Teaspring.com is a fraud site!

No Jim, the Danny being mentioned here is "Daniel Ong" one of the owners of Teaspring. Danny/Samurkand, the one you like, is in no way affiliated with any of this.

Seems that this guy (http://63.229.10.116/), or someone who hacked this guy's server, is smearing Daniel Ong and Teaspring for some unknown reason.

- Mike

Forget the web stuff, and just look at rDNS. rDNS on that IP address shows that it's bound to mail.dragonwater.com.

Guys, if you're going to flame the competition in a public forum, don't do it from a machine at work.

--scott

Yes, Scott you are spot on. I specialize in computer security and work as a network administrator, I did some research on my own when the first hub-ub was started and had come across the same three pieces of info that you have (the website, the name, and the competing website) I have had a very hectic week (had to be involved in firing an assistant) and have not had time for corroborating the info or for posting to get the info out there. Your findings do match mine, and I also have some pretty detailed information on Gary which I will not divulge in public no matter how much of a creep he may be.

My only suggestion would be that this thread be deleted or at least a new one started on the issue for further discussion, so that "Teaspring.com is a fraud!" is not the first thing people see when coming to this NG.

- Dominic

OK, I've never bought from them, but I've had very pleasant samples via other RFDTers. So this puts up a Googleably benign heading for future discussions.

-DM

Dom> My only suggestion would be that this thread be deleted or at least a

that ip is the ip address for teatalk.org.

-gary

.

ok guys. don't start trashing my company (dragonwater) just because someone posted through our teatalk.org site. i don't engage in this type of practice.

-gary

.

Gary,

I thought that Teatalk.org ALWAYS appended a "Posted through TeaTalk -

" tagline to posts made there. None of these fflame posts had your tagline.

Mike

.

Hmmm, I posted the above through Teatalk, so it seems the tagline has been removed, at least as of today. Lets look at the header of the above post for similarities to the other posts in question.

Mike

no, people didn't like that. they thought i was laying claim to the group by doing that.

-gary .

OK here is the header from my message that I just posted through Teatalk:

Path: g2news1.google.com!news3.google.com!news.glorb.com!mpls-transit-01.news.qwest.net!207.225.159.1.MISMATCH!feed.news.qwest.net!news.uswest.net.POSTED!not-for-mail Newsgroups: rec.food.drink.tea Subject: Re: Re: Re: Teaspring.com is a fraud site! From: Mike Petro References: Lines: 10 Message-ID: Date: Fri, 31 Mar 2006 15:44:54 GMT NNTP-Posting-Host: 63.229.10.116 X-Trace: news.uswest.net 1143819894 63.229.10.116 (Fri, 31 Mar 2006

09:44:54 CST) NNTP-Posting-Date: Fri, 31 Mar 2006 09:44:54 CST

Now here are the posts in question:

Path: g2news1.google.com!news2.google.com!news4.google.com!newshub.sdsu.edu!logbridge.uoregon.edu!arclight.uoregon.edu!feednews.vanderbilt.edu!feed.news.qwest.net!news.uswest.net.POSTED!not-for-mail Newsgroups: rec.food.drink.tea Subject: Yeah! I got fraud by Teaspring.com too! From: Alan Lines: 5 Message-ID: Date: Mon, 20 Mar 2006 16:53:18 GMT NNTP-Posting-Host: 63.229.10.116 X-Trace: news.uswest.net 1142873598 63.229.10.116 (Mon, 20 Mar 2006

10:53:18 CST) NNTP-Posting-Date: Mon, 20 Mar 2006 10:53:18 CST

So based on this test I have to admit that the FLAME posts could have come from anybody masquerading through Teatalk.org. The posts did NOT have to come from Gary himself, but rather Gary's service appears to have been used and it could have been by anybody as no authentication is required to use the service..

Mike

ARRRGHH! But that is the exact problem here! Gary is the negligent one in this. That is like leaving an anonymous open relay and then not taking responsibility for the millions of Spam emails sent by it. I'm sorry but as a security professional this is one of those things that makes my blood boil with rage.

Enable authentication! Make users register. Problem solved.

- Dominic

In the early days of the Internet band width was limited. One of the original applications Usenet was used by WWW portals to a limited Usenet group. This sound like a legacy gateway but has been superceded by Google Groups. Notice when I post through Google Groups my IP address gets inserted in the NNTP Host address field. Off the shelve NNTP servers don't let you override anything in this field. So it necessarily isn't an administration problem. The Internet can't be administered except for the addressing which is why I need a firewall. Company LAN administration is another issue.

Jim

Dom> > So based on this test I have to admit that the FLAME posts could have

If news.uswest.net can be trusted to report NNTP-Posting-Host properly, it's

mail.dragonwater.com

but (maybe) the article was posted through

teatalk.org

Could it be that DragonWater is a conduit and not the perpetrator?

Friends and fellow tea lovers,

I sincerely believe that Gary is not involved in any way. Gary, I'm sorry that you got dragged into this and for not clearing your name earlier but I had to be sure. This is attack is targeted at me personally and the trolls are NOT customers of TeaSpring. Had it been a genuine complain, I would replied earlier. My personal thanks to all who come to our defense. Your support allows me to look on the positive side of things and please let's not let the real culprit to get any more joy out of this. Daniel Ong TeaSpring.com

I think Gary ran an open Usenet server, and it was abused, the way ALL open Usenet servers eventually are. This is 2006, not 1986, and he should know better.

--scott

Word. 'nuff said. I'm now done posting to this thread.

- Dominic