ddos - and down we went. For good?

Update June 30
They have succeeded.
spam-court.com is most likely gone. As a domain. Parts of the content will still be around. Somewhere.
I personally never thought the criminals, the spammers, the wannabees [insert your favorite here] at bulkerforum.biz would get that scared.

In hindsight, hosting spam-court on a shared hosting plan was not a good idea.
If we had known they would resort to ddos-ing the site, that is.
Our host (dreamhost.com) has been patient with us. Even leaving a small opening for reinstating the site. We may try that.
But someone (or several) on bulkerforum.biz is/are probably so scared because of the content that it will most likely be ddosed to death again. So in the long run we think it will not be possible to host the site on a shared server. We are not willing to spend the money on a dedicated server.

The solution will be to put the content up "here and there". Mainly using blogger.
Others have asked for permission to publish the content from spam-court.com. We have agreed. In general, we don't mind if that is being done. Just give us a note at veruccawatcher@gmail.com first.
Some of it is already up at http://spam-court.blogspot.com. (And no, nobody from spam-court.com are responsible for that one).

We are a bit lazy, but during the next months more content from spam-court.com will show up elsewhere. Together with fresh content. Probably some fresh content first, we don't quite know yet.

As said earlier, someone from bulkerforum.biz must be very afraid.
Not only pissed off, we don't think they would have ddosed the site three times because of that. Good oldfashioned fear is probably the reason. We can smell it. Not only from the shitty pants of Marion Lynn.

We will not say "Stay tuned". Expect infrequent updates here.

June 26 2007: ddos again

This is the third one on spam-court.com since June 17.
Started Tuesday morning.
So the site went down again.

Judging by the size of the logs, this is the strongest attack so far.

Someone at bulkerforum.biz must be pissed.
Or afraid.
Very afraid.
Not only one of them, but several.

eliteboy / jakel0an15.com

And as a quick note regarding bigjohnson/mbulks/eliteboy and whatever nick he is using on bulkerforum.biz:

Latest domain spamvertized is jakel0an15.com, hosted at 80.96.148.216 in Romania.

inetnum: 80.96.148.0 - 80.96.148.255
netname: MCD-INFONET-SRL
descr: MCD INFONET SRL
descr: Armenis nr. 6
descr: Bl J3 Sc D Ap 37
descr: S 3 Bucuresti Romania
country: ro
admin-c: MH1895-RIPE
tech-c: GM12873-RIPE
status: ASSIGNED PA
mnt-by: AS3233-MNT
mnt-lower: AS3233-MNT
mnt-routes: AS3233-MNT
mnt-routes: MCD-INFONET-MNT
source: RIPE # Filtered

person: Marius Herea
address: MCD Infonet S.R.L.
address: Armenis 6, Bl. J3, Sc. D, Ap. 37
address: Sector 3, 032483, Bucuresti, Romania
phone: +40-722382784
fax-no: +40-21-3228869
e-mail: marius@gazduire.ro
nic-hdl: MH1895-RIPE
mnt-by: MCD-INFONET-MNT
source: RIPE # Filtered

person: George Mihalcea
address: NetBridge Investments S.R.L.
address: Unirii,45
address: Bucharest,Romania
phone: +4013228838
fax-no: +4013228849
e-mail: georgem@netbridge.ro
nic-hdl: GM12873-RIPE
mnt-by: AS3233-MNT
source: RIPE # Filtered

% Information related to '80.96.148.0/24AS25116'

route: 80.96.148.0/24
descr: MCD-INFONET-SRL
origin: AS25116
mnt-by: MCD-INFONET-MNT
source: RIPE # Filtered

spam-court down again

First attack lasted a around a couple of days, from last Sunday till Tuesday.
Came in waves.
There was one attack very early this morning.
Then it seems they switched their attention to spamhaus.org.
And then back to spam-court again.
Our intuition told us they would start again and the main site was taken down right before the attack started again.
The main reason for taking the site down is respect for the other customers of Dreamhost.

You are not missing anything, there has not been any news postings.

What's a ddos?

Link to wikipedia:
http://en.wikipedia.org/wiki/Denial-of-service_attack

A short explanation we stole from http://www.riorey.com/:

Distributed Denial of Service (DDOS) attacks, in which a targeted server is crippled or shut down by a flood of malicious traffic, are a growing threat to both public and private networks, [...].

And then the ddos on spam-court.com was a reality

Sunday, June 17 2007, afternoon.
Dreamhost support worked their asses off.
Until they gave up and spam-court went down.

A few of the IPs used in the attack (from some russian botnet, apparently):
62.215.5.4
82.162.113.82
82.201.235.7
84.36.97.12
125.31.9.66
190.42.100.176
200.56.216.214
200.98.140.13
200.143.129.98
200.171.65.208
201.14.103.236
201.18.111.21
201.22.100.185
201.213.154.18
201.132.246.17
201.240.34.11

I am personally thinking of MadTeamComp and/or AlpCRAZY-TeaM.
What-/whoever they are.
Long shot, yeah.
But those russians happily work for around $35 an hour.
I have heard that is the price for a ddos these days.

Did not take too long.

