiivo.com
    Fun, Personal, Programming!

  33. #33
    Join Date
    Jan 2006
    Location
    Roswell, GA
    Posts
    192
    Last edited by SoftWareRevue; 05-21-2008 at 09:58 AM. Reason: Removed name and address

  34. #34
    Join Date
    Jan 2006
    Location
    Roswell, GA
    Posts
    192
    And.... Paypal has now marked the payment as fraudulent, placed a hold on the funds in question, and opened a dispute case with us.

  35. #35
    He now used these details

    <<<removed>>>
    [email protected]
    <<<removed>>>

    He also logged into the whm from a serverpronto server. I will contact them to notify this.

    He managed to send out 40GB of spam in 2 hours before I noticed this and 25 GB was left in the mail queue which I am deleting now.

    What software do you use to monitor this activity? I only noticed in 2 hours when I got an automated traffic usage report.
    Last edited by SoftWareRevue; 05-21-2008 at 09:59 AM. Reason: Removed name and address

  36. #36
    I use serverpronto and can assure you they will act on your contact immediately.

  37. #37
    well, it doesn't seem likely because the IP address I have is exactly the same as other people posted previously here. I am guessing they also contacted serverpronto, but that customer is still there.
    It's also pretty annoying that the control panel auto-suspend didn't kick in, as he had only a 10GB package, but managed to upload 40GB through smtp.

  38. #38
    Join Date
    Dec 2007
    Location
    Ringgold, GA
    Posts
    52
    Now Using:

    <<<removed>>>

    Host: 454a1d83.cst.lightpath.net
    IP Address: 69.74.29.131

    Domain Used: ambrose.com

    Folder Name: ./staxxmakelolmoney

    Same instance of seed.php used to mass e-mail from the above-mentioned website.


    It certainly is getting old. I've filed more complains just since the start of 2008 than I have in the past 6 years combined.
    Last edited by SoftWareRevue; 05-21-2008 at 10:01 AM. Reason: Removed name and address

  39. #39
    Join Date
    May 2007
    Location
    Dublin, California
    Posts
    238
    It seems that his website - hamptonsballer.com, if he still owns it - is now being hosted by Liquidweb. Is there nothing that can done to prevent this guy from spamming? Possibly blacklist his domain(s)?

  40. #40
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    630
    Quote Originally Posted by AirborneFive View Post
    Now Using:

    <<<removed>>>

    Host: 454a1d83.cst.lightpath.net
    IP Address: 69.74.29.131

    Domain Used: ambrose.com

    Folder Name: ./staxxmakelolmoney

    Same instance of seed.php used to mass e-mail from the above-mentioned website.
    Got an order from the same name. Terminated immediately.
    Last edited by SoftWareRevue; 05-21-2008 at 10:01 AM. Reason: Quoted text edited
    SupportPal - Smart self-hosted help desk software
    Supporting multiple channels, including Twitter and Facebook. WHMCS integration available.
    LicensePal - Discounted popular web hosting software licenses
    cPanel, InterWorx, SolusVM, CloudLinux, Blesta, Softaculous, Installatron, and much more!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •