Cyberpromo FAQ, version 1.8
Last Updated - 5/1/97
(this is REALLY old, but it is a neat snapshot of 'back then' -arg, December 2007)
Web Site: http://members.aol.com/macabrus/cpfaq.html
Text Only: ftp://members.aol.com/macabrus/cyberpromofaq
Posted bi-weekly to the newsgroups: news.admin.net-abuse.misc,
news.admin.net-abuse.email, news.admin.net-abuse.usenet,
alt.spam, alt.stop.spamming, and free.lunch.no-such-thing. A
pointer to the FAQ is posted weekly in news.admin.net-abuse.email.
Additional posts may be made as needed.
Additional anti-net abuse pages maintained by this author:
Rogue's Gallery of Net Abusers -
http://members.aol.com/macabrus/roguesgallery.html
Net Abuse Links -
http://members.aol.com/macabrus/netabuse.html
Net Abuse FAQs -
http://members.aol.com/macabrus/faqs.html
Spam Fighting Utilities -
http://members.aol.com/macabrus/utilities.html
NEW IN THIS VERSION OF THE FAQ:
- New IP address
- 52 new customer domains
- Cyberpromo no longer hosted by homecom
- Cyberpromo no longer hosted by MCI
- Cyberpromo no longer hosted by CWIX
- Cyberpromo contract with worldcom revoked
- Happenings with telephone numbers
- New native Cyberpromo domain
__________________________
The purpose of this FAQ is to inform and provide corroboration for
persons, companies and organizations on the net who are victimized by
Cyber Promotions, a company that sends large volumes of unsolicited
commercial bulk e-mail over the internet. It is not intended for the
disruption of legitimate commerce and solicitation. It is, however,
provided to assist those who wish to protect themselves from receiving
unwanted e-mail from Cyber Promotions and its associates.
Among other things, this FAQ contains a listing of the known multitude of
valid domains maintained by Cyber Promotions and its associates, as
well as third party domains running through Cyberpromo's servers. It
also gives information on net blocks and active internet connections
Cyberpromo maintains. It also reveals service providers known to provide
connectivity to this company.
I wish to extend my thanks to the many posters of the net abuse
newsgroups, without whom this FAQ would not be possible.
Note: The earliest versions of the Cyberpromo FAQ were posted under
the title of "Cyberpromo Valid Domains," the original list and the
versions 1.1 through 1.4. No version of the FAQ predating this present
version is publicly archived at present.
---TABLE OF CONTENTS---
1. What is Cyberpromo?
2. Who is Sanford Wallace?
3. Who/what are Cyberpromo's bandwidth partners?
4. What is Cyberout Email Services?
5. What is Cyberpromo Autoresponder Services?
6. What is ISPam?
7. What is WebCollector?
8. What is Hypocrite software?
9. What is e-Filter?
10. What is Cyber-Bomber?
11. What is Cyberpromo's "modus operandi"?
12. Does Cyberpromo spam newsgroups?
13. How may I get removed from Cyberpromo's mailing lists?
14. What are the domains affiliated with Cyberpromo?
15. What spam sites are given connectivity to Cyberpromo?
16. Who gives connectivity to Cyber Promotions?
17. Who is Hacker X?
18. Who were/are Cyberpromo's most notorious customers?
1. What is Cyberpromo?
Cyberpromo is the common name for Cyber Promotions, an internet
site dedicated to facilitating unsolicited bulk commercial e-mail.
Cyber Promotions is regarded by most reputable internet service
providers as one of the greatest abusers of the internet, its
disreputable practices including but not limited to the use of a large
number of registered domains and forged domains to evade filters
purposely designed to block its e-mail.
Cyberpromo operates a web page (http://www.cyberpromo.com).
Because it throws out a number of cookies to get information,
it is best viewed via the Anonymizer at http://www.anonymizer.com.
