Chasing the Monkey Boys

Stephen Yagielowicz
I call them “monkey boys” after the line in the cult-classic film, Buckaroo Banzai – but depending upon their actions, you might call them something else. When these actions involve an illegal, fraudulent or otherwise malicious attack on a website, you might call them everything from “hacker” to “cracker” to “script kiddie” – or worse. Regardless, they’re all still monkey boys to me…

The latest monkey boy to catch my attention came from www.usuc.us – a website that is registered to Juan Campanur. I’ll withhold his physical and email address, but it seems that Juan thinks that “U Suck Us” or “U Suck U.S.” is a good place to launch website attacks from, and given the foreign gibberish on his www.sprendimai.net website, might think that he’s beyond my reach; but with an apartment listed in Virginia, that may hardly be the case…

To be fair, perhaps the attack wasn’t caused by Juan, but it certainly came from a domain he (according to NetSol) controls. I say to be fair, because I routinely have monkey boys using my various domains for the return address on their spam, and folks get mad at me for violating their inbox – even though I have nothing to do with it. Still, whether or not Juan is responsible may be open to discussion. Where the attack came from, isn’t.

The attack occurred yesterday when an automated system tried to flood the age verification script (Larry Walters’ BirthDate Verifier™) on one of my sites.

This attack came from an IP controlled by ATMLINK, at 600 W. 7th Street, Suite 360, Los Angeles, Calif. – folks that will be hearing from me. You see, this attack is a criminal offense, both federally and in some states and Larry’s system makes it really clear that fraudulent use of the mechanism violates a number of statutes; what it doesn’t tell you is that access attempts are logged – a log I routinely review.

It was my review of this log that uncovered the attack and disclosed the attacker’s method, the attack’s originating location and the attacker’s IP address – all of which allowed me to obtain the information in this piece. I sent Juan an email at the address listed on his site’s WHOIS record:

Yesterday, Wednesday, December 13, 2006 at 7:36:00 EST, you initiated an attack on our website at Amateurs-Guide.com. This is in violation of Title 28 U.S.C. §1746; in violation of the Electronic Signatures in Global and National Commerce Act (E-Sign Act), 15 U.S.C. §7000, et seq.; and in violation of state and federal anti-hacking laws. This attack, initiated from your computer, located at, using the script at http://usuc.us/j.php, was recorded by our internal security systems and this attack has been reported to the authorities as well as to your Internet service providers.

While this doesn’t amount to much, it at least lets folks know that their bullshit is not going unnoticed and that I’m keeping an eye on their activities. I’ll contact ATMLINK and let Larry know about this, too. I’ll likely forward it to my friends at Justice as well.

At the end of the day, some weenie trying to gain access to my TGP/MGP without properly filling in the AVS form isn’t going to keep me awake at night; and I doubt that I’ll expend any further time or energy on this issue – but it did make for a good story and this post on my blog, which shows the types of issues that working webmasters deal with and some of the ways in which webmasters can respond to these issues – and that’s what Stephen’s World is all about!