Spammers Hosted at Splitinfinity
 

Here are some of the URLs spammed to me that are hosted at Split Infinity. I find these rape sites objectionable.

We first notified Split Infinity about them 3 days ago but no action taken.

http://www.sqare-track.info

http://www.foilon.biz

http://diana-com.biz

http://www.comtarade.info

http://www.doinitu.info

We would never do any business with a company that hosts spammers.

maybe I am out of the loop . . . but how do you know those guys are spammers?

3 whole days notification? On a long weekend no less? lol

I am sure they can live without the business of someone as clued in as you.

They keep sending spam to my email...

EviLGuY,

3 days not enough? Maybe my boxes are best where they are. My current host has someone there 24/7.

Looks like you're the one not clued in...

You have to look at it like a business.. they have to do some due dilligence and actually TALK to their customer etc. How would you feel about a host that just takes all your shit offline because of one guy complaining without them even checking into it? All of this over memorial weekend which is one of the bigger long weekends in the US.

spaming rape ...?

Yeah those sites ARE fucked up, I'm just saying its a little unrealistic to come to the boards about them not getting taken down.. over a long weekend.

Weekend is over and sites remain which speaks for itself.

I'm all for being fair to people but how many days grace do you give guys spamming rape sites?

Are you really trying to say that Split Infinity have had no-one looking at email for 3 days? In fact today is the 4th day.

:waaaaahh :waaaaahh :waaaaahh

We just went through a maintenance procedure. We got the complaints and are dealing with it. However you assumption that they are our customers is not correct.
They are customers customers and we have to execute an escalation procedure to
make them abide by the rules. We do not have direct access to the end user to terminate them directly. You notified us and we notified his host, awaiting response.

Regards,
Split.

They don't do shit, thats why they've always hosted warez and password sites.

WDSguy is a fuckwad. :-) IMHO.
He holds on to 1998 pretty well. He speaks of which he knows not.
:-)

Note: We do not host password or warez sites knowingly.
:-)

I´d never do business with a host that shut down anything instantly because of a surfers complaints...

Fairness goes both ways, and the least to be expected is dialogue with the custumer and the case thoroughly looked at.

Have also sent it to Verio to see if they can assist.

Are rape sites legal, can I email some law enforcement agency about these guys?

Verio will pass it to us for us to pass it to them for them to pass it to their customer.
The way it goes, it may take a day or two more, but the offending sites if found to be against AUP will be terminated. I cannot be judge jury and verdict on customers of customers sites..... it has to follow due process since we dont have direct control of
the customer. Also even if we did have direct control, a process would need to be followed.... In this case, it looks pretty cut adn dry and we would term them based on many factors. I would wait it out, you have done your part, now its all in due dillegence. :-)

Cheers.

Split.

Okay, thanks for your help.

Is that a joke, did you even bother reading the thread :disgust

show no mercy to spamming idiots!

there is so no money in spam

Here are all the domains those spammers were using.... they hacked a server and added some hidden configs to apache...

[/usr/src/redhat/...]# cat .31_05
<VirtualHost 168.143.121.192>
DocumentRoot /usr/src/redhat/.../ugly
ServerName ugly
ServerAlias addbd.biz *.addbd.biz addbd.info *.addbd.info adimut.biz *.adimut.biz adimut.info *.adimut.info aditage.biz *.aditage.biz aditage.info *.aditage.info adutange.biz *.adutange.biz adutange.info *.adutange.info baklan.biz *.baklan.biz biz-case.biz *.biz-case.biz biz-case.info *.biz-case.info bo-info.biz *.bo-info.biz bo-info.info *.bo-info.info combabyes.biz *.combabyes.biz combabyes.info *.combabyes.info com-mate.biz *.com-mate.biz com-mate.info *.com-mate.info comserv.biz *.comserv.biz comtarade.biz *.comtarade.biz comtarade.info *.comtarade.info dayana-com.biz *.dayana-com.biz dayana-com.info *.dayana-com.info dbserv.biz *.dbserv.biz dbserv.info *.dbserv.info diana-com.biz *.diana-com.biz diana-com.info *.diana-com.info diazame.biz *.diazame.biz diazame.info *.diazame.info digital-style.biz *.digital-style.biz digital-style.info *.digital-style.info dijarling.biz *.dijarling.biz dijarling.info *.dijarling.info dijavu.biz *.dijavu.biz dijavu.info *.dijavu.info diligance.biz *.diligance.biz diligance.info *.diligance.info dilinig.biz *.dilinig.biz dilinig.info *.dilinig.info dizmakefill.biz *.dizmakefill.biz dizmakefill.info *.dizmakefill.info do-info.biz *.do-info.biz do-info.info *.do-info.info doinitu.biz *.doinitu.biz doinitu.info *.doinitu.info dolinis.biz *.dolinis.biz dolinis.info *.dolinis.info extimechat.biz *.extimechat.biz extimechat.info *.extimechat.info extrimeroom.biz *.extrimeroom.biz extrimeroom.info *.extrimeroom.info