List of presently active Cyberpromo nameservers and netblocks:
netblk-cyberpromo-205-199 205.199.212.0 - 205.199.212.255
ns3.cyberpromo.com 205.199.212.33
ns4.cyberpromo.com 205.199.212.34
ns7.cyberpromo.com 205.199.2.250
Cyberpromo domains, nameservers, netblocks and addresses which
have been either abandoned or disconnected include:
205.177.90.75
205.199.212.50
206.154.151.17
206.27.86.210
207.124.161.50
207.124.161.65
208.5.10.100
208.9.64
208.9.65.10
208.9.65.11
promo-ent.com
netblk-sprint-d00940 208.9.64.0 - 208.9.64.255
ns2.cyberpromo.com
ns5.cyberpromo.com
ns8.cyberpromo.com
ns9.cyberpromo.com
ns10.cyberpromo.com
Despite the fact that InterNIC records record the contrary, there is
no evidence that Cyberpromo's 8th, 9th and 10th servers are connected
any longer, or that Sprintlink or CWIX service this company.
2. Who is Sanford Wallace?
Sanford Wallace, nicknamed Sandy, is a businessman currently residing
in Philadelphia, Pennsylvania, in the United States. Years ago he
actively engaged in the junk fax business under the company name of
Promo Enterprises. After unsolicited junk fax submissions were
outlawed by the U.S. Congress, Wallace turned his attention to the junk
e-mail industry. Sanford Wallace is often credited with being a major
contributor towards the demise of the junk fax industry through his
persistent solicitations.
Wallace originally began in the bulk e-mail business under the name of
Promo Enterprises (promo-ent.com). Not long thereafter he started
business under the corporate identity of Cyber Promotions, which he has
operated under ever since. Recently he started a sister bulk e-mailing
company, Cyberout Email Services, an autoresponder service, and an
internet service provider, ISPam.
Sanford Wallace is often referred to by his opponents as Spamford,
$pamford, Spamford Wallass, Spammy, or Sannie. As a measure of
defiance, Wallace has adopted the most-used name "spamford" as a domain
identity for his new ISP service, in possible violation of the Hormel
trademark. He operates in brazenly open defiance of established internet
convention and etiquette, and has publicly denounced 'netiquette' in
recent history. Wallace likens himself to Madonna and Howard Stern
in terms of being a rebellious type, wishing to force himself and his
philosophy into mainstream culture against its will. He appears to be
genuinely unconcerned about the number of enemies he makes or the
number of people he annoys, as he has many times taken various steps to
purposely evade e-mail filtering mechanisms designed to block him.
He is past all hope of reconciliation with the customary culture of the
internet.
In public statements or when questioned Sanford Wallace denies that
Cyber Promotions is in the business to annoy people, although that is
largely the end result of his business. In court Sanford Wallace has
taken the position that internet service providers are "common carriers,"
under legal obligation to carry his bulk ads, a position with which the
court system disagrees. He also has taken the position that his type of
advertising is free speech protected by the First Amendment of the
United States Constitution, which the courts have also rejected. Sanford
Wallace appears not to care about how illegal his advertising may be in
foreign countries. He also does not appear to care that his practice uses
other people's computer space and resources for personal gain, thereby
shifting the cost of his advertising onto his recipients.
As of late, now that he is in the service providing business, Wallace
refuses to take responsibility for aiding and abetting actions of his
customers by willfully continuing to provide them connectivity, taking
the position that all he does is pass along their traffic and should bear
no such responsibility. Wallace fancies his company to be the pioneer of
the bulk e-mailing industry, which is not factually correct, and is
presently undertaking a personal crusade to "legitimize" the industry of
unsolicited commercial e-mail.
Sanford Wallace may be reached at the following:
Addresses -
Sanford Wallace
1255 Passmore St.
Philadelphia, PA 19111-5530
US
Sanford Wallace
Cyber Promotions, Inc
8001 Castor Avenue Suite #127
Philadelphia, PA 19152
US
Note that the above is only a box address. The true location of
Cyber Promotions is in the Philadelphia suburb of Dresher:
Cyber Promotions, Inc.
