Thought it might be good to keep this thread to only "questionable" users, so we can all cross check and post our own new registered users.

Usernames - e-mail addresses
georgesltd56 - georgesltd56@GameBox.net
billy_mad25 - billy_mad25@GameBox.net
bof19_br0 - bof19217@BonBon.net
yummy-juice_25 - hum-gim25@BonBon.net
duem_18 - duem_18a@hotpop.com
ginaguy18p0r - fsadfasdfasdfad@hotmail.com
jimyoung19a1 - jimyoung19a1@gamebox.net
fred15121345 - fred15121345@BonBon.net
andrew_p21 - andrew_p21@BonBon.net
henryguy79 - henryguy79@GameBox.net
celebguy_dv - celebguy_dv@BonBon.net
gymifty9 - gymifty@BonBon.net
jimkel19 - jimkel19@BonBon.net
hotgin20 - hotgin20@BonBon.net
kelproit62 - kelproit62@BonBon.net
skumar - prespond@rediffmail.com (prespond@rediffmail.com)


IP's
62.168.11.162
63.147.249.47
163.29.100.253
168.209.98.35
168.209.98.67
193.188.97.151
195.116.22.214
198.94.127.6
200.30.100.201
200.168.138.38
200.171.228.168
200.206.213.145
200.206.165.40
200.207.53.33
200.207.153.49
200.230.55.6
203.14.169.19
203.14.169.17
203.124.150.74
208.60.126.2
209.21.98.52
210.220.73.8
211.28.96.41
211.28.96.9
218.145.25.112

Post those you are suspicious of, and by comparison we'll be able to determine if they are legit or not.
Thanks and HTH,
matt

If you are hit by someone with that username, or that email, or the known IP's.

You are best of to collect their abuse before you prune their posts.

Gather a copy by downloading the .html file to a directory on your hard drive, make a .txt file with the username/ email and other profile details.

Find out the abuse departments for the involved hosts: The email they used, their used IP address, their spammed URLs and make 1 email with your complaints, your reference to your attached .zip file with the abuse logs (who have date and time stamps) and what you wish to be done about it and also make sure you mention that they are breaking their services terms of agreement. Because I am pretty sure they are not allowed to use those services to spam. It might be a nice idea to also refer to these threads to show that this is not a one time incident and that you seriously require something to be done about it. ALSO, write this all in your own words ofcourse. If you had any contact with an abuse department that awnsered your email besides the auto reply, maybe post it here, so we know which E-mail address to use.

The more complaints a company gets about a spammer, the more they are willing to clear their own name from not becomming 'an abusive service for spammers'.

Good luck everybody. And update your vBulletin to the latest 2.3.0 (http://www.vbulletin.com/forum/showthread.php?threadid=65126) to prevent further/future abuse.

GameBox.net
This is a free E-mail service. GameBox.net is powered by HotPop, which might explain the other E-mail accounts being a HotPop one.
Their General Terms & Conditions are located here (http://www.gamebox.net/na/index.html)
Check their point: 2.12 Anti-Spam Policy
Which reads:
The Site is vigorously against the practice commonly referred to as “Spam”. Users who are reported and whose claims of “Spam” are validated by the Site, will have their respective accounts either immediately TERMINATED or SUSPENDED, at the sole discretion of the Site. and

Messages posted to Usenet and message boards that are off-topic (unrelated to the topic of discussion), cross-posted to unrelated newsgroups, or posted in excessive volume;

And they mention to report abuse like this:
ABUSE REPORTING: If you wish to report a violation of our Anti-Spam Policy, please forward all evidence of abuse to: abuse@WorldWinner.com (abuse@WorldWinner.com) Please refer responsibly!

HotPop.net
Free E-mail service
Terms of Services and Acceptable Use can be found here (http://www.hotpop.com/tos.jsp)
Also funy to read there:

General Information
HotPOP, HotPOP.com, PunkAss, Punkass.com, SexMagnet, SexMagnet.com, BonBon.net, GameBox, GameBox.net, ToughGuy, ToughGuy.net, Phreaker.net, Get The Message and all associated logos are trademarks of HotPOP. HotPOP reserves copyright on all web pages and original code resident on HotPOP's systems.
Now we know from where we can expect more E-mail accounts from those abusive users.
They have a seperate Page for Anti Spam, which you can find here (http://www.hotpop.com/antispam.jsp)
This page also explains HOW to report abuse and what to look out for. You can report HotPop complaints of abuse here: abuse@hotpop.com

BonBon.net will result in the HotPop web site, so use that same abuse email, but make clear this is a BonBon.net user, which helps them solve it quicker.

You can use the whois databases from Ripe, Arin, etc to lookup their host addresses and find their hostmasters, if you email them, make sure you end with a PS: if this email is emailed to the wrong host master, please reply back to me the correct email address if you have it, and please forward this email to the appropiate contact person. Because most host masters on a ripe contact are for a whole isp and not a individual reseller or whatever. They might assist you on your next step.
Don't forget to stay nice, but strict and clear in your emails, include all possible information in an easy to see/overview manner, date and time stamp everything. So they can trace their system logs to cross match against the user.


Oh, the same anti abuse / spam conditions apply for hotmail.com and their account is abuse@hotmail.com I could paste the urls etc here, but I automaticly get the dutch version :>

You forgot the IPs ;)

Great post xiphoid. THanks for taking the time to gather that info and lay out those instructions.

