Maliciousl User

Maliciousl User

Postby Thorn » Tue Feb 24, 2004 8:58 am

gojeda AKA cocacola

This is a rather drastic step, but I'm forced to make it as a warning to other members here.

On 02-02-2004, new member joined under the name gojeda. 10 posts were made within a the next week and a half, and most had to be moved or removed, as they tended to be little more than personal attacks. Several of you complained via PMs or the "Report this Post" function about him.

Last night, gojeda came back, and after seeing a fresh post starting in on the same pattern, I banned him. He immediately rejoined under the name cocacola and continued posting. aFR was then contacted and the IP address ( banned as well as the name cocacola.

This morning I recived three emails with spoofed addresses for the same IP address.

All three contained .zip files. One scanned positive for a virus/worm. While I did not bother to scan the others, I suspect that they also contained malicous code.

At this time, I have started an abuse complaint ticket at the ISP listed as controlling that IP.

Owning to the nature of some of the messages here, I suspect some other members may also be the target of malicous email. If anyone else does get some, I would urge you to contact the ISP listed below, and request an abuse complaint be lodged.

02/24/04 11:47:09 dig
Dig ...
Non-authoritative answer
Recursive queries supported by this server
Query for type=255 class=1 PTR (Pointer) NS (Nameserver) NS (Nameserver) NS (Nameserver) A (Address) A (Address) A (Address)

02/24/04 11:48:32 IP block
Trying at ARIN
Trying 209.42.47 at ARIN

OrgName: DSLi Corppration
Address: 5000 sw 75 ave
Address: 3rd Floor
City: Miami
StateProv: FL
PostalCode: 33155
Country: US

NetRange: -
NetHandle: NET-209-42-32-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DSLI.COM
RegDate: 2001-03-05
Updated: 2003-05-29

TechHandle: WIQ-ARIN
TechName: Iqbal, Wajid
TechPhone: +1-305-779-7777

TechHandle: RM1896-ARIN
TechName: Martinez, Roberto
TechPhone: +1-305-779-7777

OrgTechHandle: MMB7-ARIN
OrgTechName: Bustamante, Mario M
OrgTechPhone: +1-305-507-7777

# ARIN WHOIS database, last updated 2004-02-23 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
Stop the TSA now! Boycott the airlines.
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Re: Maliciousl User

Postby audit » Tue Feb 24, 2004 9:39 am

This isn't a drastic step in my book, I'm sure that most of the people here know that I would've done the same thing and then some.

I'm also sure that some of the regular infosec people here and LEO's will be able to tell what the latest name this assclown is using on the forums today. It doesn't take a doctors degree to see it.

Let's have some thoughts people, hell PM who you think it is to me and let's have some fun with this assclown.
User avatar
Posts: 1945
Joined: Mon Aug 19, 2002 3:00 am
Location: In the Octagon

Return to Newbie Bin

Who is online

Users browsing this forum: No registered users and 9 guests