Need help? Check out our Support site, then


WordPress.com Forums » Support

Whois and how to decipher the info

  1. gottabkd
    Member

    Hi There,
    I was hoping for a lesson in reading a Whois entry. As you are aware, when comments and spam get onto ones blog, they are listed with email, IP and url if they have one. There is aslo a link to Whois.
    Problem is that most of us have no clue as to what the information means, except the obvious (name, IP's etc) and thus cannot decipher for ourselves if it is truly SPAM or not.

    Example: What appears to be a legit comment was left at my site and the whois says this:
    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL

    ReferralServer: whois://whois.ripe.net:43

    NetRange: 212.0.0.0 - 212.255.255.255
    CIDR: 212.0.0.0/8
    NetName: RIPE-NCC-212
    NetHandle: NET-212-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: NS3.NIC.FR
    NameServer: SUNIC.SUNET.SE
    NameServer: NS-EXT.ISC.ORG
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: TINNIE.ARIN.NET
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at http://www.ripe.net/whois
    RegDate: 1997-11-14
    Updated: 2005-08-03

    # ARIN WHOIS database, last updated 2007-11-20 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Now because this shows multiple listings of IP addresses, I would normally mark it as SPAM and then delete it.... but how does one know for sure that is the right thing to do?

    Could you give us some feedback as to how to decipher the WHOIS info please.
    Any help is appreciated.
    Thanks
    gottabkd.wordpress.com

  2. kimik0
    Member

    Read the man page.

  3. thesacredpath
    Member

    This might help some: http://www.lookup-ip.com/main/02/ .

    With the nameservers, you can take part of the address typically and put it into your browser address bar and find out more. Example: take ripe.net from the first nameserver and add it to http:// and you will be taken to their webpage where you can do some more investigation.

  4. gottabkd
    Member

    Thank you thesacredpath... useful to know.

    @kimik0 .... the main page of what? Is that the same as http://www.lookup-ip.com/main/02/

    Thanks all ;)

  5. mark
    Staff

    Here's how I dmca'd a splogger stealing my stuff.

    The site was i d e a h u s t l e .com
    (No link because it's a total theiving splog site)

    Got to http://dnsstuff.com
    There is a WHOIS box on that site
    Enter the domain name.

    The result shows a small amount of information but says the rest is at GoDaddy.
    Use the link and you get to this page.

    That lists the person's name, address, email.

    It lists the domain registrar. In this case GoDaddy said they could do nothing as they did not host the site. Didn't hurt to ask though.
    It also lists the nameservers:

    Domain servers in listed order:
    NS1.LIQUIDXHOST.COM
    NS2.LIQUIDXHOST.COM

    So going to http;//liquidhost.com found a real website and a real address for abuse reports.
    So that's where the dmca went. They actually shut his site down but then he removed the offending content and replaced it with new offending content. Make of that host what you want.

    So if they have not hidden their information then you do have some way to try and have a go back. If they have privacy controls it's slightly more complex because you have to find out where the domain is being hosted and attack it that way.

    (The splogger said on my blog that he had no idea what splogging was, that it was not his site, he would not do it again and more BS. He continues to steal.)

    So you are not limited to just the RIPE information - go poke around http://dnsstuff.com

  6. mark
    Staff

    Another example.

    Well known splog: universityupdate.com (Yes, those comments ARE spam)

    It's registered at Network Solutions and this is the results page.
    It gives you a name but nothing else.
    But it does give the nameservers: ns1.loosefoot.com
    Going to http://loosefoot.com gets nothing
    Googling that domain leads to http://lfchosting.com
    And going there is a Policies link.
    Seems like the place to send a complaint......

  7. mark
    Staff

    And how to do a complaint? Judy shows how

  8. gottabkd
    Member

    Wow great and thank you very much for the lesson Mark.
    Bookmarked forver ;)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags