有一些东西是超越人类底线的,是不能容忍的,比如说儿童色情。
  如果你发现了儿童色情网站,请及时举报。

下面我将介绍一下,我举报一个儿童色情网站的经过,希望对大家有所帮助。

发现

discover_1_m

有人在telegram群里发这样的小广告,打开网址确认存在儿童色情,准备开始举报。
  因为这个网站已经下线,所以网站的域名就不打码了。

查询网站服务商

先查一查IP地址与whois

~ ipip $(dig caouu.biz +short)
104.27.171.24 104.27.170.24
104.27.171.24   ["CLOUDFLARE.COM","CLOUDFLARE.COM","","","cloudflare.com"]
104.27.170.24   ["CLOUDFLARE.COM","CLOUDFLARE.COM","","","cloudflare.com"]

~ whois caouu.biz
Domain Name: caouu.biz
Registry Domain ID: D53216896D57F4D3DA620D4BBB262363F-NSR
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: whois.godaddy.com
Updated Date: 2018-06-12T10:50:55Z
Creation Date: 2018-06-07T10:50:55Z
Registry Expiry Date: 2019-06-07T10:50:55Z
Registrar: GoDaddy.com, Inc.
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name:
Registrant Organization:
Registrant Street:
Registrant Street:
Registrant Street:
Registrant City:
Registrant State/Province: Arkansas
Registrant Postal Code:
Registrant Country: US
Registrant Phone:
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID:
Admin Name:
Admin Organization:
Admin Street:
Admin Street:
Admin Street:
Admin City:
Admin State/Province:
Admin Postal Code:
Admin Country:
Admin Phone:
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID:
Tech Name:
Tech Organization:
Tech Street:
Tech Street:
Tech Street:
Tech City:
Tech State/Province:
Tech Postal Code:
Tech Country:
Tech Phone:
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: linda.ns.cloudflare.com
Name Server: cody.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-06-18T12:22:48Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

The above WHOIS results have been redacted to remove potential personal data. The full WHOIS output may be available to individuals and organisations with a legitimate interest in accessing this data not outweighed by the fundamental privacy rights of the data subject. To find out more, or to make a request for access, please visit: RDDSrequest.nic.biz.

NeuStar, Inc., the Registry Operator for .BIZ, has collected this information for the WHOIS database through an ICANN-Accredited Registrar. This information is provided to you for informational purposes only and is designed to assist persons in determining contents of a domain name registration record in the NeuStar registry database. NeuStar makes this information available to you "as is" and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data: (1) to allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; (2) in contravention of any applicable data and privacy protection acts; or (3) to enable high volume, automated, electronic processes that apply to the registry (or its systems). Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or of a substantial portion thereof, is not allowed without NeuStar's prior written permission. NeuStar reserves the right to modify or change these conditions at any time without prior or subsequent notification of any kind. By executing this query, in any manner whatsoever, you agree to abide by these terms.

域名是在godaddy注册的,用了cloudflare的服务。

知道了这些信息,可以进行下一步了。

向CLOUDFLARE举报

打开ABuse Form页面。
  如果不知道地址的话,可以在google内用 abuse report cloudflare 进行搜索,如果是其它服务商,将cloudflare替换成你想找的服务商名字即可。

cloudflare_report_1

类型选 Child pornography ,然后按照要求依次填写就可以了。

full name、email,这是必填的。下面 Title、Company name、Telephone 想填就填,我这次就没填.

Evidence URLsLogs or other evidence of abuse 这两项很关键。

先写的 Logs or other evidence of abuse,大概写了一下发现的过程,直接贴下面吧。

This is a Chinese child pornography site.
There are many child pornography words on index[1], eg. 极品幼女 (The best young girl), 幼女图片 (Young girl picture).
You can find many child pornography thumbs[2] on index, but further visit need a register account.
Register a fake account[3] and log in, you still can't visit detail and further visit need pay money or promotion this site.

