Jump to content
Sign in to follow this  
stephenandstar

I am Blocked and need help

Recommended Posts

Hey guys,

I have gotten to know you and your company better this afternoon. Interesting. I would love to get some guidance on resolving my blockign problem. I have never been contacted by my ISP about being a source for spamming. I have a print markting company and send large files each week to printers etc.. I was blocked last night. I have been working all day to resolve this. Okay, I'm here and have joined you board.

Anyway, the ISP and my DSL company both are clueless. Would love to get some wisdom on re-activating my email.

Stephen

here is the error:

http://www.spamcop.net/bl.shtml?68.89.190.234

Edited by stephenandstar

Share this post


Link to post
Share on other sites
68.89.190.234 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

Listing History

In the past 62.2 days, it has been listed 2 times for a total of 4.0 days

Other hosts in this "neighborhood" with spam reports

68.89.190.13 68.89.190.38 68.89.190.56 68.89.190.81 68.89.190.104 68.89.190.153 68.89.190.225 68.89.190.242 68.89.191.100 68.89.191.146 68.89.191.182 68.89.191.190

Sounds like you might have a serious problem. Spamtraps are an indication a machine using your IP has been highjacked by a trojan and is sending spam. In addition, several IPs in that neighbourhood also send spam. I would contact your ISP and ask them to help track down the problem.

Share this post


Link to post
Share on other sites

Parsing input: 68.89.190.234

host 68.89.190.234 = adsl-68-89-190-234.dsl.hstntx.swbell.net (cached)

Reporting addresses:

sbc-abuse[at]sbc.com

Can't really tell from this (and am already late for another appointment <g>) ... but, are you using/running your own e-mail server? Have you looked at the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=972 ? Do you run any security tools, do you have a firewall, etc. etc. etc. .... You've got a compromised machine, the question is what with and how to repair it.

Share this post


Link to post
Share on other sites

68.89.190.234 is a dialup/dynamic range, expect to be blocked on many servers.

Why don't you use your providers smtp server to send your mail?

You are in "many lists" and there are many admins that will not accept email from a dynamic IP. It is not a good business choice to run from a dynamic IP.

-------------------------------------------------------------------------------

NJABL Not Just Another Blacklist.: dnsbl.njabl.org -> 127.0.0.3

swbell.net PPPoX DSL Pools -- 1071415970 (Sun Dec 14 16:32:50 2003)

--------------------------------------------------------------------------------

+ NJABLDYNA NJABL list of dynamic ip spaces: dynablock.njabl.org -> 127.0.0.3

Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html

--------------------------------------------------------------------------------

+ BLARSBL Blars Block List: block.blars.org -> 127.1.0.1

--------------------------------------------------------------------------------

+ YAMTASS ..little blacklist of any source IP that connected to our network to deliver spam..: spamsources.yamta.org -> yamta.org.

--------------------------------------------------------------------------------

+ SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.89.190.234

--------------------------------------------------------------------------------

+ SORBSDUL Dynamic IP Address ranges (NOT a Dial Up list!): dul.dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.89.190.234

--------------------------------------------------------------------------------

+ DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

68.89.190.234 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=68.89.190.234

--------------------------------------------------------------------------------

+ DNSBLAUSORBS External Block List - SORBS: sorbs.dnsbl.net.au -> 127.0.0.2

68.89.190.234 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=68.89.190.234

Share this post


Link to post
Share on other sites
Hey guys,

I have gotten to know you and your company better this afternoon. Interesting. I would love to get some guidance on resolving my blockign problem. I have never been contacted by my ISP about being a source for spamming. I have a print markting company and send large files each week to printers etc.. I was blocked last night. I have been working all day to resolve this. Okay, I'm here and have joined you board.

Anyway, the ISP and my DSL company both are clueless. Would love to get some wisdom on re-activating my email.

Stephen

here is the error:

http://www.spamcop.net/bl.shtml?68.89.190.234

We have spam to spamtraps advertising G.e.n.e.r.i.c V i a g r a :-(

There were several instances of this but nothing for just over 2 days so your IP delisted *however* if this is a static IP or nearly static then some machine in your place appears to have been compromised by a virus/worm/trojan. If you have traveling laptops then it's probably one of them and you need to find that machine and get it disinfected.

Share this post


Link to post
Share on other sites

Fortunatley the problem has resolved itself. How scary is that? I will continue to scan for viruses on my machine and get back with you. Thanks for your help. It has been a long day.

Stephen

Share this post


Link to post
Share on other sites
Fortunatley the problem has resolved itself. How scary is that?

Not scary at all. The spamcop blocklist is dynamic. An IP address is automatically listed when there are reports of spam and automatically delisted when the reports stop.

You have gotten some good advice from administrators. Hope you find out where the trojanized machine is because in a short while the problem will be back if you don't. Also check out having a static IP address.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×