Maliciousl User

Maliciousl User

Postby Thorn » Tue Feb 24, 2004 8:58 am

gojeda AKA cocacola
IP: 63.251.148.189
user189.63.251.148.dsli.com

This is a rather drastic step, but I'm forced to make it as a warning to other members here.

On 02-02-2004, new member joined under the name gojeda. 10 posts were made within a the next week and a half, and most had to be moved or removed, as they tended to be little more than personal attacks. Several of you complained via PMs or the "Report this Post" function about him.

Last night, gojeda came back, and after seeing a fresh post starting in on the same pattern, I banned him. He immediately rejoined under the name cocacola and continued posting. aFR was then contacted and the IP address (63.251.148.189)was banned as well as the name cocacola.

This morning I recived three emails with spoofed addresses for the same IP address.

All three contained .zip files. One scanned positive for a virus/worm. While I did not bother to scan the others, I suspect that they also contained malicous code.

At this time, I have started an abuse complaint ticket at the ISP listed as controlling that IP.

Owning to the nature of some of the messages here, I suspect some other members may also be the target of malicous email. If anyone else does get some, I would urge you to contact the ISP listed below, and request an abuse complaint be lodged.

02/24/04 11:47:09 dig 63.251.148.189
Dig 189.148.251.63.in-addr.arpa ...
Non-authoritative answer
Recursive queries supported by this server
Query for 189.148.251.63.in-addr.arpa type=255 class=1
189.148.251.63.in-addr.arpa PTR (Pointer) user189.63.251.148.dsli.com
148.251.63.in-addr.arpa NS (Nameserver) panther.accesspro.net
148.251.63.in-addr.arpa NS (Nameserver) ns1.dsli.com
148.251.63.in-addr.arpa NS (Nameserver) ns1.dsli.net
panther.accesspro.net A (Address) 209.42.47.67
ns1.dsli.com A (Address) 209.42.47.68
ns1.dsli.net A (Address) 209.42.47.68

02/24/04 11:48:32 IP block 209.42.47.68@whois.apnic.net
Trying 209.42.47.68 at ARIN
Trying 209.42.47 at ARIN

OrgName: DSLi Corppration
OrgID: DSLI
Address: 5000 sw 75 ave
Address: 3rd Floor
City: Miami
StateProv: FL
PostalCode: 33155
Country: US

NetRange: 209.42.32.0 - 209.42.63.255
CIDR: 209.42.32.0/19
NetName: ACESSPRO-DSLI
NetHandle: NET-209-42-32-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DSLI.COM
NameServer: PANTHER.ACCESSPRO.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-03-05
Updated: 2003-05-29

TechHandle: WIQ-ARIN
TechName: Iqbal, Wajid
TechPhone: +1-305-779-7777
TechEmail: waj@dsli.com

TechHandle: RM1896-ARIN
TechName: Martinez, Roberto
TechPhone: +1-305-779-7777
TechEmail: rmartinez@dsli.com

OrgTechHandle: MMB7-ARIN
OrgTechName: Bustamante, Mario M
OrgTechPhone: +1-305-507-7777
OrgTechEmail: mario@accesspro.net

# ARIN WHOIS database, last updated 2004-02-23 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Re: Maliciousl User

Postby audit » Tue Feb 24, 2004 9:39 am

This isn't a drastic step in my book, I'm sure that most of the people here know that I would've done the same thing and then some.

I'm also sure that some of the regular infosec people here and LEO's will be able to tell what the latest name this assclown is using on the forums today. It doesn't take a doctors degree to see it.

Let's have some thoughts people, hell PM who you think it is to me and let's have some fun with this assclown.
User avatar
audit
 
Posts: 1945
Joined: Mon Aug 19, 2002 3:00 am
Location: In the Octagon


Return to Newbie Bin

Who is online

Users browsing this forum: No registered users and 2 guests

cron