How to get rid of a pest.

New Member Joined: Jan 08, 2005 Posts: 19

I have this guy who had a free account on my hosting server. I found some files on his website that were attempting to get bank information from my hosting site, so I shut him down. Recently I found that he was trying to do it again, but he is not on my server. I noticed in my webstats that his domain is at the top of the list for external links to my site, and hits on my site. His domain is http://sesesky.rr.nu . How do I ban this guy, press charges, whatever? I tried to do a whois search on him, but it comes back as an invalid domainname.I just want him gone from my site!

Sells PC To Pay For Divorce Joined: Posts: 5661

Well doing a visualroute i get this...

Domain Name (ASCII): rr.nu
Record last updated on 04-Oct-2004.
Record expires on 04-Nov-2006.
Record created on 04-Nov-1998.
Record status: Active.

Domain servers in listed order:
ns1.sitelutions.com 216.88.44.80
ns2.sitelutions.com 69.10.142.4
ns3.sitelutions.com 66.80.146.132
Copyright by .NU Domain Ltd - http://www.nuna

and using some track to the website IP i get :

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2004-03-15
Updated: 2004-07-29

TechHandle: PP46-ARIN
TechName: Pathos, Peter
TechPhone: +1-214-782-7800
TechEmail: abuse@theplanet.com

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com

OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com

OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com

That should help a litle....

Edit : and its very likely that "russians" are behind this cause they rent hosting in the u.s and end up running these types of websites.
But mostly to abuse or doing illegal stuff.
I personaly shutdown 2 websites in the last 4 months because of the attacks.
But when given proof hosting companies shut them down the same hour.....
Thats the fun part.

Posted: Fri Jan 21, 2005 12:41 pm

Add that to the Nuke-Sentinel refers blocker. Maybe as a redirect to kindom come...

Posted: Fri Jan 21, 2005 12:44 pm

I've never researched theplanet.com much but most of the serious attacks on my home PC and websites have originated from there. I'm talking serious as in simular to the situation you have where they were definetly trying to gain remote access. Not just some script kiddie copy cat.

New Member Joined: Jan 24, 2005 Posts: 12

Get that ip number and if its from theplanet.com then send it to abuse@theplanet.com. They're very serious about that sort of stuff.

registered · Posted: Tue Jan 25, 2005 7:10 pm

Specks wrote:

Get that ip number and if its from theplanet.com then send it to abuse@theplanet.com. They're very serious about that sort of stuff.

Actually I put them up there with EV1 with ignoring complaints. They're both kiddie heavens.

-drmike

Posted: Tue Feb 01, 2005 11:40 am

To be honest with you, my server is with them. All my complaints have been looked at whenever I create a ticket. I complained of someone trying to brute force my box a while ago and they replied to my complaint that they were investigating the attack that came from within. I don't expect them to come back with what they did or found but its better than being ignored.

registered · Posted: Tue Feb 01, 2005 1:55 pm

I have had servers hosted at "The Planet'. I always had a good experience.