A hack attempt? A bot maybe?

**N9ne** · Sun 5 Jan '03, 7:51am

Originally posted by Stryker
Yesterday a new member registered at my board and proceeded to spam each forum with an affiliate link to a privacy/computer cleaning product. We told him to stop it or get out in public and by PM, but got no response. We deleted 15 of his posts but left his first one alone to make sure he saw our comments. Now he keeps coming back and seems to be permanently sending or viewing his PMs.

We've banned his account and his IP, but he's still there apparently sending PMs. I did some checks and it turns out that no-one has received a PM from him which makes his presence in the PM dept. seem even more strange.

What do you think he's up to and what do I do about it? Should I be worried? Any help would be greatly appreciated. Thanks.

Don't be worried, he's probably trying to do actions but seeing the no permission page.

**DirectPixel** · Sun 5 Jan '03, 7:51am

Originally posted by Stryker
Yesterday a new member registered at my board and proceeded to spam each forum with an affiliate link to a privacy/computer cleaning product. We told him to stop it or get out in public and by PM, but got no response. We deleted 15 of his posts but left his first one alone to make sure he saw our comments. Now he keeps coming back and seems to be permanently sending or viewing his PMs.

We've banned his account and his IP, but he's still there apparently sending PMs. I did some checks and it turns out that no-one has received a PM from him which makes his presence in the PM dept. seem even more strange.

What do you think he's up to and what do I do about it? Should I be worried? Any help would be greatly appreciated. Thanks.

Looks like a bot to me...

**N9ne** · Sun 5 Jan '03, 9:09am

Originally posted by DirectPixel
Looks like a bot to me...

I might've misunderstood his post then, Stryker, is it next to that user's username on the online list that you can see the actions being/trying to be performed? Or is it just a match of IP or same IP region?

**Stryker** · Sun 5 Jan '03, 10:20am

Oh I should have mentioned that he appears in the list several times, sorry. He's there first as his registered username and then he appears again as a guest(s). The IP addresses all match and it says next to all the names what he's up to i.e. sending a PM, reading PMs etc. His regged username has now disappeared from the list, but he is still there as a single guest with the same IP and is still "Sending a Private Message".

**hankster** · Sun 5 Jan '03, 11:07am

Could you PM me the IP address? I'd like to block anything like this now before it happens and maybe do a little investigation on that IP. TIA.

**JasonP** · Sun 5 Jan '03, 11:12am

Originally posted by hankster
Could you PM me the IP address? I'd like to block anything like this now before it happens and maybe do a little investigation on that IP. TIA.

Guys for what its worth, I happen to have a SUPER whois program that will give your their exact location. If you will pm me the ip I will pm you the results.

Thanks

Jason

**vBR** · Sun 5 Jan '03, 11:28am

Originally posted by JasonP
Guys for what its worth, I happen to have a SUPER whois program that will give your their exact location. If you will pm me the ip I will pm you the results.

Thanks

Jason

Better than neotrace?
I want it.

**JasonP** · Sun 5 Jan '03, 11:34am

Originally posted by vBR
Better than neotrace?
I want it.

I think its much better personally. All neotrace really does it send you to maybe a router somewhere. How should I send it?

**vBR** · Sun 5 Jan '03, 11:40am

Originally posted by JasonP
I think its much better personally. All neotrace really does it send you to maybe a router somewhere. How should I send it?

Could you pm or e-mail me the link to the download site or post it here?

**JasonP** · Sun 5 Jan '03, 11:48am

Originally posted by vBR
Could you pm or e-mail me the link to the download site or post it here?

on its way

**Stryker** · Sun 5 Jan '03, 11:55am

There we go I've PM-ed you both. Hope that helps. Further info in case it's of any use...

Username: -=[VVPW]=-
All his Custom Profile Fields were filled in with '1990'.
The software he was promoting can be found here: http://www.viaclean.com - it had an affiliate link tacked onto the end but I've removed that.

JasonP, I'd be very interested in taking a look at this program too if you don't mind.

**JasonP** · Sun 5 Jan '03, 11:57am

Here is what my whois reveals on this viaclean.com

64.214.129.198

ViaClean
650 Poydras 2250
New Orleans, LA 70130
US
504-914-5750

Lieske, Noah [email protected]
650 Poydras 2250
New Orleans, LA 70130
US
504-914-5750

Lieske, Noah [email protected]
650 Poydras 2250
New Orleans, LA 70130
US
504-914-5750

NS0.ITMOM.COM 64.214.129.217
NS1.ITMOM.COM 64.214.129.218
Created: 08-24-2001
Expires: 08-24-2003
Source: whois.directnic.com

Originally posted by Stryker
There we go I've PM-ed you both. Hope that helps. Further info in case it's of any use...

Username: -=[VVPW]=-
All his Custom Profile Fields were filled in with '1990'.
The software he was promoting can be found here: http://www.viaclean.com - it had an affiliate link tacked onto the end but I've removed that.

JasonP, I'd be very interested in taking a look at this program too if you don't mind.

**vBR** · Sun 5 Jan '03, 11:59am

Originally posted by JasonP
on its way

Thanks.

**hankster** · Sun 5 Jan '03, 12:05pm

The Ip you gave me points to rackspace and is owned by rackspace. Here is the info:

OrgName: Rackspace.com
OrgID: RSPC

NetRange: 65.61.128.0 - 65.61.159.255
CIDR: 65.61.128.0/19
NetName: RSPC-NET-4
NetHandle: NET-65-61-128-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: ns.rackspace.com
NameServer: ns2.rackspace.com
Comment:
RegDate: 2002-11-01
Updated: 2002-11-01

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: [email protected]

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: [email protected]

# ARIN Whois database, last updated 2003-01-04 20:00
# Enter ? for additional hints on searching ARIN's Whois database.