830 Twining RD STE 6 & 7
Dresher, PA 19025
US
E-mail addresses -
root@cyberpromo.com
cyberpr@answerme.com
wallace@cyberpromo.com
wallace@ispam.net
postmaster@ispam.net
sanford@cyberpromo.com
While listed as the official address in InterNIC records, the
address domreg@cyberpromo.com has been suspended.
Phone numbers -
800-650-9110 (false disconnection)
801-272-6718 (fax)
801-272-0583
888-BULK-EMA (false disconnection)
215-288-9230
215-289-4610 (fax)
206-824-5406 (fax)
206-824-5406
215-628-2523 (fax)
215-628-9780
215-628-9762 (fax)
215-288-9110 (apparently home)
When one now calls the number 800-650-9110 there is a recording
that says: "1-800-650-9110 has been disconnected. Please call
1-215-628-9780. Thank you." This message is a hoax designed to
throw off complainers from using the toll-free number. A
similar message answers the 888-BULK-EMA number. Both still
reach Cyber Promotions.
3. Who/what are Cyberpromo's bandwidth partners?
Cyber Promotions has in the past advertised for and has touted its
"Cyberpromo Bandwidth Partnership," a plan devised by Sanford
Wallace to lease bandwidth from third parties through which
Cyberpromo can conduct its e-mail business. While it may have had
some takers at first, it appears today that the existence of this
partnership is a hoax. Addresses known to have ended in .cpbw and the
address phila2.bw.partner.22.of.53 have been found to have been from
Cyberpromo servers, among others. Variations of *relay* have also
been used in the Received headers, such as relay7, etc. Any address
that carries a header *bw.partner* is from Cyber Promotions.
4. What is Cyberout Email Services?
Cyberout Email Services appears to be a sister bulk mailing company
which uses the nameservers of Cyber Promotions to operate. Sanford
Wallace runs this service as well. The existence of Cyberout Email
Services may possibly be a clandestine attempt by Wallace to
circumvent court orders prohibiting Cyberpromo from mailing to
certain internet service providers.
5. What is Cyberpromo Autoresponder Services?
Cyberpromo Autoresponder Services appears to be a singular domain
(zapback.com) set up to provide autoresponder services to clients. Many
of the Cyberpromo-affiliated addresses known through time have been
autoresponders and not real people.
6. What is ISPam?
ISPam is an Internet Service Provider set up by Sanford Wallace to
provide a haven for junk e-mailers. Third parties can sign up with
ISPam to be able to send their mail, with the assurance they will never
be kicked off of it for doing so. It may be a way for Sanford Wallace to
continue to make money, since Cyberpromo itself is banned from
mailing to a great many addresses on the net. ISPam has been used to
mail addresses that Cyber Promotions is legally banned from mailing,
such as America Online subscribers. In the words of Sanford Wallace
himself: "For the first time in history, mass marketing on the Internet
will be determined by economics rather than 'netiquette.'"
Despite header claims to the contrary, there is no evidence ISPam is
used as a relay.
7. What is WebCollector?
WebCollector is a product Sanford Wallace is currently marketing to
harvest e-mail addresses from web pages. It culls even e-mail
addresses written as black-on-black on the page, and automatically
tosses out any names with the word "master" in them. However, the
probable accuracy of its searching mechanism to match products to
potential customers, in this author's opinion, may be best described as a
quote from the Paramount movie "Raiders of the Lost Ark":
"You would use a bulldozer to find a china cup."
In Sanford Wallace's own words, "The goal here is to continue to give
bulk emailers the tools they need to prosper in this particular business.
It's certainly not to preserve the sanity of the recipients."
8. What is Hypocrite software?
Hypocrite software, according to Sanford Wallace, is designed to be
a measure Cyberpromo customers can use to stop flame messages.
