I tracked down a forum spammer.

jonsidneyb

Well-known member
I tracked down a forum spammer to New York. He gave me information while telling me a falsehood.

Here is the raw information then I will put it together. Let me know if this post is out of line please.

http://windshield-repair-houston.com/

Here are the IP address they have used.

120.28.64.72

124.106.136.233

Email addresses used.

domainlinks5@auto-glass-houston.com

domainlinks2@windshield-repair-houston.com

http://www.projecthoneypot.org/ip_120.28.64.72

http://www.projecthoneypot.org/ip_124.106.136.233

http://www.stopforumspam.com/ipcheck/120.28.64.72

http://www.stopforumspam.com/ipcheck/124.106.136.233

Glass Central Houston in Houston, TX | 2807 Old Spanish Trail ...
May 7, 2011 ... 2807 Old Spanish Trail. Houston , TX , 77054 USA.
29.69915, -95.385648. 281- 901-1603 ... Mobile, we come to you! Call
now: (281) 901-1603 ...
www.superpages.com/bp/.../Glass-Central-Houston-L2234848989.htm - Cached

Humble Auto Glass Reviews - Find Auto Glass in Humble, TX
Tags: windshield repair houston. Glass Central Houston. , 1 Reviews.
52%. 2807 Old Spanish Trail, Suite B Houston,TX 77054 (281) 901-1603.
collapse window ...
linktown.khou.com/auto-glass/humble/tx - Cached

Wondering if the glass company was doing this or if they where using a marketing company and doing this activity without their knowledge I called the number found on the website.

I asked the person if they knew what was going on. The person wanted to know why I was calling them and that he knew nothing about any glass company and that I caught him asleep.

I waited a day and called during day and told him I would be recording this. No objection was made. I explained what was going on and that I got the number off of the website. He told me that somehow the number was being forwarded, that that was not his number. He said he is a
pharmacist in New York City and that I was talking over his head. I can't talk over anyone's head when it comes to IT.

He wanted to know about the sites affected. We talked about taking this up with the phone company since the call was being forwarded to him. He wanted me to email me the information I had though he said he would not understand it and to tell him about the sites this was on.

I did think he was an innocent bystander at first. That for some reason sites where showing a number somehow being forwarded to him, that he was not computer literate to know what I was talking about. He is a victim in all of this. I emailed him the information I had then got curious. I Googled his email address and guess what I found?

He is a hacker.
Hacker News | Profile: knightinblue

created: 785 days ago. karma: 647. avg: 2.86. about: Furiously working on my startup. Contact - ericvorheese@gmail.com. My top color is 0099ff. ...
news.ycombinator.net/user?id=knightinblue - Cached
Chaimex Classified - New York City

Apr 16, 2009 ... Looking for Adderall XR - please email ericvorheese@gmail.com if you have it; New Canon PowerShot SD870is. I probably shouldn't use someone ...
www.rssfeeddirectory.orgClassifieds - Cached
He flat out lied to me.
Looks like he was telling the truth about being in New York though.

Did he violate the disclosure rules on the Can Spam Laws?
 
Yes it's worth it.
Here's the way I'd look at it. A spammer will spam, whether you spend your time doing something about it or not. Why? Because their spamming makes them money while your attempts at stopping them costs you your free time. Every minute they spend they get richer while every minute you spend you get poorer. Based on those simple economics you can't win.

So if you want to keep spending your time because of some sense of righteousness then that's one thing, but don't expect the outcome you are looking for because they guy will still be at it long after you lost interest.
 
I don't think you can stop the ones doing the spamming for profit, but the website owner that paid the spammer for SEO results may stop that activity if they hear from an irate forum administrator that knows who they are. For me it's not righteousness but just trying to make a difference, if enough of us fight back it may have some impact.
 
I did get this response.

I'm Eric's cousin. He told me what happened, and showed me your emails.
First things first, Eric behaved like a complete jackass. I sincerely apologize for his stupidity (and so will he).
Second, those 2 sites - auto-glass-houston.com and windshield-repair-houston.com - really are local businesses here in Houston (I live in Houston). I was contracted by the business owner to design the websites and email setup a few months ago and Eric helped out a bit. He was experimenting with an online telephony idea and stupidly decided to test it out using the sites. He set up the phone # forwarding such that all area codes local to houston (281, 713, 832 etc) go to the business, and all non-texas area codes (like your 580) go to his line in New York. That's why your call went to Eric and not to the business.
Third, there are no bots. They were filipino link builders. Turns out, Eric was testing out an SEO theory and was running an experiment. Apparently he bought some 'backlinks packets', gave them to the builders and told them to use the 2 sites for the experiment.
Needless to say, the filipinos have been fired and I cancelled the credit card I gave Eric for emergencies (he's 17). I went through the 2 sites' servers, and removed all of Eric's re-routing code. All calls go directly to the business now (like they should). I also deleted all the 'domainlinks' usernames on the mail server. Finally, I spoke to the business owner and had him change all his passwords, email and server, so no one else (like the link builders) can access them. Needless to say, he was a bit confused about what was going on, but I'll be explaining everything to him on Monday (and spending my valuable time doing free design work for his business to make up for the hassle).
Again, Eric behaved like a complete ass and he got (still getting actually) an earful from me, and his parents. He's been grounded for a month. I assure you that I will be watching him closely (he'll be staying with me for summer break after junior year). Bottom line, Eric won't be going anywhere near a computer for a while, much less anywhere near your sites.
We've all done stupid things as teenagers. I humbly ask that you forgive him. He'll be apologizing as well (if he doesn't, it's probably because he's not allowed to use a computer for a while). Either way, he will learn his lesson, I will make sure of it.
 
