Jump to content
Sign in to follow this  
Mostic

why we are blocked?

Recommended Posts

Hello,

We are a web hosting provider company, and we have been notified that our IP was listed in bl.spamcop.net , its "64.124.16.2 listed in bl.spamcop.net (127.0.0.2)"

we made a general chek on our clients and deleted some accounts we doubt they were the reason for the block, please we need your help to be removed from this block list, and we are ready to provide you with all the information you need.

Best Regards

Share this post


Link to post
Share on other sites

http://www.senderbase.org/?searchBy=ipaddr...ing=64.124.16.2

Report on IP address: 64.124.16.2

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ....... 4.4 ..... 1015%

Last 30 days . 4.3 ...... 806%

Average ....... 3.4

Appearances are that you may have waited too long to notice that something bad was going on at this IP, ubnless you can come up with another reason to explain this massive increase in e-mail traffic ..???

Parsing input: 64.124.16.2

host 64.124.16.2 = web.xhosters.com (cached)

Reporting addresses:

abuse[at]above.net

Share this post


Link to post
Share on other sites

Well Wazoo, as I mentined above; we are web hosting provider and we found some clients spamming and thier accounts were deleted, what do you advice me to do in order to be removed from the blak list now?

Share this post


Link to post
Share on other sites

I might have more info to help and I also have a dumb question.

Helpful Info:

You are also listed in SPEWS (and some others):

http://spews.org/html/S2988.html

Some of your other blocks are listed in SPEWS also (and some others):

http://spews.org/ask.cgi?S2988

http://spews.org/ask.cgi?S2238

HTH :P

Now for my dumb question :D

Why would a company located in Jordan host through a company in the US in California?

I know dumb question but I am curious for buisness purposes.

Share this post


Link to post
Share on other sites
Well Wazoo, as I mentined above; we are web hosting provider and we found some clients spamming and thier accounts were deleted, what do you advice me to do in order to be removed from the blak list now?

18054[/snapback]

...Have you tried the pinned item to which I referred you, above? 18051[/snapback]

Share this post


Link to post
Share on other sites
Well Wazoo, as I mentined above; we are web hosting provider and we found some clients spamming and thier accounts were deleted,

That description is quite distant from your first post "general chek on our clients and deleted some accounts we doubt they were the reason" ... so for starters, are you going to pin the increase in e-mail traffic to these specific accounts that originally didn't seem to be important?

what do you advice me to do in order to be removed from the blak list now?

I did note earlier that you were "in" the "Why am I Blocked" FAQ ... yet you provide nothing here about what else could be involved. Are you running an Exchange server for instance? Have you looked at your firewall logs in addition to your e-mail server logs? That FAQ was constructed to try to identify the various means that spam spews forth. If you're not going to provide specific data, why would you expect someone here mystically pull solutions out of an imaginary hat?

Bottom line, you now say you've deleted "some" accounts, but you don't state that the "spew has stopped" .... there's a bit of a difference there.

Share this post


Link to post
Share on other sites

hello turetzsr,

what exactly should i chek in the page?

what I got is this message:

===========================

Query bl.spamcop.net - 64.124.16.2

64.124.16.2 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

Listing History

In the past 29.9 days, it has been listed 6 times for a total of 7.4 days

===============================

its my first time facing such problem, so your patience will be appriciated.

Share this post


Link to post
Share on other sites
what do you advice me to do in order to be removed from the blak list now?

18054[/snapback]

You'll be removed within 48 hours of the last reported incident of spamming from that IP address. If the problem is solved the block will go away automatically. If the problem is not fixed and that IP address continues to send out spam that people report, it will remain listed here and likely get listed in some not so friendly block lists.

Share this post


Link to post
Share on other sites

Before this time we offer and instant hosting account activation but due to this problem there will be a verification for any new account on our server before activation to avoid falling in the problem again,

anyway the spam was completely stoped after deleting some accounts.

Share this post


Link to post
Share on other sites

You must remember for every one Spamcop report tens of thousands go unreported. So less than ten could be 9 which would indicate a very large spam run which also coinsides with the senderbase reports that show a massive rise in mail/spam coming from 64.124.16.2.

