spamroach.jpg I thought I really had nailed a blog spammer by tracking down the internet provider, documenting, and submitting all the information to the appropriate abuse contact. What I got in return was zilch.

Why would an internet provider protect me from spammers? They might be paying customers and I am not.

A few weeks back this crud got commented on my blog (the actual URL is removed as they will not get any google boosts from me):

IP Address: 69.20.9.212
Name: Rob
Email Address: bob@robsinsonweb.com
URL: http://www.sexXXXXXXX.com

Comments:

Cool Blog, i’ll check it again to post sometime.

Rob –

Gee Rob, that was like, so, related to my entry. I cannot wait for your return. Where have you been?

So just for fun, I ran a traceroute on Rob’s IP address, and rather then ending up in a blackwhole, it ended up as an IP hosted by RackSpace, the web hosts with this big glossy full page ads in every issue of WiReD.

So here was the trace (I intentionally remove my own IP numbers from the beginning:

Traceroute has started …

traceroute to 69.20.9.212 (69.20.9.212), 30 hops max, 40 byte packets
1 * * *
2 10.81.0.1 (10.81.0.1) 11.464 ms 12.781 ms 11.678 ms
3 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 12.781 ms 10.877 ms 21.382 ms
4 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 12.033 ms 14.025 ms 15.255 ms
5 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 11.23 ms 11.382 ms 21.474 ms
6 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 12.377 ms 11.092 ms 16.464 ms
7 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 11.769 ms 12.85 ms 19.485 ms
8 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 10.951 ms 10.775 ms 16.047 ms
9 xxxxxxxxxxxxxxxxx (xx.x.xx.xx) 20.776 ms 33.193 ms 21.762 ms
10 68.1.0.87 (68.1.0.87) 32.444 ms 37.93 ms 29.512 ms
11 langbbrc01-pos0100.r2.la.cox.net (68.1.0.191) 34.657 ms 32.319 ms 33.882 ms
12 68.105.30.130 (68.105.30.130) 33.191 ms 30.022 ms 36.773 ms
13 anhmca1wcx2-pos5-0.wcg.net (64.200.140.69) 141.327 ms 119.123 ms 92.463 ms
14 anhmca1wcx3-pos9-0-oc48.wcg.net (64.200.143.74) 181.068 ms 241.792 ms 214.768 ms
15 hrndva1wcx2-oc48.wcg.net (64.200.240.30) 79.07 ms 79.533 ms 77.168 ms
16 hrndva1wcx1-pos11-1.wcg.net (64.200.89.25) 80.125 ms 77.965 ms 75.949 ms
17 hrndva1wcx1-rackspace-gige.wcg.net (64.200.88.50) 249.551 ms 238.549 ms 221.042 ms
18 vlan901.core1.iad1.rackspace.com (69.20.1.10) 79.9 ms 77.319 ms 76.874 ms
19 aggr1a.iad1.rackspace.com (69.20.2.3) 84.561 ms 76.75 ms 77.344 ms
20 69.20.9.212 (69.20.9.212) 77.892 ms 77.574 ms 87.42 ms

Bingo! A spam originating from a RackSpace hosted client. SO I quickly fired of an email to abuse@rackspace.com, and got this reply:

Recently you requested personal assistance from our on-line support
center. Below is a summary of your request and our response.

If we do not hear from you within 48 hours we will assume your issue
has been resolved.

Thank you for allowing us to be of service to you.

Actually I am doing some research and want to know exactly how this
“was resolved”— was this a malicious action by a customer, was it
an inadvertent action, was their service terminated, was their wrist
slapped?

This activity was an unwarranted intrusion on my web site and I would
like some more detail behind this series of actions.

Thank you.

Subject
—————————————————————
Blog Spam from your domain

Suggested Answer
—————————————————————
At 11/14/2003 03:20 PM we wrote –

Thank you for your notification. I have contacted our customer and
the issue has been resolved.
I apologize for any inconvenience this
may have caused. Please let me know if there is any thing else I
can help you with.

Regards,

Jennifer O’Connell
AUP Manager
Rackspace Managed Hosting ™
210-892-4025 xt. 1127

“I have contacted our customer and the issue has been resolved.” What the **** does that mean? Did you yank them? Did you downgrade their server to a 486? Did you slap them silly with a feather boa?

I wrote back to Jennifer for clarification a month ago and she is still ignoring me (sniff).

But for fun, I entered the IP as a URL in my web browser and got the 404:

You don’t have permission to access / on this server.

Apache/1.3.27 Server at encryptonizer.com Port 80

Now this is interesting, as “encryptonizer.com” is registered to the company that owns SpyPatrol.com which at least looks like a legit software company.

Here is where the story ends because (a) I am not confident enough in my detective work to truly accuse them of anything; and (b) I got bored.

So that roach is still scurrying around and possible doing so under the auspices of RackSpace.

The post "Does Rackspace.com coddle Spam Roaches?" was originally slapped on the butt by a cigar smoking doctor yelling "It's a post!" at CogDogBlog (http://cogdogblog.com/2003/12/does-rackspacecom/) on December 3, 2003.

Comments are closed.