I understand. Just wanted to reach out and let you know that this is being taken very seriously. Eric's parents are cancelling the summer break plans and planning to enroll him in a military boot camp. A healthy dose of discipline would do him a world of good.
I agree that not everyone is a vandal or a scammer, never claimed such a thing. And I'm all for curbing as much misbehavior on the web as possible. I just didn't want you to think your concerns weren't being acknowledged, or adressed. Eric's misbehavior isn't just being 'discouraged', it's been completely stomped out (like I said yesterday, the entire thing has been shut down).
 
I am not sure what parts to believe and which parts to doubt at this point. I am not sure if I am talking to one person or two people.
 
Nice outcome... this sounds plausible to me. Basically business owner hires web developer who hires SEO link builders who then spam forums, and the business owner likely doesn't even know. The link builders will keep spamming but this is one less customer, every little bit helps.
 
Let me be the first to call complete ******** on this:

He's been grounded for a month. [...] Bottom line, Eric won't be going anywhere near a computer for a while ...
[...]
Eric's parents are cancelling the summer break plans and planning to enroll him in a military boot camp. A healthy dose of discipline would do him a world of good.

Just LOL. I can imagine how the spammers are sitting around upstaging each other with BS in these reply emails while the cash keeps rolling in.
Grounded, no computer, and now boot camp? Suuure.
Which 17 yo is groundable? Srsly.
 
I live in New York - anyone local I'd take care of personally. But the problem you're describing is common. Whether or not I believe that long winded explanation is one thing - the bottom line is that those IP addresses are from the Philippines. There is no way to know whether or not Kao hired them or his 7 year old neice (or whomever.) The problem is gone now that he's gotten caught. The effort to fight is not worth it although I was considering nailing some law firms / referral services who would not stop trying to spam my site until I had to put some real fear into them regarding advertising ethics... And then, of course, they blamed the insolent third party and all the spam stopped from them.
 
The answer to spammers...

Barrett_m82_sniper_rifle.jpg

I present to you the Barrett M82 sniper rifle, the preferred weapon of special ops snipers of all US service branches, accurate within 1.5 miles.​

The latest version, the IT Eradicator, has been fitted with a EM pulse generator that can be ecapsulated within either an IPv4 or IPv6 packets, allowing you to route .50 cal of electronic death weilding EMP to your intended victim (routing table sold seperately).​

You will need to replace the magazine with a miniature Tesla coil and have a 220 V 60 amp dedicated circuit and a Russel/Stole connector to provide power to the coil. You will also have to upgrade the muzzel flash suppressor with one of the optional ethernet port configurations.​

Ports come in 10/100/1000 and support up to 8 ports in a 802.3ad etherchannel for added oomf!​

The final upgrade is to the tigger, which is upgraded from a one stage trigger to a two stage trigger. The first stage pings to the target, acting as your electronic spotter. This determines hop count and latency to the target. The second stage eradicates the target.​
 
The answer to spammers...

Barrett_m82_sniper_rifle.jpg

I present to you the Barrett M82 sniper rifle, the preferred weapon of special ops snipers of all US service branches, accurate within 1.5 miles.​

The latest version, the IT Eradicator, has been fitted with a EM pulse generator that can be ecapsulated within either an IPv4 or IPv6 packets, allowing you to route .50 cal of electronic death weilding EMP to your intended victim (routing table sold seperately).​

You will need to replace the magazine with a miniature Tesla coil and have a 220 V 60 amp dedicated circuit and a Russel/Stole connector to provide power to the coil. You will also have to upgrade the muzzel flash suppressor with one of the optional ethernet port configurations.​

Ports come in 10/100/1000 and support up to 8 ports in a 802.3ad etherchannel for added oomf!​

The final upgrade is to the tigger, which is upgraded from a one stage trigger to a two stage trigger. The first stage pings to the target, acting as your electronic spotter. This determines hop count and latency to the target. The second stage eradicates the target.​
That is precious...:-)
 
Top Bottom