[1]: index http://www.caouu.biz/portal.php
http://www.caouu.biz/forum.php?mod=forumdisplay&fid=37

[2]: child pornography thumbs
http://www.caouu.biz/data/attachment/block/15/15a3aab8df0e67ce9479a5d801462336.jpg
http://www.caouu.biz/data/attachment/forum/threadcover/b5/34/496.jpg
http://www.caouu.biz/data/attachment/block/39/3976693420f00f7f2b70dc85563c843f.jpg
http://www.caouu.biz/data/attachment/forum/threadcover/90/3c/143.jpg
http://www.caouu.biz/data/attachment/forum/threadcover/01/3d/138.jpg
http://www.caouu.biz/data/attachment/forum/threadcover/98/72/186.jpg
http://www.caouu.biz/data/attachment/forum/threadcover/9f/c3/133.jpg

[3]: fake account
username: xxxxxxxxxxxxx (masked)
password: xxxxxxxxxxxxxxxx (masked)
register email: [email protected] (masked)

Evidence URLs 就是直接把文中的网址复制上去。

最后勾选 Please forward my report to the website hosting provider. ,然后点击 Submit。

提交之后,你填写的邮箱会立刻收到一封确认邮件。

cloudflare_report_2_m

Cloudflare 处理效率挺高的,没过多久我就收到了第二封邮件,告诉我 Cloudflare 已经接受了我的报告。

cloudflare_report_3_m

向GoDaddy举报

向域名注册商举报,当然是少不了的,如果能 serverHold 的话,那就再好不过的了。

方法和之前的差不多,先在google里找到举报页面,然后按要求填写就行了。

godday_report_1

效果

弄了这么久,最终的效果如何呢?

首先,网站肯定是下线了。

result_1

再仔细检查一下,网站的解析已经打回原站了。

~ ipip $(dig www.caouu.biz +short)
107.148.194.23
107.148.194.23  ["美国","加利福尼亚州","圣何塞","","petaexpress.com"]

不过,解析相对应的主机还在线。

~ nmap -A -v 107.148.194.23
Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-19 08:57 CST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 08:57
Completed NSE at 08:57, 0.00s elapsed
Initiating NSE at 08:57
Completed NSE at 08:57, 0.00s elapsed
Initiating Ping Scan at 08:57
Scanning 107.148.194.23 [2 ports]
Completed Ping Scan at 08:57, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:57
Completed Parallel DNS resolution of 1 host. at 08:57, 2.10s elapsed
Initiating Connect Scan at 08:57
Scanning ecdxt23.mamibaby167.com (107.148.194.23) [1000 ports]
Discovered open port 22/tcp on 107.148.194.23
Discovered open port 8888/tcp on 107.148.194.23
Discovered open port 5555/tcp on 107.148.194.23
Completed Connect Scan at 08:58, 13.73s elapsed (1000 total ports)
Initiating Service scan at 08:58
Scanning 3 services on ecdxt23.mamibaby167.com (107.148.194.23)
Completed Service scan at 08:59, 103.88s elapsed (3 services on 1 host)
NSE: Script scanning 107.148.194.23.
Initiating NSE at 08:59
Completed NSE at 09:02, 156.18s elapsed
Initiating NSE at 09:02
Completed NSE at 09:02, 1.01s elapsed
Nmap scan report for ecdxt23.mamibaby167.com (107.148.194.23)
Host is up (0.20s latency).
Not shown: 977 closed ports
PORT      STATE    SERVICE         VERSION
22/tcp    open     ssh             OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey:
|_  1024 98:8f:03:f4:1d:7a:f5:1d:13:24:d0:8b:ed:7b:51:49 (DSA)
25/tcp    filtered smtp
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
465/tcp   filtered smtps
587/tcp   filtered submission
593/tcp   filtered http-rpc-epmap
901/tcp   filtered samba-swat
1068/tcp  filtered instl_bootc
2222/tcp  filtered EtherNetIP-1
3128/tcp  filtered squid-http
3333/tcp  filtered dec-notes
4444/tcp  filtered krb524
5555/tcp  open     freeciv?
5800/tcp  filtered vnc-http
5900/tcp  filtered vnc
6129/tcp  filtered unknown
6667/tcp  filtered irc
6669/tcp  filtered irc
7000/tcp  filtered afs3-fileserver
8888/tcp  open     http            CherryPy wsgiserver
| http-methods:
|_  Supported Methods: GET HEAD
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: localhost
65000/tcp filtered unknown

NSE: Script Post-scanning.
Initiating NSE at 09:02
Completed NSE at 09:02, 0.00s elapsed
Initiating NSE at 09:02
Completed NSE at 09:02, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 277.59 seconds

可以看出网站80端口已经关闭,网站已经无法访问。
  就是不知道是网站自己主动关闭的,还是主机商关闭的。

结语

如果以后看到了儿童色情网站,请不要手软,该举报就举报。

另外,如果不想举报的话,也不要向这种网站充值或推广。
  像这种网站,一般很快就会被人举报,然后下线。
  你充值的钱自然是白白打水漂了;你花时间推广这种垃圾网站,那更是白白浪费自己与他人的时间。