Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Another Spammer D'Oh! | Main | Ooh, Stanley. I Can Hardly Wait! »

October 04, 2006


Ok, maybe not speechless, since I'm writing about it. But I'm left scratching my head nonetheless.

At approximately 11:00am PDT on Sunday, 24 September 2006, I filed an abuse report via email to the holder of an IP block containing an IP address of a server that had been hijacked by a phisher. The company, Corporate Colocation, Inc., is based on Los Angeles. I don't know anything more about them than what their Web site advertises.

It's not uncommon for an IP block owner to parcel out blocks to smaller ISPs, who then resell Internet access on a local or regional level. Unfortunately, IP whois records rarely reveal contact information for the last link in the chain—the small ISP responsible for customer contact. Therefore, I expect the big block holder to forward the complaint to the sub-block holder, who can then handle the situation with the customer whose server has been hacked. From what I can tell, this type of communication happens frequently, and phishing pages are regularly and relatively promptly taken down in these situations.

So, this morning in my inbox is a copy of an email that Corporate Colocation sent to the small ISP about my abuse report. Normally, I would consider that a nice touch to keep me informed about progress in handling the complaint. But in this case, Corporate Colocation took ten days to pass along my complaint.

T E N  D A Y S!

Since phishing sites are most effective (a.k.a. damaging) in their first 48 hours, why is this outfit waiting ten days to release the hounds? In truth, their "Abuse Department" probably didn't even check the URL I had submitted. My original report also went to another contact address, and the site was taken down much closer to the original report date. Sending this notice was a complete waste of everyone's time.

Can an IP block holder and supposedly modern-day service provider be so clueless about the speed needed to take down a phishing site? Apparently so.

Posted on October 04, 2006 at 11:34 AM