Help tracking down abuser

Hi guys,

Partially this question is who you think I should report this to, and if it will make any difference.

But the larger question is if anyone has any ideas of how I can catch this abuser.

I also have an extra incentive/challenge for you here,  if anyone is actually able to help me find the specific competitor/person doing this I'm offering $100 USD bonus incentive, I'll send it to you via PayPal, no joke.

Ok here is the situation...

I recently started small PC repair company in Florida (real small, so far it's just me  ;)

Anyway, to try to advertise my business I've been posting some Craigslist ads.  I live in-between West Palm Beach and Fort Lauderdale, two major cities who are both included in Craigslist.

I don't spam or anything even close to that. The category I post an ad in is the "Computer Services" section, exactly where I should be advertising.

Any time I post an ad in Fort Lauderdale, it quickly gets flagged/removed (same day).  Yet none of my similar ads in West Palm Beach ever get flagged. Plus there is nothing spammy or offensive in my ads that would cause anyone to want to flag them.

At first I though maybe it was because I was advertising in both cities, which is considered cross-posting and is against Craigslist TOS.  (still, if that was the case, why was it never in reverse and an ad in West Palm Beach getting flagged/removed?)

But anyway, to make a long story short, I ran various tests on the Fort Lauderdale Craigslist (including using text only ads that don't have a link to my web site nor my phone number or any identifiable information that would relate me to an ad posted in West Palm beach Craigslist).  

No matter what, my ad would get flagged/removed. So it seemed someone was purposely targeting Fort Lauderdale ads and flagging them for removal.

I finally became curious... how many people are viewing my ad before it gets flagged?  I also wanted to know a bit more and the visitor to my ad, such as their IP address if possible...

So, I set up a new test.  I used an image in my ad (a picture of a computer for example), that I hosted locally on one of my web servers in a special directory and using a unique name just for that ad, so I can track it.

Since the image is hosted on my server,  when someone views the Craigslist ad, as their web browser is downloading my image,  their hit is now in my web server logs  :)

Oh and also, to rule out the possibility of perhaps my account being flagged by Craigslist for some reason, I used a friend's new Craigslist account to post the ad.

So in short:  I used a new Craigslist account to post an ad in the Fort Lauderdale Craigslist "Computer Services offered" section....  the ad was only text and the one picture of a computer.  I did not link to my web site, nor put my email address or phone number or anything identifiable.

I just kept the basic info the same using different wording (that I provide Wireless Network setup, Virus/Spyware removal). My feeling is whoever is doing this provides those exact same services and is targeting anyone offering that.

The results?  The ad got flagged/removed within a couple of hours of posting it.

I ran the test again using a different friend's account.  Same thing.

Now, this entire time throughout the tests I've been watching the IP addresses that hit my image (i.e - who view my Craigslist ad)...

The hits that seem legitimate had a natural traffic pattern, their IP address was local to South Florida (ie. comcast, or bellsouth, etc.), and they generally only loaded my ad page once.


The IPs that first caught my attention where the ones that were loading my page several times (5-15 minutes apart).  In one test ad,  there was only ONE IP address that ever accessed that ad, it reloaded my ad 4 times in one hour, and just after that I received the dreaded Craigslist email informing me that my ad was flagged/removed. No one else but that IP even viewed my ad so obviously the flagger was coming from that specific IP address.

I did a traceroute to the IP and it resolved to Chicago, which I found odd since this is a Florida Craigslist section.  When I continued to see Chicago based IPs in other tests I did an IP WHOIS on the IPs and they all were owned by:

fdcservers.net

fdcservers.net is a hosting company that appears to offer dedicated servers, co-location, etc.  So this isn't a normal ISP user browsing to my ad.  Someone who has a server on the fdcservers.net network is flagging my ads and getting them removed.

2 of the IPs that I deemed as the troublemaker IPs are:

67.159.47.203
74.63.75.227


I "investigated" those IPs a little (nessus..cough cough) and among some other info (they are linux servers running cPanel/WHM) their hostnames are:

fdc4.freeproxies.org and fdc20.freeproxies.org

so unfortunately, it appears that someone is using proxy servers that are being hosted by freeproxies.org to flag/remove my ads.  I'm not sure if they are doing this manually or using a script/bot of some kind.

Now that being said. unless anyone has any ideas, I assume the general consensus is that I'll never be able to find out who is really behind those hits, which is unfortunate. I wish I can somehow sniff out who this competitor is.

Does anyone have any tricks up their sleeve that may enable me to find out who is behind this?

Anything you can think of that I can put in my Craigslist ad (I'm sure no javascript is allowed) that can somehow give me more info on the visitor?  I'm guessing 'no' since they are using this proxy/anonymizing service, but I don't know too much about proxy services and if they can be circumvented to reveal the real IP of the user.


For me the most important thing is above, finding out which competitor is stooping to this level.

But also, the other part of my question is...  should I report this? Will it do any good?   If I report it to Craigslist, what can they do about it?  I'm sure they will never block proxied or anonymized visits. Yet maybe their flagging procedure is too easy to abuse.  On a new craigslist account that has never had an ad flagged, it seems it takes more effort to take down the ad, for example this test ad I'm running tonight, I'm sure I will get an email later about it having been flagged/removed, but clearly there is NO legitimate traffic hitting my add, all these IPs are from freeproxies.org and these are the only hits to my ad so far:

67.159.51.154 - - [21/May/2008:18:48:27 -0400] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.47.203 - - [21/May/2008:18:27:52 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.47.203 - - [21/May/2008:18:41:46 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.47.202 - - [21/May/2008:18:57:27 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.47.203 - - [21/May/2008:19:13:22 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.47.203 - - [21/May/2008:19:45:11 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.159.51.154 - - [21/May/2008:19:55:03 -0500] "GET /special/computer_4.jpg HTTP/1.0" 200 6071 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

However in one of my earlier tests, it took only 3 hits (and all for the same IP) to get my ad taken down (see attached image)


Should I complain to freeproxies.org?  If they do log anything they would be the only ones who can match up the timestamp and IP address with the real IP visitor.

Should I complain to fdcservers.net?  I'm guessing they already get a lot of complaints regarding people abusing things through freeproxies.org, yet I'm sure they aren't motivated to do anything about it. Just guessing from the highest hostname I've located so far (fdc20.freeproxies.org) whoever runs freeproxies.org must have a lot of servers with fdcservers.net, so probably they are worth the trouble to them.


Any comments or feedback is appreciated.  Of course I'm going to start monitoring the ads that don't get flagged and try to find a pattern to make a best guess about which local competitors may be behind this but without knowing for sure there's not much I can do.

I appreciate any comments or suggestions or ideas/tricks that I can try to get this person's real IP address or email address.


Thanks
Start Free Trial