It is supposed to intercept messages containing keywords it is
programmed to look for, or any mail sent from the same source more
than 20 times in a day, and automatically redirect it to the mailer's
postmaster, abuse, root, as well as their upstream provider, along
with a recommendation that action be taken by the ISP against the
mailer. This message is supposed to repeat itself 50 times per e-mail.
Wallace says "This is Cyber Promotions' way of saying thank you for
supporting everyone's right to conduct business through email!" It
is highly probable that this software will not function accurately,
as not all the addresses it would send to may be accurate. It is also
obvious this software is purposely designed to further abuse the net.
Of course, this assumes in its entirety that this software does in
fact exist and is not some attempt by Wallace to scare off his
detractors by lying in public.
9. What is e-Filter?
E-Filter is e-mail filtering software designed by Sanford Wallace to
filter out junk e-mail. It exists in probable violation of the TSW Inc.
trademark eFilter software name which that much more reputable
company holds. To many the best analogy of Sanford Wallace
offering this is being next of kin to someone robbing a bank and then
coming back to the bank the next day offering to sell them a security
system. Wallace himself has admitted that analogy is accurate. In
the future Wallace may claim to be a pioneer in the creation of these
filters as well, which would be patently false. Some believe the
marketing ploy of offering this software is extortion, literally
telling the public they have to buy his software if they truly wish to
evade Cyberpromo spam. Regardless, the mail filter known as
procmail has a high and widely-regarded reputation as the best junk
e-mail filter around, with a proven record of reliability, and is free.
It also would make the most common sense for a customer to trust
the ability of e-mail filters from anti-spam specialists over those
from a confirmed abuser who doesn't even remotely specialize in
filtering protection.
10. What is Cyber-Bomber?
It is something Sanford Wallace touts is breakthrough software,
giving his customers the ability to send bulk e-mail through
Cyberpromo without being traced through stripping origin and
relay information, forging message identifications, etc. In other
words, it is no new invention, but a de facto anonymous remailer
for Cyberpromo customers. Anonymous remailers are not in common
use by advertisers of the internet, probably due to the fact that
reputable advertisers have nothing to hide from the public. This
is the first known anonymous remailing spam service.
11. What is Cyberpromo's "modus operandi"?
Cyber Promotions exists for the purpose of providing bulk e-mail
services to clients. This includes culling vast lists of e-mail
addresses through various means and making those lists available to
paying clients.
Many Cyberpromo customers pay for accounts at one of Cyberpromo's
myriad domains or at a sister company. From these accounts bulk
e-mail is sent through Cyberpromo's servers. Cyberpromo customers
also pay for the use of autoresponders at Cyberpromo domains to use
when they send their own bulk e-mail from outside companies.
Cyber Promotions has also put together the ISPam internet service
provider. Domains for this service include ispam.net, spamford.net,
ispam.com and spamford.com. Third parties sign up for this service
and send their junk e-mail through Cyberpromo's nameservers. In
addition, Cyber Promotions sells various types of software to
supplement its income.
Cyberpromo in the past and in the present has used a number of means
to evade the e-mail filters of anyone who chooses to block they and
their clients' e-mail advertisements. These practices have been known
to include:
A. Using multiple registered domains
When America Online began the mass-blocking of of Cyberpromo
at the overwhelming request of its customers, Cyber Promotions
took to creating new domains to avoid AOL's and others' e-mail
filtering mechanisms. Over the stretch of time, Sanford Wallace
has spent an impressive amount of money just to avoid filters
and force his mail on those who try to block it. This has resulted
in the creation of a sizable number of registered domains, as
can be seen below.
B. Using bogus domain names
This involves forging an invalid domain name into the headers.
It often has the effect of clogging the systems of the ISP it is
sent to, when the mail is blocked and cannot be returned to a
valid address. Except for (C), this technique causes the most
damage to Cyberpromo's mailing target.
