Porn bombs March 24, 2002 6:45 PM   Subscribe

Porn Bombs? I just read through that thread and it looks like "porn bombs" are a mix of regular old-fashion homecooked spam and people signing you up to adult sites and mailing lists. Today someone signed me up to 20 adults lists, both gay and straight - this guy wasn't taking any chances. Someone else I know who is "high-profile" got the same treatment today. (more)
posted by skallas to MetaFilter-Related at 6:45 PM (35 comments total) 1 user marked this as a favorite

Is some troller going after Mefites? Luckily one of the confirmation emails had this persons IP address:


The ip number of your computer was 64.170.52.149
The hostname of the service provider used was adsl-64-170-52-149.dsl.lsan03.pacbell.net

If anyone is getting the same treatment, open all the emails and see what the IP is. This one is a pacbell.net IP and I've already complained, but the more complaints the better. I'm really hoping this isn't the newest outlook virus and everyone in someone's address book is getting signed up all over the place.
posted by skallas at 6:48 PM on March 24, 2002


According to my log files, there was a user hitting metafilter today with that IP address. At 3AM and 5AM today, the user named phalkin made comments to metafilter from that IP address. You might want to email him and ask what is up, and of course he may be not guilty here.

I got the same treatment a few months ago.
posted by mathowie (staff) at 11:03 PM on March 24, 2002


> adsl-64-170-52-149.dsl.lsan03.pacbell.net

Honestly, a timestamp and that IP information should be enough to get whoever it was in trouble bigtime with their ISP. When I used to work for Speakeasy, a quick note to abuse@ would get someone on a short list to "three strikes you're out" and those IP addresses, even if they have dynamic IP addressing, are a pretty dead indicator of one single machine or home network.
posted by jessamyn at 11:14 PM on March 24, 2002


I was hit as well, not nearly as much porn as computer related internet.com and zdnet.com lists. Luckily most of it got revoked by the listservs when it noticed that the mail was forged.

I have another IP to offer (quoted from a listserv):

"They connected from IP: 63.26.116.75 They used this browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"

That IP shows up in about 20 of the subscribes. It's in Baton Rouge, LA, I believe. I already emailed uunet about it.

Jessamyn, I've been told that "lsan03" is Los Angeles.
posted by perplexed at 11:22 PM on March 24, 2002


Yep I can also confirm 63.26.116.75. The someone I mentioned earlier caught it too.
posted by skallas at 11:29 PM on March 24, 2002


How are you guys finding the IP of the subscriber in the trash mail? I have this similar problem, but I don't see any in the representative sample I've taken that list the IP of the person who signed me up? Please advise...
posted by evanizer at 12:14 AM on March 25, 2002


I have been getting hit too, and this after months and months of absolutely no spam at all.
Ditto on evanizer's question.
posted by anathema at 2:50 AM on March 25, 2002


I've been having trouble too.

It'd be interesting to find out whether we've been getting the same stuff.


posted by Spoon at 4:02 AM on March 25, 2002


i have been signed up to simpleattraction.com i think, or it could be typical hotmail spam?
posted by Frasermoo at 4:40 AM on March 25, 2002


Before anyone thinks all their porn spam in metafilter-based: these people specifically started getting porn spam on one day, after someone signed them up to lists. This is different than your average pointless porn spam. I've gotten subscribed to porn under an obvious name "sorrymatt@my domain" but for the most part my spam comes from scrapers that pull it off the many webpages out there with my email shown clearly.
posted by mathowie (staff) at 8:55 AM on March 25, 2002


This wasn't your typical unsolicited porn spam, this was about 400 subscribe requests to mailing lists in a 4 hour period.
posted by perplexed at 10:51 AM on March 25, 2002


According to a source of mine phalkin says he's innocent. He also says 6 people use his PC so it could be someone else. I'll try to draw him to this thread. Interesting post from phalkin:
Though I hardly thought then (nor do I think now) that what I did was a crime, I know that others - especially the feds - think that anything involving the unexplored arts of hacking/cracking MUST be evil. (I hacked together the tools that I used to crack the passwd file, a distinction lost on most people.)

I can only hope that some day, people will overcome the rampant technophobia that blurs the line of distinction between hobby and harm. Until then, I'll just stick to my harmless MP3s.

Until THAT carries the threat of life in prison.
posted by skallas at 3:36 PM on March 25, 2002


along with the more important context, skallas:

This just makes me glad I got all the cracking out of mysystem when I was younger. When I got caught then, it was a stern visit from men in cheap suits. Now... I fear to contemplate what the results would be.
posted by moz at 3:42 PM on March 25, 2002


moz, I'm just pointing out that he has a history of being shady. I'm just waiting for him to email me back or join the thread.
posted by skallas at 4:03 PM on March 25, 2002


Regardless, its a pretty big fucking coincidence that Phalkin's IP ends up in one of my spam emails. All these metafilter users are getting hit by porn bombs and this guy's IP magically matches up with Matt's access logs? If anyone wants to contact him here you go:
Organization:
phalkin.com
Brian Anspach
n/a
Los Angeles, CA 90020
US
Phone: 213-384-6588
Email: phalkin@sbcglobal.net

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: PHALKIN.COM

Created on..............: Mon, Nov 26, 2001
Expires on..............: Tue, Nov 26, 2002
Record last updated on..: Mon, Nov 26, 2001

Administrative Contact:
phalkin.com
Brian Anspach
n/a
Los Angeles, CA 90020
US
Phone: 213-384-6588
Email: phalkin@sbcglobal.net

Technical Contact, Zone Contact:
Webcountry.net
Phil Shapiro
18653 Ventura Blvd. - Suite 432
Tarzana, CA 91356
US
Phone: 818-728-1128
Fax..: 818-728-1120
Email: phil@webcountry.net

Domain servers in listed order:

SERVER.WEBCOUNTRY.NET 216.65.11.2
NS2.WEBCOUNTRY.NET 216.65.111.3
His current email is phalkin@phalkin.com
posted by skallas at 4:09 PM on March 25, 2002


A witch! A witch! Burn him! Burn him!
posted by evanizer at 4:34 PM on March 25, 2002


Yea, no kidding, evan....

