Re: What's happening to this NG?

"Nick Wagg" <naw@xxxxxxxxxxxxxxxx> wrote in message news:e0u0mo$t16$1
$8302bc10@xxxxxxxxxxxxxxxxxxx
behaviour.

If only we could identify some of the miscreants and show their
parents what they are getting up to.

Actually, you *can* cause them a great deal of trouble in a way they
probably don't anticipate, particularly if the sort of language to which
Jacey was subjected was involved ...

Here's how to report such behaviour, but first a reminder, *NEVER* put
your real email in any ng post, particularly one along the lines of this
one. The sort of treatment dished out to Jacey is the sort of reason why
I'm posting using a pseudonym.

Ultimately, the goal is to look up an abuse contact for the source domain
here ...
http://www.abuse.net/lookup.phtml
.... and to do that a domain name is needed. The offensive mails were all
posted from somewhere calling itself 4ax.com, but my suspicion that this
is a spammer's or private domain was confirmed ...
postmaster@xxxxxxx (default, no info)

So next it's necessary to find out which ISP is hosting 4ax.com. A
convenient way of doing this is to use the tracert command from a command
prompt. I can't remember if I tried this directly on the domain name
when making the complaint the other day, but now I'm getting ...
C:\TEMP>tracert 4ax.com
Unable to resolve target system name 4ax.com.
.... which may be because the offending domain has been since been TOSsed
as a result of my and doubtless many other complaints.

As it's name suggests tracert traces the route back to the sender, by
hopping from server to server across the internet. However, it usually
works better with IPs in this sort of situation.

You can usually look up a domain given an IP and vice versa here ...
http://www.whois.sc/
.... which is what I did. There were two IPs on the page for 4ax.com ...
http://www.whois.sc/4ax.com
.... which gave the tracert output included in the letter of complaint.

The server used by the sender is the last line of the output. As I
already knew this was a bogus domain, I looked at the next line up that
had a named server from a recognised domain that had a real (rather than
a postmaster default) contact email in the abuse.net look up linked
above. Then I went back one more level so I could also copy the
complaint there. This serves both as a fallback and as an encouragement
to what might be a lower reseller level to take the complaint seriously.

When making this sort of complaint, it's vital to include the entire,
unedited original post(s) including the full header(s).

Here's the result I sent ...

to: abuse@xxxxxxxx; abuse@xxxxxxxxxxxxxxx; abuse@xxxxxxxxxxxxx
Subject: Highly Abusive Newsgroup SPAM to uk.music.folk

The newsgroup posts enclosed are unsolicited and abusive SPAM which are
highly offensive and out of place in the context of the target newsgroup,
which is frequently read by children.

Please take appropriate action against the source, apparently 4ax.com ...
http://www.whois.sc/4ax.com
.... probably posting through:
Montana-Internet.t3-3-1-3.ar2.DEN2.gblx.net [67.17.168.74]
.... or ...
ixc01rdu-7-0.bellsouth.net [65.83.237.39]

Please share information concerning these sources' abuse with other ISPs
and NSPs.

=========================================================================

C:\TEMP>tracert 199.242.242.199

Tracing route to ns01.backupdns.com [199.242.242.199]
over a maximum of 30 hops:

1 15 ms 14 ms 14 ms 192.168.0.240
2 17 ms 17 ms 17 ms 82.153.96.1
3 17 ms 17 ms 16 ms 81.5.191.217
4 18 ms 17 ms 16 ms ge-1-1.metro2-
londencyh00.London1.Level3.net [212.187.151.157]
5 18 ms 16 ms 17 ms so-1-2-0.gar2.London1.Level3.net
[212.113.0.118]
6 18 ms 17 ms 19 ms ae-21-54.car1.London1.Level3.net
[4.68.116.111]
7 25 ms 17 ms 17 ms ge-5-0-0.ar2.LON3.gblx.net
[208.51.239.161]
8 157 ms 157 ms 157 ms so5-0-0-622M.ar2.DEN2.gblx.net
[67.17.73.82]
9 180 ms 173 ms 174 ms Montana-Internet.t3-3-1-
3.ar2.DEN2.gblx.net [67.17.168.74]
10 175 ms 173 ms 173 ms ns01.backupdns.com [199.242.242.199]

Trace complete.

