Re: Mail relay attempt from patysales.org - thepowerball.com

[Richard Johnson <rdump () RIVER COM>]

At 06:33 -0700 on 1/30/01, Wim Van den Meutter wrote:
> Hi,
>
>
> I have been getting several relay attempts from what seems to be a free
> hosting provider (thepowerball.com). Their abuse@ address doesn't work,
> they don't accept new free sites. Has anybody else seen this in their logs
> lately?


Yes indeed.


> Relaying is off, of course, but I find a (free) hosting provider with an
> inoperative abuse adress on their webpages somewhat conspicuous.


It's part of telodigm.net, Alan Ralsky's spamhaus masquerading as an ISP.

Spamers like Ralsky are setting up fake "free webhosting" services, and
even fake "ISPs", to try and buy themselves more time before disconnect.
(So far it's working, thanks to the deliberate inaction of pro-spam ISPs
like uu.net.)

If an alleged "free webhosting" service doesn't accept new customers and
has a free webmail contact address, you can be virtually certain it's a
spammer front.

A search at http://www.deja.com/home_ps.shtml in the newsgroup
news.admin.net-abuse.email on terms like 'ender wiggin', 'telodigm',
'ralsky', 'havranek', 'bolouri', 'linkusnow', 'thepowerball', 'uss.net',
... will yield quite a dossier on these particular cretins.

Anything that uses the following DNS servers is part of Ralsky's almost
certainly criminal enterprise:

        ns2.my-dns.net
        dns1.dns4you.net
        ns1.hostpower.net
        ns2.hostpower.net

Note that they move the IPs of those nameservers around, and you'll often
find only one of them live.

Abuse reports and incident complaints need to go upstream of
telodigm.net/uss.net, as telodigm.net is the spammer and relay abuser who
attempted unauthorized access to your systems.


Richard