IP address in the BL

[Wazoo]

From some PM traffic;

I have a ligitimate gripe. I never send a spam, my mail account is out of use. I can not send emails, You caused this, not me !!!!

What You personally find is Your problem. I did not want to be a member of Your site or forum, YOU HAVE BLOCKED MY ACCOUNT AND NOT I YOURS, UNDERSTOOD ?!?

I know if there is a problem with power misuse in USA and public critic will be everything moved into non-public folder or to Quantanamo.

:angry:  :angry:  :angry:

If you have a legitimate gripe, the Lounge is available.  I personally find it odd that you would make these inflammatory and rediculous posts ... and "then" decide to go look at the SpamCop FAQ ....

Your account has received a Warning flag, posting capabilities have been changed to require "Moderation" ... basically stating that no one else will see them unless/until a Moderator "approves" those posts.  Your two posts seen as spam have been moved to another non-public folder ... the post made that consisted of only the quoted content of a previous post was moved there also (alternative was to simply delete it, but this isn't normally done on this Forum)

And of course the standard blurb that should have been "discovered" while the user was looking through the SpamCop FAQ here .... SpamCop can block nothing.

The best data I can dig up from so little information;

http://www.spamcop.net/w3m?action=checkblo...p=213.47.132.46

213.47.132.46 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 11 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Looking for potential administrative email addresses for 213.47.132.46:

cannot find an mx for chello213047132046.31.11.vie.surfer.at

cannot find an mx for 31.11.vie.surfer.at

213.46.255.2 is an mx ( 10 ) for 11.vie.surfer.at

postmaster[at]11.vie.surfer.at bounces (11 sent : 11 bounces)

cannot find an mx for vie.surfer.at

213.46.255.2 is an mx ( 10 ) for surfer.at

postmaster[at]surfer.at bounces (11 sent : 11 bounces)

Listing History

In the past 262.7 days, it has been listed 2 times for a total of 5.4 days

Other hosts in this "neighborhood" with spam reports

213.47.131.200 213.47.131.203 213.47.133.17

http://www.senderbase.org/?searchBy=ipaddr...g=213.47.132.46

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 4.3 .. 3294%

Last 30 days ... 3.2 ... 233%

Average ......... 2.7

(sure looks like a compromised system involved, unless there's some other explanation for this increase in traffic)

Real-time blacklists

list.dsbl.org Boycotted - http://dsbl.org/listing?213.47.132.46

bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=213.47.132.46

dynablock.njabl.org Dynamic IP - http://www.njabl.org/cgi-bin/lookup.cgi?query=213.47.132.46

Looks again that the SpamCop.net issue was just the early warning sign, expect to see this IP address on other BLs shortly.

PM sent to advise of this posting.

[Merlyn]

I doubt he will show up here

[Derek T]

First mail seen on 15th this month, on three real-time lists, dynamic space. This looks like a zombied machine on a broadband connection. He says 'I do not send spam' - if that's what he thinks he is mistaken, he's sending gigabytes of it.

[Derek T]

I doubt he will show up here 

41476[/snapback]

With a bit of luck his provider will cut him off soon and give us all a break. But as it's chello I'm not holding my breath.

[eke]

Hi, Wazoo,

You are not right or Your information is incorrect. Can You answer me following questions ?

1/ I am a cable modem user of UPC Austria. Do You know the hierarchy system of UPC and its internet connection ? I am part of one cell. In my case it is following cell:

213.047.132.1 and my "member number" is: 46, then I have IP address:

213.47.132.46, it means: I am 46th user in this cell.

If someone in our "cell" misuse this cell and makes an use under my IP, why do You think it´s me and abuse me ? You should close the entire cell, not one member only. Maybe then would our ISP be active against spam. I am without power against spam, I do not send it, I get it, mostly from USA.

2/ I tried to make the end of this problem on DBSL with following result:

DSBL: Send Removal Confirmation

Confirmation email refused. Please fix your server to accept removal request mail. DO NOT email us asking us to email to another address or to help you fix your server; we will not do either.

Result:

Message Report:

Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)

Of course, You blocked my SMTP port, therefor no reaction or SMTP connection!!!!!

3/In the past 262.7 days, it has been listed 2 times for a total of 5.4 days,

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 11 hours.

NOTHING was done and no automatically delisting was done. I reported some spam directly to Your site and in the meantime I was not present in Internet and my PC was shut down. How could I send spams ?!?!?!?

4/ Richard W. wrote: Once the spam stops, the IP will delist.

When ???? What does he understand under: ONCE THE spam STOPS ...

Within 1 month or one year or /or the period will be set through the god or USA

administrator/ ?

