Jump to content
Sign in to follow this  
gerr64

ISP blocked

Recommended Posts

I'm hoping this thread will be noticed over at ripplehost, where I posted the link. It's hard to for me to tell how much effort the admin over there has to go through, or is willing to go through to get it resolved. If it is a formmail hack, it seems it would be a easy fix for him though.

Share this post


Link to post
Share on other sites
Thanks.

I haven't a clue what all this means, but I will post this thread on the ripplehost.com forum and see what happens.  Apparently the owner there is either unable or unwilling to solve this.

16721[/snapback]

It looks like some sort of PHP exploit -- or cgi exploit. I see spam received today at a trap. This line is of interest:

Received: from nobody by server1.ripplehost.com with local ...

I have no idea whether your hosting company provides scripts for their users or allows users to install and use whatever scripts that they want to use. Formmail scripts are (or were) frequently abused but I believe there are other vulnerable scripts also.

Share this post


Link to post
Share on other sites

Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

When it was on the BL last week, Spamcop was the only one to list it when I input their IP 69.72.225.234 into

http://www.dnsstuff.com/tools/ip4r.ch?ip=69.72.225.234+

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds:

PTR "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

Share this post


Link to post
Share on other sites
Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds: 

PTR  "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

16994[/snapback]

1. The nature of the beast. SpamCop is very easy to get onto and off! It's realtime and aims to block current spews as quickly as possible, de-listing when the spew stops. Other lists have other criteria for listing and are slower to react; some require a donation to charity to get off, others you can never get off.

2. It's a big problem if you want to mail someone whose admin won't accept mail without rDNS! Statistically, it's probably not such a big problem in practical terms BUT it is RFC-ignorant and should be corrected.

Share this post


Link to post
Share on other sites
Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Don't expect it to last very long! Ripplehost is total crap (remember, you get what you pay for). Here's proof...when you first posted this topic, none of us could access "www.ripplehost.com," which left us scratching our heads a bit. The scratching can stop. It seems that the idiot who runs Ripplehost forgot to renew his domain name in a punctual manner, so it went inactive!

You should run away from that host as fast as you can. Failing that, expect further problems.

DT

Share this post


Link to post
Share on other sites
Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

When it was on the BL last week, Spamcop was the only one to list it when I input their IP 69.72.225.234 into

http://www.dnsstuff.com/tools/ip4r.ch?ip=69.72.225.234+

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds: 

PTR  "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

16994[/snapback]

That IP was blocked but then automatically delisted after 48 hours. There was spam to the spamtraps from that server -- looks like it might have been an insecure proxy/cache or scri_pt on the server.

Every blocklist has different or slightly different criteria for listing - some list for open proxies, some for open relays ... SpamCop lists based on reports of spams from our users and to our spamtraps -- regardless of the reasons for the spam.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×