I've been hit with a lot of blog spam lately. It took me 20 minutes this morning to remove latest batch! Using CAPCHA checks when commenting is a good idea, but I don't think taking a defensive position is the best thing.
I'd like to see these guys (the spammers) get shut down. At least from their ISPs. And when they come back they should be shut down again and again.
However, it's impossible to try and fight something when you don't know how the system really works. The IT guys at my work always dealt with setting up the internet, network security, email ect... As a result I didn't have any idea of how the internet fit together. How I'm I supposed to figure out who the spammer's ISP is when I don't even know how to get connected?
So I started educating myself. I'm still new to all this so if I made any errors, feel free to comment and help me get back on track.
Tiers
There are various "tiers" of internet providers. The main guys that give access to everyone else are the First Tier providers. UUNET is one of the big ones. Second Tier providers fall under these guys. Obviously they are a bit cheaper and make use of the First Tier resources. We use a Second Tier provider called Diginet.
IP Addresses
IP addresses are registered on Regional Internet Registries (or RIRs). The name says it all. Originally all IPs were registered in the same registry, but now different regions are managed by different RIRs. APNIC and ARIN are two of them.
Domain Names
As far as I know domain names are registered on Domain Name Servers. But I'm not exactly sure where these servers are connected or registered. I know you can do a “whois lookup” on various websites to find out under who's names and addresses domains were registered.
Tracert
Tracert is a windows command line utility that traces the route packets are sent accross the net. I checked out the IP address of one of my texas holdem spammers - 67.52.141.101. Then I type in the following tracert command "tracert -h 30 67.52.141.101". And I get these results...
Tracing route to rrcs-67-52-141-101.west.biz.rr.com [67.52.141.101]
over a maximum of 30 hops:
1 6 ms 3 ms 3 ms 192.168.2.1
2 4 ms 2 ms 3 ms 192.168.2.15
3 3 ms 3 ms 3 ms 196.36.161.181
4 31 ms 40 ms 24 ms 168.209.27.93
5 16 ms 14 ms 14 ms 196.23.188.145
6 15 ms 19 ms 17 ms 168.209.2.3
7 168 ms 166 ms 167 ms 168.209.0.90
8 246 ms 241 ms 246 ms 168.209.100.30
9 316 ms 381 ms 275 ms core1b-ny.nmszone.is.co.za [168.209.244.3]
10 259 ms 243 ms 253 ms POS1-2.IG2.NYC4.ALTER.NET [208.192.177.205]
11 245 ms 246 ms 244 ms 589.at-5-0-0.XR3.NYC4.ALTER.NET [152.63.22.14]
12 245 ms 245 ms 242 ms 0.so-2-0-0.XL1.NYC4.ALTER.NET [152.63.17.29]
13 246 ms 255 ms 248 ms 0.so-6-0-0.BR1.NYC4.ALTER.NET [152.63.21.77]
14 248 ms 250 ms 248 ms 204.255.173.34
15 305 ms 305 ms 321 ms bb1-nye-P0-0.atdn.net [66.185.151.48]
16 256 ms 251 ms 253 ms bb2-ash-P10-0.atdn.net [66.185.152.87]
17 256 ms 270 ms 285 ms bb1-ash-P3-0.atdn.net [66.185.152.40]
18 315 ms 320 ms 317 ms bb1-sjg-P7-0.atdn.net [66.185.153.59]
19 326 ms 319 ms 316 ms bb2-sjg-P2-0.atdn.net [66.185.153.27]
20 321 ms 321 ms 324 ms bb2-las-P7-0.atdn.net [66.185.152.22]
21 323 ms 320 ms 318 ms pop1-las-P1-0.atdn.net [66.185.137.131]
22 328 ms 327 ms 327 ms rr-san-diego.atdn.net [66.185.148.62]
23 336 ms 330 ms 329 ms pbsdca1-rtr1-srp.san.rr.com [24.25.196.11]
24 328 ms 343 ms 327 ms cnsdca1-rtr1-ge2-1.san.rr.com [24.25.196.34]
25 332 ms 334 ms 331 ms cnsdca1-ubr1-ge0-1.san.rr.com [24.25.192.85]
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
Maybe someone can give some advice here. I see a lot of names on the list. But how can I figure out which service provider I should contact to report the spammer?
It's great learning new stuff.