I got blocked - why?

[Luniz]

Ok, about an hour ago I realized that my emails/IP got blocked.

I got no mail with a report that somebody blocked me (i read sth about it on spamcom.net that i should).

I don't have any viruses. I don't send spam and I'm a good boy. Why?

My IP is 212.30.95.247...

thanks for help..

[Merlyn]

Senderbase says mail from this IP is up 15725% in the last day.

That machine has probably got a trojan or some kind of open proxy or some other malfunction on it but it is surely being used to send spam!

abuse complaints would go to abuse[at]siol.net

Are you abuse[at]siol.net???

[Luniz]

nope, i have nothing to do with anything ˇ[at]siol.netˇ.... i did have an account (it is still mine) but haven't used it in a year and it's not even configured in my Mozilla Thunderbird.

I even don't know how a complaint could go to the abuse[at]siol.net as SiOL and Link are a competition to each other (two completly different ISP)..??

Did my ISP get that report or what? If yes, I will call him in the morning and see what's up...........

[Merlyn]

Using the Spamcop Parser I received this:

Parsing input: 212.30.95.247

host 212.30.95.247 = node.247.lc.link.si. (cached)

[report history]

Routing details for 212.30.95.247

[refresh/show] Cached whois for 212.30.95.247 : abuse[at]siol.net

Using abuse net on abuse[at]siol.net

abuse net siol.net = abuse[at]siol.net

Using best contacts abuse[at]siol.net

[agsteele]

I even don't know how a complaint could go to the abuse[at]siol.net as SiOL and Link are a competition to each other (two completly different ISP)..??

Did my ISP get that report or what? If yes, I will call him in the morning and see what's up...........

24101[/snapback]

It might help to explain how your mail system is configured and working. That might give some extra assistance in diagnosing what is going on for you.

Just explain which programs you are using and which servers (and if possible IP addresses) you are using to send your Email.

Andrew

[Luniz]

It might help to explain how your mail system is configured and working. That might give some extra assistance in diagnosing what is going on for you.

Just explain which programs you are using and which servers (and if possible IP addresses) you are using to send your Email.

Andrew

I'm using Mozilla Thunderbird. I have two accounts there

1) XXX[at]link.si

server name: pop3.link.si

2) XXX[at]gimb.org

server name: gw.gimb.org

Both use the same SMTP - smtp.link.si

About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP)

is this any help?

[agsteele]

Both use the same SMTP - smtp.link.si

About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP)

24107[/snapback]

OK, it does help in so far as the source of your block seems to become a bit more clear.

smtp.link.si is 212.30.95.20

There appears to be no particular issue with that IP so that rukes out a listing upstream from you. You have observed that your local IP is 212.30.95.247 and, as Merlyn has noted, that IP is generating excessive amounts of Email - probably infected by a Trojan. This IP is still generating massive amounts of outgoing Email.

Your IP has been listed in a number of blocklists and is noted as having sent spam to spam traps. The SpamCop bl is still showing you listed for this reason.

You need to disconnect your PCs from the Internet, investigate which (if you have more than one) are infected with a trojan and fix that machine. Then update your security settings to tackle this issue.

Thanks for being willing and interested in resolving the problem.

Andrew

[Derek T]

About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP)

is this any help?

24107[/snapback]

If that is your static IP connected to a DSL line, then the spammers have more control of your computer than you do. What OS are you running? Firewall? antivirus? spybot-control?

[Luniz]

If that is your static IP connected to a DSL line, then the spammers have more control of your computer than you do. What OS are you running? Firewall? antivirus? spybot-control?

Yes, that satic ip is connected to a Cable line.

There are two computers on this IP connected to the web over a router.

Both are using WinXp.

Mine has: NOD32, AVG 7.0, Microsoft AntiSpyware, and Ad-Aware.

The other one has only the Norton Antivirus (I'd have to check tough).

The firewall on router is on.

damn it, this sucks

[agsteele]

damn it, this sucks 

24119[/snapback]

Yes, it certainly does. You might find it is just one of the machines that has the problem.

My suggestion - since you don't mention it - is to install ZoneAlarm on both machines.

That should immediately block all outbound traffic asking for permission for any programs that want to access the wider area network.

You should then be able to identify which machine has the trojan running.

Andrew

[Luniz]

I've just installed ZoneAlarm on my computer and will install it on the other sometime today.

Thanks for all the help.

Sergej

[Luniz]

ok..i had to uninstall Zone Alarm is it somehow killed my keyboard (when I turned it on, the keyboard wouldn't write in IE but just used letters as shortcuts :S)

if i check my ip on Spamcop.net, i get that it is not listed anymore...

tough if i try to send mail with Thunderbird, it says (after about 2min of trying to send it) that the server may be unavailable or refusing SMTP connections and that I should ckech if my settings are ok (which weren't changed..)

any idea?

[Luniz]

ok..it works..but i had to turn the router firewall off (not all, just SMTP) otherwise it wouldn't let me send out anything..

[Derek T]

ok..it works..but i had to turn the router firewall off (not all, just SMTP) otherwise it wouldn't let me send out anything..

24127[/snapback]

This might be useful to you.

https://grc.com/x/ne.dll?bh0bkyd2

will scan your IP for open ports etc.

[Derek T]

ok..i had to uninstall Zone Alarm is it somehow killed my keyboard (when I turned it on, the keyboard wouldn't write in IE but just used letters as shortcuts :S)

any idea?

24126[/snapback]

1. I had problems with zone alarm blocking internal LAN traffic, settled for Sygate Personal Firewall (also free) in the end.

2. I'm surprised that a Thunderbird user is still using IE! Why not Firefox?

3. Is it possible that it is your router itself (rather than a PC on your LAN) that is hacked? Mine came out of the box showing an HTTP port (among others!) to the world and with the default username/password enabled. Anyone downloading the manual could have changed any or all of my settings remotely! Is yours wireless?