Abusable formail.pl script, that allows sending anonymous e-mails! maq1.codiub.com.br, [200.225.210.65]: Access denied! === My 1st complaint === Message-Id: <200201072132.g07LW2p15263@mail.dolphinwave.org> Content-Type: text/plain; charset="iso-8859-15" From: Admin Reply-To: abuse-2002@dolphinwave.org Organization: Private person To: Abuse reports , nanas-sub@cybernothing.org, uce@ftc.gov, abuse@hotmail.com, mail-abuse@nic.br, postmaster@codiub.com.br, spambr@abuse.net, security@ctbctelecom.net.br, abuse@above.net, abuse@national-net.com Subject: [email] Spam (pr0n)! [Hey You] Date: Mon, 7 Jan 2002 23:32:01 +0200 X-Mailer: KMail [version 1.3.2] Cc: support@natnames.com X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-PGP-key: 0xAAE2A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Spam on my e-mail address, used for spam complaints only, and was harvested from the news.admin.net-abuse.sightings Usenet forum! Please, terminate spammer's accounts as soon as possible! Thanks! ======= Spammer (abused formail): iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65] (maq1.codiub.com.br) Mail from: hotteen@hotmail.com Spamvertised web page: http://www.totallyteens.com [208.185.230.222] Registrant: RJB Telcom Inc. 13771 Fountain Hills Blvd Suite 247 Fountain Hills, AZ 85268 US Domain Name: TOTALLYTEENS.COM Sponsoring Reseller; for Technical Support with respect to this domain contact: NatNames.com, support@natnames.com 770.471.9075 Administrative Contact: Wilson, Thomas webmaster@RJBTELCOM.COM 13771 Fountain Hills Blvd Suite 247 Fountain Hills, AZ 85268 US 602-816-8284 Technical Contact: Wilson, Thomas webmaster@RJBTELCOM.COM 13771 Fountain Hills Blvd Suite 247 Fountain Hills, AZ 85268 US 602-816-8284 Billing Contact: Wilson, Thomas webmaster@RJBTELCOM.COM 13771 Fountain Hills Blvd Suite 247 Fountain Hills, AZ 85268 US 602-816-8284 Record last updated on 13-Dec-2001. Record expires on 20-Nov-2002. Record Created on 21-Nov-1998. Domain servers in listed order: NS1.RJBTELCOM.COM 64.38.226.218 NS1.NATIONAL-NET.COM 66.115.130.4 NS2.NATIONAL-NET.COM 66.115.136.4 Abovenet Communications IP block [208.184.0.0 - 208.185.255.255]. Upstream: Abovenet (main1colo7-core4-oc12.sjc2.above.net). Nameserver: WebSolutions of Georgia Inc. ======= SPAM WAS ======= Received: from maq1.codiub.com.br (IDENT:root@iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g07KxHp14889 for ; Mon, 7 Jan 2002 22:59:18 +0200 Received: (from nobody@localhost) by maq1.codiub.com.br (8.9.3/8.8.7) id SAA14147; Mon, 7 Jan 2002 18:08:24 -0300 Date: Mon, 7 Jan 2002 18:08:24 -0300 Message-Id: <200201072108.SAA14147@maq1.codiub.com.br> X-Authentication-Warning: maq1.codiub.com.br: nobody set sender to webmaster@codiub.com.br using -f To: service@intervolved.###, abuse-2001@dolphinwave.###, tina8882002@yahoo.###, amy_eazy_fun@yahoo.co.##, you@yourplace.###, rosaparada@elsitio.###, simonsays48@flasahmail.###, eike.henke@nexgo.##, remmeoff@china.###, safari818@hot-stop--mail.###, webmaster@sydneybiz.###, support@sydneybiz.###, sales@sydneybiz.###, brent6342@arabia.###, steve.bush@gcmweb.###, newspost@intermedia.###, millys@mvps.###, cas@taz.###.au, cindyb@nowhere.###, stian@grytoyr.###, sdworman@comspec-intnl.###, w@baron.###, alex@fly.srk.fer.##, hardmeier@mvps.###, kevinchan@trasy.###, avdija@epn.##, dvanbalen@jam.rr.###, nra@netbsd.###, anon@anon.###, vbrandt@swing.## From: () 65.184.155.245@maq1.codiub.###.br Subject: Hey You ghi Abaixo estį o resultado de um formulįrio de feedback enviado por (hotteen@hotmail.com) na Segunda-Feira, 7 de janeiro de 2002 ąs 18:08:12 --------------------------------------------------------------------------- : Hi My name is Misty, Im 18 and very horny Come and chat with me by http://www.totallyteens.com/guests/index.shtml?psycho143