C:\TEMP>tracert 67.32.47.133

Tracing route to mail.sidell.org [67.32.47.133]
over a maximum of 30 hops:

1 16 ms 14 ms 14 ms 192.168.0.240
2 16 ms 16 ms 16 ms 82.153.96.1
3 18 ms 16 ms 18 ms 81.5.191.217
4 16 ms 17 ms 17 ms ge1-1-core4.th.eclipse.net.uk
[81.5.191.2]
5 16 ms 17 ms 17 ms 251.ge6-0.mpr1.lhr1.uk.above.net
[213.161.78.85]
6 17 ms 18 ms 17 ms 64.125.27.214.available.above.net
[64.125.27.214]
7 91 ms 90 ms 90 ms so-7-0-0.cr1.dca2.us.above.net
[64.125.31.186]
8 99 ms 100 ms 100 ms so-4-1-0.mpr2.atl6.us.above.net
[64.125.29.41]
9 100 ms 110 ms 101 ms above-ge.atl.bellsouth.net
[64.125.12.222]
10 113 ms 103 ms 100 ms 65.83.236.61
11 124 ms 125 ms 124 ms axr00msy-0-3-0.bellsouth.net
[65.83.236.44]
12 134 ms 135 ms 139 ms axr01msy-0-2-0.bellsouth.net
[65.83.236.41]
13 138 ms 135 ms 136 ms ixc01rdu-7-0.bellsouth.net [65.83.237.39]
14 133 ms 135 ms 138 ms 205.152.134.93
15 * * * Request timed out.
16 * * * Request timed out.
17 141 ms 143 ms 142 ms mail.sidell.org [67.32.47.133]

Trace complete.

=========================================================================

Path: border2.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!
nntp.giganews.com!feeder.enertel.nl!nntpfeed-01.ops.asmr-01.energis-
idc.net!news.glorb.com!news.alt.net!usenet
From: Mike Dew <atfn@xxxxxxxxxx>
Newsgroups: uk.music.folk
Subject: Re: killfiling dodgy threads
Date: Mon, 03 Apr 2006 02:21:56 +0100
Organization: +-
Lines: 50
Message-ID: <aot032t9hghqfluvv0rhlj39gc9j2mefsf@xxxxxxx>
References: <6sCsrQNEYfLEFwHM@xxxxxxxxxxxxxxxxxxxx> <122rvqqa4bs4566
@corp.supernews.com> <tdss22hsvml0u9a2r8t74mngeuabog5s7b@xxxxxxx> <Q8rm
$Go8nGMEFwKf@xxxxxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Xref: number1.nntp.dca.giganews.com uk.music.folk:92521

<original offensive post snipped in the copy for umf>

=========================================================================

Path: border1.nntp.ams.giganews.com!nntp.giganews.com!newsfeeder.wxs.nl!
news.glorb.com!news.alt.net!usenet
From: @
Newsgroups: uk.local.geordie,uk.music.folk
Subject: killfiling dodgy threads
Date: Sat, 01 Apr 2006 18:38:33 +0100
Organization: @
Lines: 20
Message-ID: <chet22ljm3an0mk7j2f4j9kk7u6njc5c22@xxxxxxx>
References: <6sCsrQNEYfLEFwHM@xxxxxxxxxxxxxxxxxxxx> <122rvqqa4bs4566
@corp.supernews.com> <tdss22hsvml0u9a2r8t74mngeuabog5s7b@xxxxxxx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Xref: number1.nntp.dca.giganews.com uk.local.geordie:82863
uk.music.folk:92435

<original offensive post snipped in the copy for umf>

=========================================================================

Path: border1.nntp.ams.giganews.com!nntp.giganews.com!ndsoftware.com!
news.alt.net!usenet
From: Tony <692758@xxxxxxxxxxxxxxxx>
Newsgroups: uk.music.folk
Subject: Re: killfiling dodgy threads
Date: Mon, 03 Apr 2006 02:14:29 +0100
Organization: 7983579cb
Lines: 31
Message-ID: <mlt03210cguj2gcrh9luu7f4hel275hmfr@xxxxxxx>
References: <6sCsrQNEYfLEFwHM@xxxxxxxxxxxxxxxxxxxx> <122rvqqa4bs4566
@corp.supernews.com> <tdss22hsvml0u9a2r8t74mngeuabog5s7b@xxxxxxx> <p$7Y
$qn8lGMEFwNQ@xxxxxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Xref: number1.nntp.dca.giganews.com uk.music.folk:92520

<original offensive post snipped in the copy for umf>

.