Now I am wondering who ordered it?
Oh, was there a guy on bulkerforum.biz who called for a ddos on spam-court.com?
Who was that?

About bulkerforum.biz

In short:
bulkerforum.biz is a place where spammers, various criminals, wannabees etc. gather to exchange information, offer or ask for "services" or just chitchat about their activities.

A few examples:

From a posting by "S-RX" in september 2006:

- botnetvork is given, soft is acquired for delivery;
- short domains are given for a spam by pictures;

Botnetwork and spam? Legal?

The member "martyball" posted in May 2007:

Subject: Looking for Stock mailers

Looking for "Stock mailers" in a forum filled with criminals?
No, I am probably paranoid, this could not be pump and dump stock spamming?
On second thought, it probably is. Legal?

And one of the serious ones:
IframeMany which has been tied to the criminal Russian Business Network.
First posting:

For BotNet owners. For Bot sellers. Extra earnings.

http://www.2-antispyware.com/

[some Russian characters removed]
We provide you EXE file that should be run at EU and US Bots, other countries are not actual.


This EXE file is not connected to the Internet.
All that it does is informing a user via a full-screen message about Trojan found and if he wants to repair the system, he should should download and install antispyware software.

We pay $25 Per Sign Up

Our advertising module does not influence on the work of the computer and easily can be closed, but it appears every 2 hours.

The indexes of selling are perfect.

We pay once per week plus the 7 day hold.

We provide exe or iframe solution for software selling.

Other variances for co-operation can be discussed.

ICQ
378-026-659

For even more readings about what kind of criminals who are members of bulkerforum.biz: Guardian article about RBN

Alzheimer? Or just a liar?

The chicken shits his pants and runs away:
http://spam-court.com/?q=node/67 (Link dead, site ddosed to silence as of June 26 2007 and again in November 2007: EDIT: Live again in November 2008)

He can run, but he cannot hide from the truth.

To repeat some of his posting on bulkerforum.biz:

SOMEONE needs to do a "Blue Security" on them, like RIGHT THE FUCK NOW!
If this post reads as though I am calling for open warfare on these bastards; that is EXFUCKINGZACTLY what I am doing!

"open warfare" and "Blue Security"? That means a ddos, Marion Lynn.
Screenshots of the posting are available.
And time will show the truth.

Nick Danger, Marion Lynn, Marion S Lynn, Marion Sydney Lynn, Marion Sidney Lynn, coward .

What's that smell?

From spam-court.com
This one was posted June 9th, 2007

What's that smell?
Or: The big strong man with guns who turned into a chicken.

"Nick Danger" was asked a question over at the ljworld today:

Nick, did you call for a DDOS attack on spam-court & offer to help perform
such an attack?
It's a simple question.
#

And the big strong guy who turned into a chicken answers:

9 June 2007 at 10:34 a.m.

Marion (Marion Lynn) says…

Snap:

As far as I know and what my research into the matter indicates is that the
“post” to which you refer is a complete forgery; most likely put together to
look like a snapshot of a webpage and highly likely to have been done by:

(1) Spamhaus as that corrupt group has been known to do that very thing when
it has nothing else.

(2) By party or parties unknown over at NANAE; a group well know for its
fabrication of “evidence”.

These self-appointed Internet Police, very much like some of our local
officers, will stop at nothing to attempt to dscredit internet marketers,
especially compliant and totally legal internet marketers.

Thanks.

Marion.

See:
http://www2.ljworld.com/onthestreet/2007/jun/01/mos_spam/

He knows he posted that one ( internal link ). We saw the damn posting. "HackerX" would have been a tiny better try, but not good enough that either. Anyway: We saw the posting, now Marion denies it all, calling us liars. Running like a chicken.
And yes, we have screenshots. And no, they are not fabricated.

We had not expected a big strong guy like Marion to shit in his diapers like that.
Especially a big strong guy like him with so many many guns. Big tough guy.

There are too many people that saw that posting Marion.
Remember your old buddy? He responded to your posting about a "blue security" on spam-court.com. Before it was deleted by the moderators.
Now we are wondering: If necessary, do someone have to drag him to the courtroom to testify?
Do you dare to gamble: Will he tell the truth or will he lie?
Remember: He said he was quitting the "business", he was a bit concerned about his future.
An old, worn out, sad and pathetic old man gambling with a young, promising guys future?
We did not think so.

Now clean up your shit and put on new diapers Marion, it smells in here.
And for the future: Shut up.
We are tired of you.

Damn it, admin/moderators on bulkerforum: Kick that guy out.
He is an irritating vermin with no value, neither for you nor for us.
Deal?
Or are you keeping him as a kind of entertaining village fool?
Costing you unnecessary attention.
We were planning a little one on Phantom this weekend, we delay it for a unspecified time.

And we are honestly a bit uncomfortable.
Generally speaking, we are uncomfortable with facing obviously unbalanced people.
bulkerforum.biz seems to have its share of both criminal and unbalanced ones in a messy combination.
And just to be sure we are now considering stepping away, backwards, one step at a time, slowly.
After "Nick Danger" is gone from the forum.

There was a ddos aimed at our host today. We are not sure if there was a connection.
But dreamhost doesn't deserve it. Crypto would certainly agree to that.