C. Bounce mailings off of third parties
Presently this technique is used very often by Cyber Promotions.
This technique involves bouncing e-mail off of an innocent third
party, thereby making your e-mail look like it came from that
domain. It is highly probable, based on the results of the Prodigy
v Cyberpromo lawsuit, that this act constitutes trademark
infringement. Cyberpromo in the past has done this with companies as
prominent as Compuserve, and has been successfully stopped from
doing so by legal action by Concentric, Prodigy and Compuserve.
Cyberpromo has also been documented to bounce mailings off others as
an act of revenge, such as right after Erols revoked Sanford Wallace's
account. This tactic has the potential of spurring retribution against
the innocent ISP, and in extreme circumstances can provoke an illegal
Denial of Service attack against them. A Denial of Service attack can
include but is not necessarily limited to persons sending a huge amount
of e-mail to the domain they believe sent to junk e-mail to overload
its servers. Due to the large mailings Cyberpromo does, the sheer
number of legitimate, non-attack complaints alone may overload the
systems of the innocent service provider Cyberpromo bounced off of. In
total scope, the tactic of bouncing e-mail has the definite potential to
damage or destroy the reputation of the third party.
Companies known to have been victimized or attempted to be victimized
by this tactic include Concentric, Prodigy, Compuserve, Graves, Erols, and
America Online. Please note that all of the above companies are
INNOCENT VICTIMS which in no way whatsoever support the services
of Cyber Promotions. In fact, all of the above are noted for fighting
spam. If any more service providers have been victimized in this manner
by Cyberpromo, a favor would be conferred to this author and their names
will be officially recognized on this list. It is known that there are many
more victims than accounted for in this inventory.
D. Forge bogus IP addresses
This technique involves forging the IP address of where it was
sent from to attempt to make it unblockable by that method. Wallace
has so far used IP addresses that cannot physically exist, such as
212.959.100.011. These addresses can be blocked with the
following procmail script:
:0
* ^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])
/dev/null
It should be able to kill anything where the apparent IP address
number has a number over 255 or a 3-digit number with a leading
zero.
Also to be noted are the companies that have sought and obtained
legal relief against Cyber Promotions due to its business practices.
These include America Online, Compuserve, Concentric, and Prodigy.
If one wishes to file a formal complaint against Cyberpromo, written
complaints generally are taken more seriously than those sent via
e-mail. A good place to file a formal complaint is:
Bureau of Consumer Protection
Philadelphia Office
Second Floor
21 South 12th St.
Philadelphia, PA 19107
A form that may be used to file a formal complaint may be acquired
from http://www.attorneygeneral.gov/cmplnt.html. It should be
accompanied with whatever offending spam one has. To complain
to a US Attorney General's office, the addresses of all of them may be
found at: http://www.eskimo.com/~brucem/tug.htm.
12. Does Cyberpromo spam newsgroups?
Cyberpromo has allowed two known customers to excessively post
to internet newsgroups so far. Presently mary-world.com is
spamming newsgroups, and the posts are being autocancelled as they
violate the established Usenet spam thresholds established to protect
news servers from being overburdened by the large amounts of
bandwidth the posts take up. It is quite likely, knowing the historic
nature of Cyberpromo and its customers, that any post to a newsgroup
from any of their domains is excessively posted spam in need of
cancelling. For more information on established Usenet spam threshold
limits, see http://www.math.uiuc.edu/~tskirvin/home/spam.html.
13. How may I get removed from Cyberpromo's mailing lists?
The only undisputed way known to exist is to become the keeper of the
Cyberpromo FAQ. Cyber Promotions does maintain a remove address of
manremove@cyberpromo.com, which according to them is supposed to
remove people from the mailing lists. Accounts of the results of many
attempts to be removed over time, posted in various net abuse
newsgroups, have been mixed. Some reported being removed, others
reported being put back on the list after a couple of months, others
have noted its failure altogether. It is not presently known from the
postings whether anyone who has reported to be removed has remained
removed a period of months afterward.