And yes, i did forget the IP's. :) Sorry, i was running out the door and they slipped my mind. However, the best i can do is go and refrence the other post for them... i've already removed each user individually and no longer have access to the IP's. Could someone be so kind as to post them?
Thanks, and thanks again xiphoid.
matt

(p.s., i'll delete this post if someone will post the IP's, to keep this thread mainly names and that sort of info).
http://www.vbulletin.com/forum/showpost.php?postid=418123&postcount=286

Check this post out.

if you update your first post, i will also delete this post.

Double posting are we? :)

Anyway, that looks like a normal user, you could always keep an eye on the posts by this user, and just ban it when it starts to post spam/pr0n links.

Keep an eye out for this one also:

212.244.226.44

This IP has been "replying to thread" on my forums for at least the past seven hours. Not only that, but there's FIFTEEN of them with the same IP, all trying to reply at the same time.

Double posting are we? :)

Anyway, that looks like a normal user, you could always keep an eye on the posts by this user, and just ban it when it starts to post spam/pr0n links.

Sorry...I thought we were supposed to move post these over here instead.

ginaguy18p0r - fsadfasdfasdfad@hotmail.com (fsadfasdfasdfad@hotmail.com)

Here's the IP I got for ginaguy18p0r: 200.207.53.33

I installed 2.3 and everything is working fine. (I've had lots of guests today) :wink:

Anyway I just had a new user register...the name & email make me wonder:

User: puddycat
email domain: speakeasy.net

their ip starts with a 68 though.

Has anybody had this user???
Speakeasy is my ISP and my isp and my IPs are all in the 68. range.
Don't think you have to worry about that one.

AWS Thanks - I'd all ready come to that conclusion and I'm going to delete my earlier posts - I don't want this to turn into a witchhunt. I was concerned because "puddy" is pretty close to another word the pornbot might use.

New one today:

henryguy79
henryguy79@GameBox.net
200.207.153.49

:rolleyes:

New one:
celebguy_dv
celebguy_dv@BonBon.net
218.145.25.112
added to top.
matt

Here's my most recent wannabe attacker:

Username: gymifty9
IP Addy: 198.94.127.6
Email Addy: gymifty@BonBon.net

And I now see it's trying to Register again with the same IP. lol, I just banned the one above.

Here's my most recent wannabe attacker:

Username: gymifty9
IP Addy: 198.94.127.6
Email Addy: gymifty@BonBon.net
And another from me:
jimkel19
jimkel19@BonBon.net
195.116.22.214

Will add both to the top in a min

Just got this one:

hotgin20
hotgin20@BonBon.net
200.30.100.201

Yup we just had hotgin20 too:mad:

If anyone finds out who made this bot, cut part of their body off for me:mad:

Notice the pattern: virtually all of them have very similar usernames as they have e-mail addresses. They also all have numbers at the end. Granted a lot of people do that who don't own a domain do the same...

Important question: does the spambot just flood the forums with new replies/threads (which?) at once, or does it have a time interval between postings?

And another from me:
jimkel19
jimkel19@BonBon.net
195.116.22.214

Will add both to the top in a min


I have another one too .......

kelproit62

kelproit62@BonBon.net

IP ....... 200.230.55.6

:( Hi all... We are brand new administrators...our bbs is a week old. We got hit with a bunch of them. Luckily I deleted the emails, and I banned the bonbon.net and the game one. I set the spamming threshold to like 80 seconds but I have no idea if that it too low or what. And suggestions or help would be wonderful.
Beth

Board has been up for almost 2 years now. Moderators caught it within 10 seconds of posting.

We got the following information:

U: skumar
E: prespond@rediffmail.com (prespond@rediffmail.com)
IP: 203.124.150.74

Looks to have originated from India

Board has been up for almost 2 years now. Moderators caught it within 10 seconds of posting.

We got the following information:

U: skumar
E: prespond@rediffmail.com (prespond@rediffmail.com)
IP: 203.124.150.74

Looks to have originated from India
Doesn't look to fit the pattern. Anyone else?

Indeed it doesn't. But if it spams, it spams :)

True it does not meet the criteria of the bonbon accounts, but it was porn ads. That is why I posted it here.

True it does not meet the criteria of the bonbon accounts, but it was porn ads. That is why I posted it here.
oh, right. Not saying it doesn't belong here. Just wondering if it was another mass thing or just targeting your forum.
Sorry for any confusion. :)
matt


Indeed it doesn't. But if it spams, it spams :)
LOL :)
indeed

oh, right. Not saying it doesn't belong here. Just wondering if it was another mass thing or just targeting your forum.
Sorry for any confusion. :)
matt

No worries. We have not had any attempts on any type porn spam in the forums previously. We do however get spamming from other sites wanting to promote themselves on the forum. I just found it strange that we had porn spam. I have been watching this thread and others regarding it and felt that it should be reported. If it is not the same pukes that are doing it and it was a random occurance then ahh well. You guys now have another IP and email address to add to your lists.

:cool:

Cheers

1st post updated to this point

Oh man, I'm glad this list was posted -- our forum got hit with one spammer, and I suspended 9 others. :eek:

I noticed that half of them didn't seem to make it
past the e-mail confirmation point. Perhaps if the
format of the confirmation e-mail was changed
around a bit, it would throw them off.

here is more you can add to the list, I found in my forums or in these replys i didn't see in your list

martL
tommy29
lamedica
overclock
gymifty9

I have question on the following not sure if anyone else has these.

red1busta
sherryh71801

I think that is it. I'm up to 16 banned members from this.