ServerName violence
ServerAlias crosspointm.info *.crosspointm.info crowa.info *.crowa.info declinev.biz *.declinev.biz declinev.info *.declinev.info declinev.net *.declinev.net defrosti.info *.defrosti.info deletiony.info *.deletiony.info delphinem.biz *.delphinem.biz delphinem.info *.delphinem.info delphinem.net *.delphinem.net deputations.biz *.deputations.biz detoxifyp.info *.detoxifyp.info dieboldb.info *.dieboldb.info diffracty.info *.diffracty.info discreete.info *.discreete.info diversiond.info *.diversiond.info dodecahedrai.net *.dodecahedrai.net dosek.biz *.dosek.biz droopg.biz *.droopg.biz droopg.info *.droopg.info dualismv.net *.dualismv.net durrellw.info *.durrellw.info eavesdroppingx.info *.eavesdroppingx.info effiek.net *.effiek.net eiderc.biz *.eiderc.biz escritoireb.info *.escritoireb.info fireq.info *.fireq.info flowerpotb.info *.flowerpotb.info fossl.biz *.fossl.biz fowlp.net *.fowlp.net frozena.biz *.frozena.biz frozena.info *.frozena.info frozena.net *.frozena.net fussyt.biz *.fussyt.biz fussyt.info *.fussyt.info galenaw.net *.galenaw.net grandniecei.info *.grandniecei.info haploidx.net *.haploidx.net hebew.biz *.hebew.biz hebew.info *.hebew.info hibbardf.info *.hibbardf.info histrionica.info *.histrionica.info hoveo.biz *.hoveo.biz hugod.info *.hugod.info hurricanex.info *.hurricanex.info indignityw.info *.indignityw.info inkj.info *.inkj.info intransigentx.info *.intransigentx.info iraniana.info *.iraniana.info joaquinp.info *.joaquinp.info kavam.biz *.kavam.biz laxativeh.biz *.laxativeh.biz laxativeh.info *.laxativeh.info laxativeh.net *.laxativeh.net leachm.info *.leachm.info

ServerName ugly
ServerAlias mathieuh.info *.mathieuh.info monetaryq.info *.monetaryq.info nagasakiw.info *.nagasakiw.info newbornx.biz *.newbornx.biz occurreda.net *.occurreda.net orthonormalm.info *.orthonormalm.info orthonormalm.net *.orthonormalm.net partisanh.info *.partisanh.info perspectivee.info *.perspectivee.info photolyticu.biz *.photolyticu.biz photolyticu.info *.photolyticu.info photolyticu.net *.photolyticu.net pokerfaceu.biz *.pokerfaceu.biz primpm.info *.primpm.info pulsatea.net *.pulsatea.net quickenq.info *.quickenq.info radicesg.info *.radicesg.info rejuvenatet.net *.rejuvenatet.net responsives.biz *.responsives.biz revisionz.info *.revisionz.info rollickk.info *.rollickk.info salutationr.info *.salutationr.info sandrao.info *.sandrao.info sapiensa.info *.sapiensa.info sapiensa.net *.sapiensa.net sauteh.info *.sauteh.info scmg.info *.scmg.info shadflowerc.info *.shadflowerc.info shipleye.net *.shipleye.net sideshowi.info *.sideshowi.info sightseez.biz *.sightseez.biz sightseez.info *.sightseez.info sightseez.net *.sightseez.net smuggleu.info *.smuggleu.info statev.info *.statev.info stipendo.info *.stipendo.info sucroseh.biz *.sucroseh.biz sucroseh.info *.sucroseh.info sucroseh.net *.sucroseh.net sustenancem.net *.sustenancem.net synagoguey.biz *.synagoguey.biz theologyu.biz *.theologyu.biz thighl.net *.thighl.net truthfulo.info *.truthfulo.info twitchyk.biz *.twitchyk.biz upslopeu.info *.upslopeu.info varietyi.biz *.varietyi.biz virtuep.net *.virtuep.net witheb.biz *.witheb.biz zellerbachz.biz *.zellerbachz.biz

There is ALOT more thant that too.... let me know if you want them all...

Bingo. Trigger happy hosts are the bane of any webmaster hosting anything which might upset anyone.