In most recent time, however, it is the generally reported pattern that
all remove attempts have failed. From these public accounts, it would
be best to say one proceeds to attempt to be removed at their own risk.
Some Eagles lyrics probably best sum up what many believe Cyberpromo's
remove policy is in practice: "You can check out anytime you like, but you
can never leave."
A useful procmail script that is an small sample of how Cyberpromo may
be blocked out using various items mentioned in this FAQ is below:
#Trash spam from cyberpromo
:0
* ^Received:.*205\.199\.212
/dev/null
:0
* ^Received:.*207\.124\.161
/dev/null
:0
* ^Received:.*cyberpromo
/dev/null
:0
* ^Received:.*savetrees
/dev/null
:0
* ^Received:.*bw.partner
/dev/null
# End of Cyberpromo kill
14. What are the domains affiliated with Cyberpromo?
This inventory has had a high number of 74 domains, registered
for Cyber Promotions, ISPam, Cyberout Email Services and Cyber
Promotions Autoresponder service. To date this represents over
$6000 Sanford Wallace has invested in efforts to force his or his
clients' messages on those who don't want them and those who have
configured filters to block his domains. This inventory at present
contains 16 Cyber Promotions, 4 ISPam, 1 Cyber Promotions
Autoresponder and 3 Cyberout domains, all verified to truly exist
through whois, traceroute and other means. All 24 of the domains
listed are directly associated with Sanford Wallace, leader of Cyber
Promotions. Afterwards are listed domains formerly in use which
have now been put on hold, presumably pending abandonment.
If one wishes to bounce any and all e-mail from Cyberpromo back
to them, the following procmail script should come in handy:
:0 H:
* ^received:.*cyber\-bomber
!wallace@cyberpromo.com,root@cyberpromo.com,
postmaster@cyberpromo.com
This alone will take out all mail with "cyber-bomber" in the
received: headers. Here are all Cyberpromo-native domains:
**Cyberout Email Services domains**
anotherdomain.com
cyberout96.com
keepmailing.com
**Cyber Promotions domains**
205.199.212.33
205.199.212.34
206.27.86.210
207.124.161.50
answerme.com
cpmall.com
cyberemag.com
cybermirror1.com
cyberpromo.com
email2you.com
pleaseread.com
realreturn.com
savetrees.com
tosguard.com
validreturn.com
***Cyber Promotions Autoresponder Service domains***
zapback.com
***ISPam Network domains***
ispam.com
ispam.net
spamford.com
spamford.net
Cyberpromo domains which presently appear to be in the process
of being dropped include:
1stamend.com
bu1kemai1.com
bulkads.com
bulkinquiries.com
bulkinternet.com
bulkmagnet.com
bulkpower.com
bulkreadit.com
bulkresponses.com
bulkseeit.com
bulksendit.com
cyber-l-i-1.com
cyber-o-0-o.com
cyber-promo.com
cyber-s-i-q.com
cyber-t-p-l.com
cyberout.com
cyberpr0m0.com
cyberpr0mo.com
cyberprom0.com
emai12u.com
email2u.com
emai1srus.com
emailsrus.com
emaster.com
fight4rights.com
freeconnect.com
gohomeray.com
hereyougo.com
internetfree.com
mailreport.com
massemail.com
massmarket.com
nob1ock.com
noblock.com
nocensorship.com
reedrules.com
sanfordw.com
savepaper.com
sender3.com
senderthree3.com
stoptheblock.com
swallace.com
yougotmail.com
youvegotmail.com
15. What sites are given connectivity by Cyberpromo?
These are all the sites known to use Cyberpromo's servers for
connectivity, presumably through Cyber's ISPam service. Many of
these are sets of domains belonging to the same companies.