Perhaps the "waiting for him to email me back or join the thread" could have lasted more than six minutes before adding that second post.

No doubt you were just being helpful and not encouraging others to bombard him, skallas, but let's give him the benefit of the doubt and a possibility of a reply/explanation before others get too riled up and start forming a mob, eh?

posted by cyniczny at 5:25 PM on March 25, 2002


That post got his attention and he did email me. He can deny this all day long, but without an explanation I ain't buying it. Today I got 10 requests to confirm some crap internet loan spam.
posted by skallas at 5:33 PM on March 25, 2002


For those of you wondering:
Phalkin admits his guilt and promises to stop bugging me.


posted by skallas at 8:56 PM on March 25, 2002


Christ. And how many other people has he pulled this shit on, who are going to get porn spam for the rest of their (email acount's) life? I think our boy owes some people some answers, at the least.
posted by rodii at 9:05 PM on March 25, 2002


His account is suspended/blocked so he doesn't gather anymore email addresses while logged in.
posted by skallas at 9:07 PM on March 25, 2002


I've had a new address on my profile for four days now @BayInsider.com and have received nothing but genuine messages from MetaFilter members. So I guess this was a spur-of-the-moment, big practical joke, whereby someone went crazy one night and decided to spam a lot of us en masse. Though I'd be very surprised if it was phalkin - check out his entirely bona fide and cheerful posting history.

In any case, I think it best for those most affected to change their addresses and start all over again. My old account, which I depended on, is ruined. Why don't we all use free Bay Insider addies exclusively for all our MetaFilter needs and keep our own private account private, apart from Matt, who may need to contact us urgently?
posted by MiguelCardoso at 9:22 PM on March 25, 2002


I guess we really should burn him... Why did he do it, skallas? I'm amazed.
posted by evanizer at 9:26 PM on March 25, 2002


Though I'd be very surprised if it was phalkin - check out his entirely bona fide and cheerful posting history.

We both know that's a naive statement. Its like the hackneyed neighbors of a serial killer, "He always seemed so nice, and he even took out Mrs. Anderson's trash after she lost her husband."


Why did he do it, skallas?

I don't know and I don't want to know. This has been very frustrating. I must have spent 4 or 5 hours just investigating him and working with other people on finding out who our little culprit is. He's just some script kiddie in an art school in LA with a lil app or something that lets him punch in email addresses and then it forwards them on to 100 web mailing lists. Its probably the script kiddie hacker mentality "if I can do it, I will." Its the opposite of what makes the net an amazing thing, its the digital equivalant of lighting a bag of poo on fire on someone's steps and ringing the doorbell.

posted by skallas at 9:41 PM on March 25, 2002


Wow. Caught the guy red handed. Way to go skallas.
posted by dcgartn at 10:04 PM on March 25, 2002


Skallas now appears forever in my mind with a blue cape and a big red "S" on his chest!

Striking a blow for justice! Well done, sir.
posted by stavrosthewonderchicken at 3:20 AM on March 26, 2002


Skallas, you are now, and forever more, my hero. In my case, most of the cleanup was actually done by the guys on the university side, so I was unable to verify if phalkin was the source of the crap I got. Either way, what you did was outstanding, and I salute you, Sir!
posted by Wulfgar! at 6:16 AM on March 26, 2002


At least he'll know enough to do it through an anonymizer next time.
posted by crunchland at 7:06 AM on March 26, 2002


Are you always negative, cynical and unpleasant, crunchland, or only here at MeTa?

Just askin'.
posted by stavrosthewonderchicken at 7:37 AM on March 26, 2002


i'm scared of skallas. i hear tell he killed a man once jus' fer snorn'.
posted by dong_resin at 7:47 AM on March 26, 2002


Miguel, of course the user profile stored in Google's cache still show's your old data to the world.

[sorry hadda point it out]
posted by DBAPaul at 7:52 AM on March 26, 2002


I prefer to think of myself as realistic and practical, stavros, but if you want to label it negative and cynical, go right ahead. As for the unpleasant part... I think that's a matter of opinion.
posted by crunchland at 8:25 AM on March 26, 2002


DBAPaul: Um, oh yes? Ok, thanks, I guess I.../me shoots other foot for the sake of parity and extra penance. :)
posted by MiguelCardoso at 8:33 AM on March 26, 2002


Yeah, I've been getting a lot of spam lately, too. (sorry, late to the party).

To blindly sign up people to get spam seems kinda, um.. stupid.

Any good ideas for cleaning up the mess? (i.e. getting us off the spam lists)
posted by rich at 8:44 AM on March 26, 2002


I have to say, using Mailwasher has worked wonders in the short time I've used it, since someone mentioned it here on metafilter. You run it in front of your email client, and it intercepts incoming mail, blacklisting and bouncing the spam, making it look like your email address is invalid. In the past week, I've gone from 150+ spam messages a day, to almost none.
posted by crunchland at 2:29 PM on March 26, 2002


« Older Absolut Metafilter   |   Unrequested Password Requests Newer »

You are not logged in, either login or create an account to post comments