Personally, I will not do business with any host who pulls the box first and asks questions later.

These guys were term'd not because of their content, morals etc.... but because
they were hacking into a server of our customers customer..... (no, we dont manage the server, however we de-hacked it for them.)

These domains (and hundreds more) have been deleted...

http://www.sqare-track.info

http://www.foilon.biz

http://diana-com.biz

http://www.comtarade.info

http://www.doinitu.info

Split, good work in exposing those idiots.

Did you find any email lists? :Graucho

fuckin idiot.

Any clues as to the source of the attack?


I get regular password attacks against my secure services, usually from Eastern Europe.

Here is what they do....
they break into a server... and make a simple edit to the httpd.conf file in apache adding in an easy to overlook "Include" line like this:
Include /usr/src/redhat/.../.h
(note the hidden directory named ... they try to blend that in with normal unix directory listings so it skips past your vision in directory listings)
Inside the directory /usr/src/redhat, they have a file called .h which is an include file that includes many other files listing HUNDREDS AND HUNDREDS of domains like this:
ServerName violence
ServerAlias crosspointm.info *.crosspointm.info crowa.info *.crowa.info declinev.biz *.declinev.biz declinev.info *.declinev.info declinev.net *.declinev.net defrosti.info *.defrosti.info deletiony.info *.deletiony.info delphinem.biz *.delphinem.biz delphinem.info *.delphinem.info delphinem.net *.delphinem.net deputations.biz *.deputations.biz detoxifyp.info *.detoxifyp.info dieboldb.info *.dieboldb.info diffracty.info *.diffracty.info discreete.info *.discreete.info diversiond.info *.diversiond.info dodecahedrai.net *.dodecahedrai.net dosek.biz *.dosek.biz droopg.biz *.droopg.biz droopg.info *.droopg.info dualismv.net *.dualismv.net durrellw.info *.durrellw.info eavesdroppingx.info *.eavesdroppingx.info effiek.net *.effiek.net eiderc.biz *.eiderc.biz escritoireb.info *.escritoireb.info fireq.info *.fireq.info flowerpotb.info *.flowerpotb.info fossl.biz *.fossl.biz fowlp.net *.fowlp.net frozena.biz *.frozena.biz frozena.info *.frozena.info frozena.net *.frozena.net fussyt.biz *.fussyt.biz fussyt.info *.fussyt.info galenaw.net *.galenaw.net grandniecei.info *.grandniecei.info haploidx.net *.haploidx.net hebew.biz *.hebew.biz hebew.info *.hebew.info hibbardf.info *.hibbardf.info histrionica.info *.histrionica.info hoveo.biz *.hoveo.biz hugod.info *.hugod.info hurricanex.info *.hurricanex.info indignityw.info *.indignityw.info inkj.info *.inkj.info intransigentx.info *.intransigentx.info iraniana.info *.iraniana.info joaquinp.info *.joaquinp.info kavam.biz *.kavam.biz laxativeh.biz *.laxativeh.biz laxativeh.info *.laxativeh.info laxativeh.net *.laxativeh.net leachm.info *.leachm.info
ServerName ugly
ServerAlias mathieuh.info *.mathieuh.info monetaryq.info *.monetaryq.info nagasakiw.info *.nagasakiw.info newbornx.biz *.newbornx.biz occurreda.net *.occurreda.net orthonormalm.info *.orthonormalm.info orthonormalm.net *.orthonormalm.net partisanh.info *.partisanh.info perspectivee.info *.perspectivee.info photolyticu.biz *.photolyticu.biz photolyticu.info *.photolyticu.info photolyticu.net *.photolyticu.net pokerfaceu.biz *.pokerfaceu.biz primpm.info *.primpm.info pulsatea.net *.pulsatea.net quickenq.info *.quickenq.info radicesg.info *.radicesg.info rejuvenatet.net *.rejuvenatet.net responsives.biz *.responsives.biz revisionz.info *.revisionz.info rollickk.info *.rollickk.info salutationr.info *.salutationr.info sandrao.info *.sandrao.info sapiensa.info *.sapiensa.info sapiensa.net *.sapiensa.net sauteh.info *.sauteh.info scmg.info *.scmg.info shadflowerc.info *.shadflowerc.info shipleye.net *.shipleye.net sideshowi.info *.sideshowi.info sightseez.biz *.sightseez.biz sightseez.info *.sightseez.info sightseez.net *.sightseez.net smuggleu.info *.smuggleu.info statev.info *.statev.info stipendo.info *.stipendo.info sucroseh.biz *.sucroseh.biz sucroseh.info *.sucroseh.info sucroseh.net *.sucroseh.net sustenancem.net *.sustenancem.net synagoguey.biz *.synagoguey.biz theologyu.biz *.theologyu.biz thighl.net *.thighl.net truthfulo.info *.truthfulo.info twitchyk.biz *.twitchyk.biz upslopeu.info *.upslopeu.info varietyi.biz *.varietyi.biz virtuep.net *.virtuep.net witheb.biz *.witheb.biz zellerbachz.biz *.zellerbachz.biz


They literally have thousands of domains.

