Jump to content
Sign in to follow this  
petzl

Need clarification about servers and IP address's?

Recommended Posts

I'm using a provider which has a lot of BOTNET infections

http://www.senderbase.org/lookup/?search_string=168.1.6.11

Are these servers infected and is it safe to send data through them?

http://www.abuseat.org/lookup.cgi?ip=168.1.6.11

This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem".
ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).

Don't look to me like I should use credit card bank details etc?
Yet reply from them is

The reports you are seeing on the senderbase page reflect blacklist reports filed against these IP addresses.

Our server IPs are used by multiple users, and can sometimes be used and implicated in detected (if not actual) malicious usage. This is caused by users sending spam, using bots, etc. and triggering a report to be filed against an IP address.This is an unfortunate byproduct of shared IPs; however, blacklisting is a very common internet occurrence, and is usually not any issue unless you try to use a service that strictly prohibits the use of blacklisted IP address.

In short, what you are seeing is perfectly normal, and is not an issue unless a given site/service is set to block connections based on this blacklist report. Because of the common nature of these blacklistings, these types of blocks are exceptional, as otherwise a great deal of internet activity worldwide would come to a grinding halt.

Which I believe is rubbish I believe any CBL listing is a BOTNET (zombie computer run by criminals) and the server or a ADMIN linked computer to that server is infected!

In the case of BOTNET infections it is the server not the user (yes if spam is sent and port 25 is not blocked the server with that IP can be used to send spam)!
Is this sentiment right or wrong?
THANKS

Edited by petzl

Share this post


Link to post
Share on other sites

Petzl,

I think you are correct, the response from your ISP is bullsh**! Having an IP listed on a block list may be common for an ISP that does not care if their resources are used by spammers. But I have had the same domain/email address sense March 1996 and I have never had an IP listed on any block list. I manage 5 domains and a sub-domain, most with mail service, none of which are on servers that have listed IPs.

Although there are locations were you do not have a choice of more than one ISP, my advice would be to find a new service provider. As a matter of principle, it would bother me to give my money to an ISP that did not police/supported spammers. JMHO.

Share this post


Link to post
Share on other sites

Petzl,

I think you are correct, the response from your ISP is bullsh**! Having an IP listed on a block list may be common for an ISP that does not care if their resources are used by spammers. But I have had the same domain/email address sense March 1996 and I have never had an IP listed on any block list. I manage 5 domains and a sub-domain, most with mail service, none of which are on servers that have listed IPs.

Although there are locations were you do not have a choice of more than one ISP, my advice would be to find a new service provider. As a matter of principle, it would bother me to give my money to an ISP that did not police/supported spammers. JMHO.

Thanks Lking (I've paid $40 for 12 months)

This is a VPN provider I just have to turn the VPN off when I use online banking!

I always check if the IP I'm using, before I do banking, appears clean

Did try to express my concerns

Just got a reply blaming their infected customer computers?

Which may have some relivance trouble is CBL routinely recheck IP.

So when I see same IP's listed for over a week seems improbable to me?

VPN randomly assigns your computer a IP of about 30 just for Australia?

Which AFAIK is rubbish a BOTNET has to have a ADMIN logon/password to server to be installed to work

So sent this reply back

Thanks for your time

Don't explain why my Australian provider TELSTRA *never* have BOTNET infestations?

This is the IP range of my TELSTRA IP I connect to *before* using VPN 101.190.170.121

http://www.senderbase.org/lookup/ip/?search_string=101.190.170.121

TELSTRA is Australia's major ISP

Also checked TELSTRA IP range they send email from 203.35.135.204

http://www.senderbase.org/lookup/?search_string=203.35.135.204

No BOTNET infestations?

I'm now connected to VPN IP 168.1.6.49 which appears clean although showing it presently is sending a lot of email

This can be stopped by blocking outbound port 25 (possibly not an option for VPN)?

Again heavily listed with BOTNETS of various types

http://www.senderbase.org/lookup/ip/?search_string=168.1.6.49

Again just pointing out my only concern is where I are advised that a server is infected with a BOTNET that collects Bank details/credit card/ logons?

Such as this CBL (BOTNET) listed IP 168.1.6.56 server?

http://www.abuseat.org/lookup.cgi?ip=168.1.6.56

This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem".

ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).

Please consider matter closed no point in going in circles.

Thanks for your time and input.

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×