Hello, spammer from 207.36.17.232! It wasn't enough for blogging spam to strike me once -- it had to strike again. This time, for two different sites: one for various drugs, and one for pocket bikes. So as a concerned netizen, I decided to take a closer look at the companies involved, so that if people search for them, they might get my notably concerned report, instead of the spammy blog links. All comments expressed herein are my own, and are opinions.
ValueWeb
ValueWeb does not have a stellar reputation when it comes to spammers it would seem. This blog spam appears to have originated from an IP provided by VW, as near as I can tell, which means they have some bad apples in their network. From the talk on newsgroups, it doesn't sound like they've done much about it, either.
I'm not advocating any retaliatory behavior, but isn't it interesting that the specific IP listed has the following ports open:
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
443/tcp open https
808/tcp open ccproxy-http
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
1080/tcp open socks
3372/tcp open msdtc
3389/tcp open ms-term-serv
5631/tcp open pcanywheredata
That's a lot of stuff open for someone who's spamming blogs. I wouldn't be doing this sort of stuff with that much open to the public. When you create enemies (as blogging spam no doubt does), you better be secure.
41b.net / 41b.biz (MedxDirect Reseller?)
Prescription drugs online? Sounds like a scam right from the start. How about the fact that there's no postal address on this site? How about the fact that the IP of the site, 80.96.131.40, is based in Romania? Why is medxdirect.com, which this seems to copy, not up at the time of this writing? Why is it a good idea to order these medications, without prescription, from Asia? This is no doubt illegal in the US, so don't do it. It's just not worth the risk of going to prison. Hell, what would happen if they just took your money and ran? Would you dispute your attempt to purchase prescription drugs without a prescription? Sounds very fishy to me; I'd steer clear if I were a consumer.
What prots are open on this IP you ask?
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop3
443/tcp open https
3306/tcp open mysql
108bikes.com
13300 Brooks Dr., #D.
Baldwin Park. CA 91706
Phone: 626-851-3899
Toll Free: 1-888-686-9255
To begin with, this site is promoted with spam tactics. That's never a good sign. For another, there's no secure server. This is very bad. You should never put your credit card number in on a non-secure server. And what the hell is Hiker's Optical Manufacturing? Do you share office space? Do you run out of your house? Why 108bikes, New Star Marketing Group, and HOM? It's kind of strange, and there are just too many questions here. This IP, 66.235.203.49, is hosted by IPowerWeb, by the by -- looks like a turnkey merchant site.
Here's a mapping of the open ports:
20/tcp closed ftp-data
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop3
443/tcp open https
8080/tcp open http-proxy
I think everyone suffering from blogging spam should do what I did: analyze the sites, and voice your opinions about why you should avoid the spammed sites. One would think that the shady marketing tactics would be enough to sway people. Maybe the voiced word will help dissuade other would-be spammers. Maybe it will increase the concern ISPs feel over spammers on their network. In any case, I certainly feel a little better.
Buy my stinky panties!
Posted by: joe blow at September 16, 2004 03:12 PMOnly if they're filled with spam and not marketed with it.