(18 ) --------------------------------------------------------------------------- === postmaster@codiub.com.br has bounced as User unknown === Received: from maq1.codiub.com.br (IDENT:root@iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g07LXgp15362 for ; Mon, 7 Jan 2002 23:33:43 +0200 Received: from localhost (localhost) by maq1.codiub.com.br (8.9.3/8.8.7) with internal id SAA09432; Mon, 7 Jan 2002 18:47:42 -0300 Date: Mon, 7 Jan 2002 18:47:42 -0300 From: Mail Delivery Subsystem Message-Id: <200201072147.SAA09432@maq1.codiub.com.br> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="SAA09432.1010440062/maq1.codiub.com.br" Content-Transfer-Encoding: 8bit Subject: Returned mail: User unknown Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --SAA09432.1010440062/maq1.codiub.com.br The original message was received at Mon, 7 Jan 2002 18:47:17 -0300 from [212.199.62.51] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- 550 ... User unknown --SAA09432.1010440062/maq1.codiub.com.br Content-Type: message/delivery-status Reporting-MTA: dns; maq1.codiub.com.br Received-From-MTA: DNS; [212.199.62.51] Arrival-Date: Mon, 7 Jan 2002 18:47:17 -0300 Final-Recipient: RFC822; Action: failed Status: 5.1.1 Last-Attempt-Date: Mon, 7 Jan 2002 18:47:39 -0300 --SAA09432.1010440062/maq1.codiub.com.br Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit === More spam. My 2nd complaint === Message-Id: <200201072150.g07LoVp15538@mail.dolphinwave.org> Content-Type: text/plain; charset="iso-8859-15" From: Admin Reply-To: abuse-2002@dolphinwave.org Organization: Private person To: Abuse reports , nanas-sub@cybernothing.org, uce@ftc.gov, abuse@aol.com, Yahoo Abuse , mail-abuse@nic.br, webmaster@codiub.com.br, spambr@abuse.net, security@ctbctelecom.net.br, asnadmin@interland.com, abuse@interland.net, postmaster@interland.com, abuse-noverbose@uu.net, postmaster@tupac.com Subject: [email] Repeating spammer! [DONT IGNORE ME] Date: Mon, 7 Jan 2002 23:50:30 +0200 X-Mailer: KMail [version 1.3.2] X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-PGP-key: 0xAAE2A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit More spam from the same spammer, abusing the formail, on my e-mail address, used for spam complaints only, and was harvested from the Usenet forum news.admin.net-abuse.sightings! Spammer (abused formail): iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65] (maq1.codiub.com.br) Mail from: efumnk@aol.com Spammer's e-mail (on the web page): silkks@tupac.com Spamvertised web page: http://rd.yahoo.com/dir/?http://64.224.96.247/kizash/mysite.html Redirect to: http://64.224.96.247/kizash/mysite.html 64.224.96.247 = newsiteszd.com = sw33t-puzzzzy.net Which redirects back to Yahoo, but has a sign:
Apache/1.3.12 Server at www.sw33t-puzzzzy.net Port 80
sw33t-puzzzzy.net is not registered at this moment. newsiteszd.com [64.224.96.247] ============== Registrant: larry hall (NEWSITESZD3-DOM) 7838 hwy 56 s clinton, SC 29325 US Domain Name: NEWSITESZD.COM Administrative Contact: larry hall (EFLAVYLTTO) domreg@interland.com larry hall 7838 hwy 56 s clinton, SC 29325 usa 404.586.9999 Technical Contact: master, host (HM7084) hostmaster@INTERLAND.NET Interland, Inc 34 Peachtree Street, NW Atlanta, GA 30303 404-586-9999 (FAX) 404-586-0001 Billing Contact: Interland Inc (N19161-OR) domreg@interland.com Interland Inc 303 Peachtree Center Ave, Suite 500 