Admin Note: The Internet’s Finest *Updated*

As I usually do when I first log on for the day, I do a quick review of who has visited my site. This morning I found something that’s not particularly unusual: an attempt to bork the blog. It’s pretty easy to notice. Anytime I see some connection like the one I saw today, I know someone’s being a pathetic ass. Here’s what I saw:

http://blog.rebang.com/index.php?p=http://dsoulzin.net/dsoul/tool?

The equal sign is a dead giveaway. And it doesn’t help when the last word is something like “tool”.

So the obvious thing to do is go to http://dsoulzin.net/dsoul/tool?, after all most of these things come from free websites (especially those provided by Tripod overseas) and this is a real domain. What do I find? An option to download the file called “tool”. Interesting. You can look at it yourself if you want. If you open it with a text editor you’ll see key words in the file like “defacer”. Kinda obvious what that means.

Now I’m curious about the site. What is http://dsoulzin.net? I take a visit. “This Account Has Been Suspended“. Okay. But that doesn’t mean the files have been wiped. So someone is still accessing the defacer file. Who’s site is this and where is it registered? Well, turns out it was registered in Australia earlier this month by MelbourneIT. And a quick check to see who registered the site comes back with this person:

Wayne Tanski
P O Box 99800
EmeryVille CA 94662
USA
+1.5105952002

Hello, Wayne? Now why would someone in California register with a host in Australia? Is this person really in California? Is that his real name? Who is this guy? I do a simple public search. There’s only four hits in the entire U.S. and it turns out they’re all in New England and apparently they’re all the same person (aged 49). Hmmm. That doesn’t sound right. Let’s check that phone number. What’s the area code 510 come back as? Sure enough, it’s in California. That means the public search wasn’t good enough or there’s no person in California to start with. I could do a more exhaustive people search, but another simple thing to try is classmates.com to see if anyone with that name went to school in California. Nope. Only one Wayne Tanski listed – the guy in New England. And I’ve come across a Wayne Tanski in Florida (co-owner of a pet shop), so this isn’t going to be resolved unless I find a better free people search engine or pay for a better search. Not interested. Maybe I’ll just make a call and introduce myself. Naw. I have a feeling this is an account set up with a stolen credit card or something. So I’ve done a quick google of dsoulzin. Looks like whoever is behind this does this on a regular basis; a talented programmer wasting his/her time writing (of all things) a defacer tool. The internet’s finest.

{Update – This is interesting. Since I originally posted this, another attempt has been made. Deciding to just report this to MelbourneIT, I discovered that they have a U.S. office. Guess where. Emeryville, California. Looks like they just stick in their own address to keep the individual’s contact location and phone number private. And if somebody used a stolen credit card number to open an account, then chooses to have a “private” listing, there’s less chance of being discovered. Of course the people at MelbourneIT aren’t going to care unless the card is used, goes through, and then payment retracted. Then at that point the site gets “suspended” but the tool remains while the suspension is in place. Imagine if instead of trying to find loopholes in the System, these people actually did something constructive.}

{Update2: – Appears that I have another interesting visitor from squaringcircles.com, which – if you go to the site – requires a separate login. What makes this interesting? The registration for squaringcircles.com is the same as for dsoulzin.net but with a new name: Yves Lepeltier. It’s also recent: 22 Nov. Why do I get the feeling a couple of credit cards with these two names were lost recently.}

{Update3: – I was curious. So I called that number. An automatic voicemail answered saying that the registrant was protected by MyPrivateRegistration.com (only there is nothing that comes up when you go to that URL). It does however give a URL where one can log in to forward a message: http://www.melbourneit.com.au/cc/contactmanagement . Go there and it takes you right back to the home page! Why is this beginning to feel like an elaborate webhosting service created by hackers? Maybe the bad press surrounding this surprisingly large company isn’t something about which we should be surprised.}

{Update 4: – Appears I’m not the only one who’s curious about Wayne Tanski. Via another blog which used Sam Spade to do a lookup on a different site there’s some additional information. Here’s the result: Link.

Domain Name………. receita-fazenda.com
Creation Date…….. 2005-12-12
Registration Date…. 2005-12-12
Expiry Date………. 2006-12-12
Organisation Name…. Wayne Tanski
Organisation Address. 1135 Rear Grove
Organisation Address. St Avoca
Organisation Address. 18641
Organisation Address. PA
Organisation Address. UNITED STATES
Admin Name……….. Wayne Tanski
Admin Address…….. 1135 Rear Grove
Admin Address…….. St Avoca
Admin Address…….. 18641
Admin Address…….. PA
Admin Address…….. UNITED STATES
Admin Email………. dsoulzin@hotmail.com

Could Wayne be an unregistered person living in Pennsylvania? Hmmm. I’ll be driving through PA in a couple of days. I wonder how close I’ll be to that address so I can see if it’s real or a mail drop?}