What is unknown.sagonet.net ?

[arlens]

I recently checked awstats statistics from Cpanel for my website. It showed
the host unknown.sagonet.net was using 77MB of bandwidth which is ten times over any other host and over twice the 30MB size of my site. It also showed much more activity on my guestbook page than my homepage. I have been getting lots of spam entries in my guestbook lately so I expect the two are connected.

Does anyone have knowledge of unknown.sagonet.net ?

[webado]

Indeed. A spambot of sorts. Check this discusison: http://forum.statcounter.com/phpBB2/...hlight=sagonet

[jonra01]

Sagonet.net is a services provider. The visitor has probably got an account with them. Look at your latest visitor stats in cpanel to see if you are getting regular hits from this or any other address. The spammers who were hitting my site were visiting every 5 seconds. They are still coming to the site, but are getting a 403 Forbidden message and are sent on their way. That doesn't stop them from coming back. At least they aren't eating up any bandwidth now that I've got them blocked. Check the post I have on my web blog about dealing with spammers - http://www.jonra.com/blogs/index.php/b/2005/09/22/p64

[Sharron]

Arlen, I just typed (not going to post it here) that name in the address bar and added the www. to the front and removed unknown. There is a website at that domain name.

You can go to dodaddy.com, type the first part of the name in the search box, choose the .net extension then search,, when it comes up taken, then you hit the (more info) link, that will give you more information on them.You cand I believe check the block of IP's from that domain.

If the hit is within that block of IP's I would send email asking what is going on. Take a screenshot maybe of you stat log, for proof, and send it along with a letter of complaint.

Christina and Jonra know about this for sure.


EDIT:
Actually the godaddy stuff does not show the blocks of IP addresses, you can search for the IP addresses somewhere I think, maybe just do a whois search for the one used in your hit. Then it might come back to the server's blocks?

[Brisguy52]

Howdy Arlens,
read this thread elsewhere in this forum :-
http://forum.statcounter.com/phpBB2/...pic.php?t=6308

[JWJ]

Arlen,

These are the guys that I have written about here. Forget writing to them as Sharron suggests ... I've tried that and received no response. If you browse their forum you will see they deny allowing 'unscrupulous' sites to be hosted with them, yet they are clearly doing nothing about it. Even permitting known spammers to continue spamming.

I am trying John's .htaccess solution for a day or two. If that doesn't do it I intend to block their entire IP range.

[arlens]

jonra, I read your excellent blog on spamming and I also added your banned list to my .htaccess file. Its a shame you have to climb in the gutter and use
their porno terms to deal with them.

This is the latest entry in my guestbook: (substitute . for dot)
" casino free bonus
e-mail casino@so-simple.org
URL: http://casino-free-bonusdot100galdotnet
Location: Egypt
Fri, September 23, 2005 12:30 Host: YahooBB219022018085.bbtec.net
I added for professional appropriate"

I wonder why they all have such idiotic phrases. Why don't they just say something like " I really enjoyed visiting your site "? Not that it would stop me from deleting the entry but a few might get by.

[webado]

They use some random text geenrator. 99% of the time it's senseless. Occasionally it looks almost lucid. I just deleted several of these kind of posts from here, afetr I caught on to the trick. The spamming bot would use the Quote button to post a reply to the first post from each first thread in each forum category, and simply add something innocuous like Is that so?

[arlens]

jonra, this entry is in your .htaccess file that I copied to my public_html

RewriteCond %{HTTP_REFERER} (casino) [NC,OR]

I wonder why it did not block the spam entry in my guestbook which has
the word "casino" in it. Is there an additional line I could add to prevent this specific spammer from hitting again?

chrisooc, thanks for the clarification, but I wonder why is there a need for the random text generation when they could just have some generic general phrase that might apply most of the time.

JWJ, sorry to see you are experiencing the same problems as I am but just
remember ... we are humans, they are bots...we will prevail!

[jonra01]

I think you need to have these lines also to catch all instances of casino.

RewriteCond %{HTTP_REFERER} (casino-) [NC,OR]
RewriteCond %{HTTP_REFERER} (-casino) [NC,OR]