5/ my email SMTP is still blocked since 5 days ??? WHY ? Is there any activity to see ? Or You want to see it, because You want to see it? This is, what I mean under power misuse!!!

Eke

[Wazoo]

While I was doing research (again, having to guess at things, as no data was provided) and taking a break from shoveling snow, I see that in another set of posts (once again, in another Forum section, under an existing Topic/Discussion about a ComCast issue ..???) the follwing is copied here .... Deputies had also been contacted, RW responded, also pointing out the viral / infection scenario ..

Hi, Richard,

I feel the same, but You do the same, too. I am blocked although I did nothing,

I think true background is : MONEYMAKING WITH POWER MISUSE through Your "organization". It looks like mafia working methods:pay pay pay and pay !!!

If I do not that, You will shut me down !! For example: You close and block my email traffic !! Typical USA methods! USA sends the most spams and You attack me and Europe, typical USA methods again. I did not ask for Your "service" !!!

When will You deblock my email account ? This year or never ?

Eke

The IP is listed because it is sending spam to our traps. It appears a

computer that sends/smarthosts through that IP is infected with a

mass-mailer trojan/malware/spyware. All computers behind that IP should

be checked with a spyware removal tool. Once the spam stops, the IP

will delist.

See:http://www.spamcop.net/fom-serve/cache/405.html

Received: from chello213047132046.31.11.vie.surfer.at ([213.47.132.46])

by <our trap server removed>; 19 Mar 2006 08:1x:x1 -0800

Received: from [213.47.136.210] (port=2997 helo=ngkdi)

by chello213047132046.31.11.vie.surfer.at with esmtp

id 1FL0XP-0007Wn-4e

for x; Sun, 19 Mar 2006 17:1x:x1 +0100

Message-ID: <0030______________________2fd5[at]ngkdi>

From: "Margie Poe" <gwclktpwqc[at]ab7.net>

To: <x>

Subject: recreate

Date: Sun, 19 Mar 2006 17:0x:x6 +0100

Richard

Please include all previous correspondence with replies

-------

eke wrote:

> Server: 'mgate.chello.at', Protokoll: SMTP, Serverantwort: '551 Mail from your IP address is currently blocked based on RBL listing', Port: 25, Secure (SSL): Nein, Serverfehler: 551, Fehlernummer: 0x800CCC79

> Why is my IP address blocked ? I do not send any spams, I am not from USA !!!

> With what right and reason do You block my IP address ?

Not copied over is yet another posting, once again accussing "me" of getting rich by blocking his/her e-mail ....

[Wazoo]

You are not right or Your information is incorrect. Can You answer me following questions ?

I can only work with data available .... the only info I had was your posting IP, which normally wouldn't be your e-mail server .. however, as it turned out to be listed, I pulled up some more data and provided that.

1/ I am a cable modem user of UPC Austria. Do You know the hierarchy system of UPC and its internet connection ? I am part of one cell. In my case it is following cell:

213.047.132.1 and my "member number" is: 46, then I have IP address:

213.47.132.46, it means: I am 46th user in this cell.

If someone in our "cell" misuse this cell and makes an use under my IP, why do You think it´s me and abuse me ? You should close the entire cell, not one member only. Maybe then would our ISP be active against spam. I am without power against spam, I do not send it, I get it, mostly from USA.

There are others here that live on your continent. Once again, all I can work with is what's seen .. started with an IP address, ended with an IP address ... and SenderBase is showing a 3,000%+ increase in traffic from that IP address in the last 24 hours. That to me is pretty much the end of the story, and apparently backed up by Richard's analysis of the e-mail that hit the spamtraps.

2/ I tried to make the end of this problem on DBSL with following result:

DSBL: Send Removal Confirmation

Confirmation email refused. Please fix your server to accept removal request mail. DO NOT email us asking us to email to another address or to help you fix your server; we will not do either.

Result:

Message Report:

    Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)

As in the data you sent to Richard (copied in a previous post) I don't follow how this ties to SpamCop.net yet.

Of course, You blocked my SMTP port, therefor no reaction or SMTP connection!!!!!

Not a clue as to how / where you picked up this bit of silly stuff. The SpamCopDNSBL is nothhing but a list of IP addresses. Other ISPs use that list in trying to control their incoming spam spew. SpamCop.net itself recommends against using it in a "blocking" mode. Bottom line, it's the receiving ISP that is blocking anything. Do you actually run an e-mail server on a computer at this IP address?

3/In the past 262.7 days, it has been listed 2 times for a total of 5.4 days,

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 11 hours.