1-500-fingers.com
50andup.com
adbenterprises.com
abcguitars.com
abvintel.com
afterhoursmag.com
alwaysaboveaverage.com
amateurknight.com
amateurnude.com
americapro.com
amv-inc.com
amvco.com
androtec.com
ar-web-service.com
asiannude.com
astroluz.com
attorneycrawford.com
audioforum.com
awgroup.com
babchurch.org
banner-year.com
bealeader.com
betterways.net
bhoman.com
big-web.com
bighotdeals.com
biolynx.com
bisopps.com
biz-net-usa.com
bluediamondu.com
bowecay.com
breakthroughproducts.com
breakthruproducts.com
bridge-technologies.com
bvbotanicals.com
c-s-consulting.com
cafegirls.com
carproinc.com
ccsplprod.com
cefali.com
centurycigar.com
cheapcalls.com
cindymccain.com
clanorchids.com
collegezone.com
conestogasupply.com
consolidatedmold.com
contactmarket.com
coolmorning.com
creativemedia.com
creditmds.com
crt-enterprises.com
cyberfamily.net
cybermaxx.com
cyberpromo.net
cybersexbrothel.com
cybersyst.com
d3vdo.com
darnassoc.com
datagoldsystems.com
daveweil.com
daviscomputers.com
delatech.com
desen.com
divcomm.com
domainseller.com
dstrahan.com
e-health.com
earthfriends.com
easywave.com
econ-enterprises.com
electro-mail.com
emutoday.com
eroticsites.com
escorts-on-line.com
escortsrus.com
fastone.com
fastresults.com
fatalblindness.com
feir.com
ffinternet.com
findsuccess.com
first-team.com
flasexnet.com
foamworks.com
fordandassoc.com
forfree.com
fpausa.com
freenudity.com
freepromo.com
gcproductions.com
gemstars.com
genasys-mechanical.com
georgewalther.com
georgewalthers.com
girlsplay.com
godhatesfags.com
goldweb.net
good-earth.com
greentimes.com
growthfunding.com
grphcimgs.com
hbhinc.com
hardcorealley.com
hi-cap.com
hitmasters.com
home-biz.net
hottstuff.com
huxtableassociates.com
imc3.com
infinitelegacies.com
infotextinc.com
islandtradersintl.com
jcpromotions.com
jobshopstaffing.com
jpro.com
jservices.com
justamazing.com
kazuyoshi.com
keygate.net
keyinfonet.com
koolshade.com
kopensky.com
lanphere1.com
laurient.com
libertyteam.com
light-avenue.com
ljsimon.com
locationmanagement.com
lrspublications.com
ltgcomm.com
malenude.com
managementresultsinc.com
mary-world.com
mas-automate.com
matrixcapital.com
meadpub.com
megafone.com
merchantacct.com
merchantquest.com
milfordcommptnrs.com
millenn2000.com
millenniumconsultants.com
mitnet.com
mjcw.com
mlm-support.com
moneyspider.com
nakedmen.com
nasty-snatch.com
nasty-teens.com
nationalguild.com
nbirnbaum.com
neo-quest.com
net-offers.com
netramp.com
newera2001.com
nicers.com
nj-retax.com
nmsystms.com
nudeimages.com
nudephotography.com
nudeporn.com
nudesexpictures.com
nudeteens.com
nudewoman.com
oak-leaf.com
onlinekey.com
oralsexpictures.com
originalbodysugar.com
outgoing.com
pagansex.com
paradigmcap.com
paradigmcompanies.com
paradigmdirect.com
partygirls.com
pedcom-la.com
pegmark.com
penrod1.com
pfsconsulting.com
phantomcom.com
pier37.com
planetroanoke.com
platinumteam.com
pleasurecraft.com
pornographicpictures.com
prininfo.com
probasketball.com
prunj.com
pussypictures.com
pynet.com
quintessentialsinc.com
ratite-mall.com
realmoneynow.com
realtimemedia.com
realtimesystems.com
refcom.com
reichl.com
resumes-on-disk.com
rkn.com
robustcordless.com
roobar.com
rtsweb.com
samalama.com
samenet.com
samintlinc.com
savannahlakesvillage.com
savenergy.com
sdmr.com
seamaxx.com
sexcitychronicles.com
sexnude.com
sexphoto.com
sexy-teens.com
shematech.com
silveradopdx.com
slmslm.com
slutpics.com
smickandsmodoo.com
smokingbabes.com
spencepublishing.com
stoneinc.com
superparty.com
talktel.com
tamsmedia.com
taras-intl.com
tarasys-rdx.com
teakusa.com
tenthhouse.com
