Spammin' for Plesk

The below table contains blocking information in use at gtcs.com, and some
other domains, based upon outscatter from an envelope sender indicating that
the spammer is spamvertising for the Plesk site management tool, apparently,
while trying to limit their own spam torrent by dumping it on someone else.

Outscatter below, is mail "bounce" from an automated sender to a non-existent or
otherwise non-originating account.

Snapshot as of Tue, 05 Aug 2008 15:22:13 MDT (also the Last-Modified: header for this page.)

Blocked CIDR Plesk Spammer Claimed to be
2004-12-06 24.97.7.125 schodack.org plesk.tech-ii.com
2004-10-04 62.231.161.9 relay.rdtc.ru plesk.rdtc.ru
2004-07-26 66.98.244.5 ev1s-66-98-244-5.ev1servers.net(forged) plesk.agency.info
2005-02-15 66.98.246.24 plesk.yourprivatedns.com plesk.yourprivatedns.com
2004-06-29 66.98.246.46 police911.net plesk.police911.org
2005-06-17 67.15.122.26 ev1s-67-15-122-26.ev1servers.net(forged) plesk.traffic-giant.com
2005-07-03 67.15.141.138 plesk.weatherstaronline.com plesk.dalesgraphicdesign.com
2004-10-12 69.50.192.64 plesk.arivoo.com arivoo.com
2004-06-23 69.64.32.171 plesk.noamweb.net air052.startdedicated.com
2004-10-18 80.71.0.200 plesk.caladan.net plesk.caladan.net
2005-04-27 196.44.138.89 plesk.tgi.na plesk.tgi.na
2005-02-07 198.143.4.200 plesk.intercom.com plesk.intercom.com
2005-03-09 209.249.62.32 plesk.pugmarks.net plesk.pugmarks.net
2005-01-23 216.40.243.212 \N plesk.explosiveimagehosting.com
2004-12-23 216.40.250.9 ev1s-216-40-250-9.ev1servers.net(forged) plesk.tribulationforces.com
2004-09-16 216.86.138.72 merkury.com(forged) plesk.merkury.com
2004-06-27 216.147.194.100 plesk.panamacom.com panamacom.com
2004-07-10 217.113.240.13 mailkaos.kaos.es(forged) plesk.kaos.es
(18 rows)
The notation "\N" indicates a null reverse-DNS (number-to-name) lookup.
The notation "(forged)" indicates that the name given in reverse-DNS does not match a
forward-DNS (name-to-number) lookup, or didn't when checked.

A similar activity is done through bad setups by QMail, The Barracuda Spamming
“Firewall” and Symantec anti-spam and anti-virus gateway products. Then there's
Microsoft Exchange in a class by itself.

Some even spew this out their trusted Domain Nameservers.

The above listed sites are already participants in a DDoS attack, as described and widely
warned against in a 2004 white paper.

See also: DDoS Attack Hosts

>>This<< webpage was first posted in mid-
February 2005.