NOTHING was done and no automatically delisting was done. I reported some spam directly to Your site and in the meantime I was not present in Internet and my PC was shut down. How could I send spams ?!?!?!?

4/ Richard W. wrote: Once the spam stops, the IP will delist.

When ???? What does he understand under: ONCE THE spam STOPS ...

Within 1 month or one year or /or the period will be set through the god or USA

administrator/ ?

Follow the links to the SpamCop FAQ here, the "Why am I Blocked?" FAQ entry .. eventually you will end up on a "What is on the SpamCop BL" entry, which offers up the process of listing / delisting, even offering up a bit of a mathmatecal equation to sort through.

5/ my email SMTP is still blocked since 5 days ??? WHY ? Is there any activity to see ? Or You want to see it, because You want to see it? This is, what I mean under power misuse!!!

41479[/snapback]

I'm not following your argument at all, especially when you are accussing "me" of doing anything to your e-mail. SpamCop.net blocks nothing. If this IP address does in fact tie directly to your computer, then I'd suggest you follow the clues thus far offered and figure out what it's infected with.

[Derek T]

  Do you actually run an e-mail server on a computer at this IP address?

41482[/snapback]

My guess is that he is doing so, and doesn't know it! Classic zombie, on the evidence. If he had a brain he'd be dangerous.

Nothing is listening on Port 23 of that IP anyway.

[dbiel]

1/ I am a cable modem user of UPC Austria. Do You know the hierarchy system of UPC and its internet connection ? I am part of one cell. In my case it is following cell:

213.047.132.1 and my "member number" is: 46, then I have IP address:

213.47.132.46, it means: I am 46th user in this cell.

If someone in our "cell" misuse this cell and makes an use under my IP, why do You think it´s me and abuse me ? You should close the entire cell, not one member only. Maybe then would our ISP be active against spam. I am without power against spam, I do not send it, I get it, mostly from USA.

Actually it seems that you are the one that still does not understand exactly what is happening. Your "cell" IP address 213.047.132.1 is not on the blocking list. Only your personal "member number" IP address 213.047.132.46 appears on the blocking list. The reason it is there is because spam is coming from it. Your are NOT personally sending it, your computer is doing it all by itself because someone has been able to take control of it. This could have happen a number of different ways but the most likely source was an infected email that you opened and it began taking over your computer.

We are sorry that this site is only in English as it appears that English is not your primary language. For me and many of the other users here, English is our only language. We are willing to try to help you, but you have to accept that the problem is inside your computer and that is what needs to be fixed first and unfortunately only you have direct access to it. You may need to get professional help to fix your computer, but it needs to be fixed and soon.

[eke]

Hi,

super, super, do really think I am an idiot ?

SpamCop can block nothing and why do I get a following message?

Konto: 'pop.chello.at', Server: 'smtp.chello.at', Protokoll: SMTP, Serverantwort: '551 Mail from your IP address is currently blocked based on RBL listing', Port: 25, Secure (SSL): Nein, Serverfehler: 551, Fehlernummer: 0x800CCC79

Who is the author and authority for this RBL ??? Not Spamcop.net ?? The God ?

Are You pulling my leg ????

Now I tell suggest following to You :

I will close my PC for the period of at least 15 hours. /no power, no traffic, no activity/. What will You say then, if any traffic and/or activity will be reported ??

Maybe: We know you are there and when not, then you are there and if we are wrong, you are there etc.

Eke

[eke]

Hi, Derek,

mission impossible. :angry:

With a bit of luck his provider will cut him off soon and give us all a break. But as it's chello I'm not holding my breath. 

41478[/snapback]

[dbiel]

Hi,

super, super, do really think I am an idiot ?

SpamCop can block nothing and why do I get a following message?

41491[/snapback]

No we do not think you are an idiot, just someone that does not yet understand how SpamCop and Blocking lists in general work.

SpamCop provides a list of IP address that have been reported as sending spam or have sent spam to SpamCop spamtraps. That list is made available free of charge to anyone that would like to use it.

The only ones that can actually block your mail are:

1) your ISP who can block out going mail if they so choose

2) the person you are sending your mail to or their ISP.

SpamCop itself can not block your mail.

When your computer stops sending spam it will automatically be removed from the SpamCopBL within a fairly short time period. The actual amount of time is based on a very complex formula that no one here fully understands, but can generally be stated as within 24 hours of the last report of spam being received.

[Wazoo]

SpamCop can block nothing and why do I get a following message?

