The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Saturday, November 27, 2004

Machines coughing

  1. Nov 27 * new_account@turtle (1047) Your mail password
  2. Nov 27 * webmaster@email.co (1047) Faulty_mail delivery
  3. Nov 27 * webmaster@hotmail. (1059) invalid mail <SMTP:8650>
  4. Nov 27 * Error_Mail@wimborn (1051) Mail delivery_failed <6580>
  5. Nov 27 * smooth_criminal_00 (1039) Details
  6. Nov 27 * hostmaster@hotmail (1043) Confirmation
  7. Nov 27 * shaikin_fati@hotma (1041) Oh God it's
  8. Nov 27 * Auto-Mailer@valves (1053) Re: Faulty_mail delivery <Esmtp:5394>
  9. Nov 27 * nasimaqsa@hotmail. (1030) Details
  10. Nov 27 * Error_Mail@winzyra (1052) Re: Mail delivery_failed
  11. Nov 27 * info@mailcity.com (1043) Mail Error <SMTP:3234>
  12. Nov 27 * new_account@talk21 (1045) Re: Registration confirmation
  13. Nov 27 * Error_Mail@barking (1049) FwD: illegal signs in your mail
  14. Nov 27 * notifications@grou (1034) Oh God it's
  15. Nov 27 * info@hotmail.com (1051) Re: Mail delivery_failed <7339>
  16. Nov 27 * user_info@xtzyra.c (1046) Your Password <KEY:4924>
  17. Nov 27 * info@hotmail.com (1053) Faulty_mail delivery
  18. Nov 27 * lubsss@hotmail.com (1034) FwD: Details

Yup. Spam.

Well, more like viral spam, as it's the same box, over and over, trying to deliver a virus. The IP address it's coming from is 82.38.57.25, which belongs to blueyonder, an ISP based out of Surrey, England.

While I could ban the IP that would only stop perhaps 40% of it, as most of it is coming in via the backup email host for my domain and I don't have the access to block IP addresses there. I did a look up on the IP address (which is how I found out who owns it) and got this:

Contact info for 82.38.57.25---emphasis added
inetnum: 82.38.0.0 - 82.38.255.255
netname: TELEWEST-HSD_1-BRADFORD
descr: Telewest HSD Platform
country: GB
admin-c: TWIP3-RIPE
tech-c: TWIP1-RIPE
status: ASSIGNED PA
mnt-by: AS5462-MNT
mnt-lower: AS5462-MNT
mnt-routes: AS5462-MNT
notify: ripe@telewest.net
notify: capacity@telewest.co.uk
remarks: report abuse to abuse@blueyonder.co.uk
remarks: All reports via other channels will be ignored.
changed: ripe-admin@blueyonder.co.uk 20030313
source: RIPE

As you can see, all abuse issues need to be mailed to abuse@blueyonder.co.uk, which I did:

From: Sean Conner <sean@conman.org>
Subject: Infected machine trying to infect my machine
To: abuse@blueyonder.co.uk
Date: Thu, 25 Nov 2004 14:52:55 -0500 (EST)

To whom it may concern:

A machine with the IP address of 82.38.57.25 is continuously sending me infected files, 12 alone today, and about 20 yesterday (when I first noticed). I'm not concerned terribly much about getting infected (since I run Linux, not Windows) but it is clogging up my email, and no telling how many other systems it's trying to infect. Please deal with this as soon as possible.

Thank you.

Sean Conner.

[email sent to me attached]

And as you can see, that was two days ago.

And they're still coming in.

So much for reporting abuse issues.

Today, I went to their broadband support page, and put in a trouble ticket. Maybe then they'll take a look into this.

Update on Tuesday, November 30th, 2004

Still going on …

Update on Wednesday, December 8th, 2004

Some more updates …

Obligatory Picture

[It's the most wonderful time of the year!]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2020 by Sean Conner. All Rights Reserved.