thebldg.com
thedatezone.com
theduplicator.com
theglobalmarketer.com
themailpro.com
thephotostudio.com
toptek-tmi.com
tp-associates.com
tpionline.com
tpitravel.net
tpnid.com
travelbyways.com
tweakusa.com
vaginasexpictures.com
vigina.com
virtualslut.com
visionquest.com
viteal.com
vulva.com
wbuilders.com
webdirectusa.com
webevangelist.com
wildcardstudios.com
wilmingtonhomes.com
winnerslink.com
wisefool.com
xxx-mall.com
xxxsc.com
ynterpro.com
youropportunity.com
youroppurtinity.com
16. Who gives connectivity to Cyber Promotions?
Presently the internet service provider giving connectivity to
Cyberpromo is agis.net. Agis is widely regarded to be a rogue
domain, and openly refuses to stop its customers from abusing
the net. A complete listing of the agis-owned netblocks is available at:
http://members.aol.com/macabrus/roguesgallery.html
Note that not all addresses in these netblocks are necessarily agis,
but a growing consensus of news admins believes it has no choice but
to sacrifice them in order to cut off abusive traffic.
Cyberpromo recently claimed it will be adding worldcom as another
provider. Worldcom has since stated that the contract was made in
error and has been revoked. The Vice-President of UUNet
marketing, recently purchased by Worldcom, had this response:
"We will have no dealings with Cyber Promotions, either now or in the
future....We do not condone spam in any way, shape, or form."
17. Who is Hacker X?
Nobody knows. Hacker X isn't even a real name, but a label given by
this author out of necessity to this individual. It is the name affixed
to a hacker who, apparently driven to revenge by months, maybe years
of Cyberpromo's harassing tactics, broke into the Cyberpromo domain on
March 19 and 20, 1997. Hacker X gained access to the shadowed root
password of Wallace (8130pe), downloaded the complete listing of
Cyberpromo customers, and posted them, along with the password and
information on other notorious spammers, to alt.2600, alt.news, and
news.misc. Along with these Hacker X wrote a manifesto explaining
why this course of action was taken. The preamble of this now infamous
posting may be viewed at:
http://members.aol.com/macabrus/hackerx.html
Of course, none of the passwords function any longer.
The breakin of the 19th was to gain access to Cyberpromo's files; the
breakin of the 20th was engineered as a takeover of the Cyberpromo
website. Three different versions of the hacked website materialized
before Cyberpromo was forced to shut it down. While Sanford Wallace
claims to have caught the individual, there is no known evidence
outside of his word that this is so. In fact, there has never been a
public indication what the weakness in Cyberpromo's security was,
which most probably leaves the service as vulnerable to future attack
as it was the first time.
It is most likely these were the efforts of a determined vigilante, acting
alone, to strike back at those who had been harassing him and many
others for a long time. This author not long ago predicted the eventual
existence of such individuals as a byproduct of an outraged internet
community, and that chances would be the public at large would not
condemn their actions, not necessarily because they supported such illegal
activity, but because they do not believe the victim is worthy of their
sympathy. Many postings have indicated their authors would never do such
an act themselves, but to this day this author has met no non-spamming
individual that expressed remorse for Sanford Wallace.
Click HERE To Go Back...