Atlanta, GA 30303 US 404-586-9999 fax: 404-720-3707 Record last updated on 18-Nov-2001. Record expires on 31-Jul-2002. Record created on 18-Nov-2001. Database last updated on 7-Jan-2002 02:35:00 EST. Domain servers in listed order: DNS1.INTERLAND.NET 64.224.20.132 DNS2.INTERLAND.NET 64.224.20.133 DNS3.INTERLAND.NET 64.224.20.134 Interland IP block [64.224.0.0 - 64.227.127.255]. Upstream: UUNET (interland1-gw.customer.alter.net). ======= SPAM WAS ======= Received: from maq1.codiub.com.br (IDENT:root@iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g07L4op14978 for ; Mon, 7 Jan 2002 23:04:52 +0200 Received: (from nobody@localhost) by maq1.codiub.com.br (8.9.3/8.8.7) id SAA14146; Mon, 7 Jan 2002 18:08:24 -0300 Date: Mon, 7 Jan 2002 18:08:24 -0300 Message-Id: <200201072108.SAA14146@maq1.codiub.com.br> X-Authentication-Warning: maq1.codiub.com.br: nobody set sender to webmaster@codiub.com.br using -f To: service@intervolved.###, abuse-2001@###, tina8882002@yahoo.###, amy_eazy_fun@yahoo.co.##, you@yourplace.###, rosaparada@elsitio.###, simonsays48@flasahmail.###, eike.henke@nexgo.##, remmeoff@china.###, safari818@hot-stop--mail.###, webmaster@sydneybiz.###, support@sydneybiz.###, sales@sydneybiz.###, brent6342@arabia.###, steve.bush@gcmweb.###, newspost@intermedia.###, millys@mvps.###, cas@taz.###.au, cindyb@nowhere.###, stian@grytoyr.###, sdworman@comspec-intnl.###, w@baron.###, alex@fly.srk.fer.##, hardmeier@mvps.###, kevinchan@trasy.###, avdija@epn.##, dvanbalen@jam.rr.###, nra@netbsd.###, anon@anon.###, vbrandt@swing.## From: () 65.184.155.245@maq1.codiub.com.br Subject: DONT IGNORE ME deq Abaixo estį o resultado de um formulįrio de feedback enviado por (efumnk@aol.com) na Segunda-Feira, 7 de janeiro de 2002 ąs 18:08:12 --------------------------------------------------------------------------- : CLICK HERE --------------------------------------------------------------------------- ======= PREVIOUS SPAM WAS ======= Received: from maq1.codiub.com.br (IDENT:root@iplus-ura-065.xdsl-fixo.ctbcnetsuper.com.br [200.225.210.65]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g07KxHp14889 for ; Mon, 7 Jan 2002 22:59:18 +0200 Received: (from nobody@localhost) by maq1.codiub.com.br (8.9.3/8.8.7) id SAA14147; Mon, 7 Jan 2002 18:08:24 -0300 Date: Mon, 7 Jan 2002 18:08:24 -0300 Message-Id: <200201072108.SAA14147@maq1.codiub.com.br> X-Authentication-Warning: maq1.codiub.com.br: nobody set sender to webmaster@codiub.com.br using -f To: service@intervolved.###, abuse-2001@dolphinwave.###, tina8882002@yahoo.###, amy_eazy_fun@yahoo.co.##, you@yourplace.###, rosaparada@elsitio.###, simonsays48@flasahmail.###, eike.henke@nexgo.##, remmeoff@china.###, safari818@hot-stop--mail.###, webmaster@sydneybiz.###, support@sydneybiz.###, sales@sydneybiz.###, brent6342@arabia.###, steve.bush@gcmweb.###, newspost@intermedia.###, millys@mvps.###, cas@taz.###.au, cindyb@nowhere.###, stian@grytoyr.###, sdworman@comspec-intnl.###, w@baron.###, alex@fly.srk.fer.##, hardmeier@mvps.###, kevinchan@trasy.###, avdija@epn.##, dvanbalen@jam.rr.###, nra@netbsd.###, anon@anon.###, vbrandt@swing.## From: () 65.184.155.245@maq1.codiub.com.br Subject: Hey You ghi Abaixo estį o resultado de um formulįrio de feedback enviado por (hotteen@hotmail.com) na Segunda-Feira, 7 de janeiro de 2002 ąs 18:08:12 --------------------------------------------------------------------------- : Hi My name is Misty, Im 18 and very horny Come and chat with me by http://www.totallyteens.com/guests/index.shtml?psycho143

(18 ) ---------------------------------------------------------------------------