Here it the ip they broke into the server from:

May 31 10:14:42 sp82 sshd[22426]: Illegal user cisco from 128.198.60.40
May 31 10:14:47 sp82 sshd[22467]: Illegal user jason from 128.198.60.40
May 31 10:14:53 sp82 sshd[22491]: Illegal user patrick from 128.198.60.40
May 31 10:14:58 sp82 sshd[22553]: Illegal user richard from 128.198.60.40
May 31 10:15:04 sp82 sshd[22598]: Illegal user jerry from 128.198.60.40
May 31 10:15:09 sp82 sshd[22615]: Illegal user auth from 128.198.60.40
May 31 10:15:15 sp82 sshd[22643]: Failed password for games from 128.198.60.40 port 49145 ssh2
May 31 10:15:21 sp82 sshd[22675]: Illegal user pub from 128.198.60.40
May 31 10:15:26 sp82 sshd[22685]: Illegal user support from 128.198.60.40
May 31 10:15:32 sp82 sshd[22698]: Illegal user research from 128.198.60.40
May 31 10:15:37 sp82 sshd[22724]: Illegal user view from 128.198.60.40
May 31 10:15:43 sp82 sshd[22755]: Illegal user master from 128.198.60.40
May 31 10:15:48 sp82 sshd[22806]: Illegal user tmp from 128.198.60.40
May 31 10:15:54 sp82 sshd[22835]: Illegal user temp from 128.198.60.40
May 31 10:15:59 sp82 sshd[22873]: Illegal user work from 128.198.60.40


May 31 10:14:31 sp82 sshd[22323]: Failed password for mail from 128.198.60.40 port 48937 ssh2
May 31 10:14:36 sp82 sshd[22365]: Failed password for cpanel from 128.198.60.40 port 48965 ssh2

traceroute to 128.198.60.40 (128.198.60.40), 30 hops max, 38 byte packets
1 service168-143-119-2.splitinfinity.net (168.143.119.2) 0.744 ms 1.052 ms 0.572 ms
2 ge-1-1-0-3.r01.sndgca01.us.bb.verio.net (129.250.27.110) 0.897 ms 0.930 ms 0.860 ms
3 p4-2-0-0.r00.lsanca01.us.bb.verio.net (129.250.2.165) 4.248 ms 4.350 ms 4.256 ms
4 bur-brdr-01.inet.qwest.net (205.171.4.37) 4.813 ms 4.656 ms 4.764 ms
5 bur-core-01.inet.qwest.net (205.171.13.9) 4.888 ms 4.903 ms 5.000 ms
6 dia-core-03.inet.qwest.net (205.171.8.118) 47.876 ms 47.949 ms 47.748 ms
7 dvr-edge-03.inet.qwest.net (205.171.10.34) 47.993 ms 47.979 ms 47.872 ms
8 65.121.122.206 (65.121.122.206) 50.575 ms 50.721 ms 49.534 ms
9 frgp-link-at-uccs.uccs.edu (128.198.254.1) 54.139 ms 53.909 ms 53.982 ms
10 uccshub-v254.uccs.edu (128.198.254.11) 53.800 ms 54.181 ms 53.653 ms


university of colorado
a script kiddie most likely

With alot of money or stolen credit cards.
because they have hundreds of domains.

Will you be pursuing this with the UUCS abuse department?

Already been done. ;-)

Many sites, but all using a signup form hosted on http://megarape.net

so you are admitting on the board you have insecure servers. and useless system admins. or you dont know how to secure your machines?

Stupid thread title.

You think servers are secure? You're kidding, right?

No server is secure, dude. Some are easier than others, that's all.

besides, split was only providing real estate, not SA.

I'm wearing my Split Infinity shirt right now. :)

And how do you know the client wasn't to blame for allowing the breach to occur?

:Oh crap :Oh crap :Oh crap

"so you are admitting on the board you have insecure servers. and useless system admins. or you dont know how to secure your machines?"

Wasnt our server beotch! :-)
LOL

Remember, I'm the one who de-hacked it. :-)
Not the one who configured it. Actually the server isnt even in our realm of administrative services since it is a colocation.

:-)