I think turetzsr was trying to be nice insted of saying looks like someone is abusing your system and pointing to the FAQ to give you a clue in helping you find the spammer on your system or how to look for system abuse.

You must check all of your logs to find where this traffic is originating from.

Share this post


Link to post
Share on other sites

Thank you very much turetzsr, Wazoo and Chris Parker,

I will go to the faqs and try to trace the source of that spam again ana again to be 100% sure its stopped, and I think some verufucation processes should take place before activating any new account on our server.

thanks again

Share this post


Link to post
Share on other sites
hello turetzsr,
turetzsr is just my user id. Please refer to me as "Steve T' (see my sig). :) <grin>

what exactly should i chek in the page?

<snip>

its my first time facing such problem, so your patience will be appriciated.

18059[/snapback]

...Well, I myself am not a web hosting administrator nor do I have any clue about your particular situation but I believe the following entries from the "Why Am I Blocked?" page might be:
  • For people who are operating servers:
    You can check the status of any server by entering its address at http://www.spamcop.net/bl.shtml. The reason an IP address is listed can also be obtained from that page.
  • You have your firewall configured to allow a compromised machine on your network to spew to the world
    (you do have a firewall in place, don't you?)
  • the SMTP/Auth exploit of an Exchange server is in progress, see these links: [snip links -- you should look at these if you have an Exchange server]
  • Please also see:
    How can I get removed from SpamCop's blocking system?
    John's explanation at John's revised post, for Why Am I Blocked FAQ
    Merlyn's explanation at FAQ Entry: Why is my email blocked?
  • As soon as your ISP stops the spam from being sent, or uses the procedures at SpamCop to point out the reporter's mistake, the IP address is taken off the blocklist (usually within 48 hours for spam; immediately for reporter error). [as already mentioned by Chris Parker, above]
  • Your ISP can find out about SpamCop at http://www.spamcop.net/fom-serve/cache/76.html if he doesn’t already know about SpamCop.
  • SpamCop deputies have access to the full evidence for a listing.

...Good luck! Thank you for taking the time for caring about the spam problem and taking steps to try to remedy the bad things happening in your environment!

Share this post


Link to post
Share on other sites

In addition the SPEWS LISTING above is not very flattering, to paraphrase:

0, 64.124.0.0 - 64.125.255.255, Abovenet/MFNX (May have to add)

---------------------|

spam tolerant hosting.

Have become the one of the worst spam hosting network on the internet.

Abovenet/MFN host dozens of the world's worst spammers.  These spammers

are allowed endless months of "bullet proof" "spam friendly" hosting

before any hint at termination.

Abovenet/MFN will also host criminal spammers who hijack IP addresses,

they too are allowed to stay hosted and spam for months.

eg: <http://www.cidr-report.org/cgi-bin/as-report?as=AS30040>

    <http://groups.google.com/groups?selm=693efbe5.0401130803.49ed826f%40posting.google.com>

Abovenet/MFN will also pass on all complaints to spammers for listwashing

or joe-job retaliation attacks.

Abovenet/MFN will also null route the IP addresses of people who complain

about spammers hosted there.

And in the past month, SPEWS wonders if anyone is even working the abuse

department there.

I very much doubt this are problems that can be fixed so easily and overnight!

Edited by dra007

Share this post


Link to post
Share on other sites

In the thoughts of the benefit of doubt, Above.net is an upstream / bandwidth provider of this poster, so at a minimum, this user is simply caught within a larger IP allocation. At this point, I've not done enough research to say whether or not this hosting provider deserves the listing on its own, so just throwing this out as a bit of FYI ...

Share this post


Link to post
Share on other sites
Before this time we offer and instant hosting account activation but due to this problem there will be a verification for any new account on our server before activation to avoid falling in the problem again,

anyway the  spam was completely stoped after deleting some accounts.

18061[/snapback]

Write to me at the address in my sig line -- include the IP and I can possibly provide some more specific information.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×