Konto: 'pop.chello.at', Server: 'smtp.chello.at', Protokoll: SMTP, Serverantwort: '551 Mail from your IP address is currently blocked based on RBL listing', Port: 25, Secure (SSL): Nein, Serverfehler: 551, Fehlernummer: 0x800CCC79

Who is the author and authority for this RBL ??? Not Spamcop.net ?? The God ?

Actually, I have no idea. I don't see anything about SpamCop.net in that message. Technically, the use of "RBL" used to specify that MAPS was involved. MAPS is not SpamCop.net.

Are You pulling my leg ????

Now I tell suggest following to You :

I will close my PC for the period of at least 15 hours. /no power, no traffic, no activity/. What will You say then, if any traffic and/or activity will be reported ??

Maybe: We know you are there and when not, then you are there and if we are wrong, you are there etc.

41491[/snapback]

http://www.spamcop.net/w3m?action=checkblo...=213.047.132.46

213.047.132.46 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours.

Apparently traffic still flowing as the last estimate was 11 hours .. but ...

21 March 2006 1836 GMT -6

http://www.senderbase.org/?searchBy=ipaddr...g=213.47.132.46 us now showing a reduction in traffic ....

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.2 .. 2849%

Last 30 days .. 3.2 ... 234%

Average ......... 2.7

21 March 2006 2022 GMT -6

Report on IP address: 213.47.132.46

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.1 .. 2487%

Last 30 days .. 3.3 ... 234%

Average ........ 2.7

22 March 2006 0150 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 4.1 .. 2428%

Last 30 days ... 3.3 ... 227%

Average ......... 2.7

I've seen other drop a heck of a lot faster ... wondering if the lease time is long enough that eke wil have the same IP address when things are powered back up .... or has it already changed hands?

Just a bit of a side-nitem feeding inro the 5-day thing;

Date of first message seen from this address 2006-03-15 ... kind of fits ....

22 March 2006 0405 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 4.1 .. 2428%

Last 30 days ... 3.3 ... 227%

Average ......... 2.7

22 March 2006 0705 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.1 .. 2429%

Last 30 days .. 3.3 ... 227%

Average .........2.7

22 March 2006 1625 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.9 .. 1432%

Last 30 days ... 3.3 ... 227%

Average ......... 2.7

23 Mar 2006

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.0 .. 42%

Last 30 days ... 3.3 . 228%

Average ......... 2.7

[Jeff G.]

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours.

Apparently traffic still flowing as the last estimate was 11 hours .. but ...

21 March 2006  1836 GMT -6

http://www.senderbase.org/?searchBy=ipaddr...g=213.47.132.46 us now showing a reduction in traffic ....

41503[/snapback]

Of course, a reduction does not necessarily mean a complete cessation.

[Wazoo]

Of course, a reduction does not necessarily mean a complete cessation.

41504[/snapback]

Was just going with the "going to turn off the computer" ... that last post will be one of those that every now and then will be edited with later results ... the last one of these showed the massive drop in about 8 hours, ramp-up as soon as the system was fired up again ... yet the Topic went on for several more pages as even then that user wasn't yet convinced hat the problem was "in he house" .....

I'm having a problem with the error message offered up thus far ... with only what is showing, is it possible that it is chello itself blocking the attempted SSL connection? (and again, nothing to do with SpamCop.net)

[Jeff G.]

I'm having a problem with the error message offered up thus far ... with only what is showing, is it possible that it is chello itself blocking the attempted SSL connection?  (and again, nothing to do with SpamCop.net)

41506[/snapback]

It certainly appears that Chello is blocking SMTP connections from its own SCBL-listed customers. I guess that's one way to get its customers to pay attention to security.

[Merlyn]

Hi,

super, super, do really think I am an idiot ?

nuff said!

[Derek T]

super, super, do really think I am an idiot ?

41491[/snapback]

If the cap fits...

Enough of an idiot to get infected and then blame the doctor for your illness, anyway.

Now I tell suggest following to You :

I will close my PC for the period of at least 15 hours. /no power, no traffic, no activity/. What will You say then, if any traffic and/or activity will be reported ?? 

Maybe: We know you are there and when not, then you are there and if we are wrong, you are there etc.

41491[/snapback]

Unfortunately, as we have seen recently on this forum, unless you turn off the cable modem and/or router too the spew may continue. It may be your modem/router that is infected rather than your PC.

See this thread http://forum.spamcop.net/forums/index.php?showtopic=6062

where what turned out to be problem was a hijacked wireless router. You could learn a lot about spam blocklists there. Also note the enquirer's attitude and imitate: that way you'll look less like an idiot.

See http://psbl.surriel.com/evidence?ip=213.47...=Check+evidence to see just a small sample of the 10,000+ emails per day that YOUR system is inflicting on the world.

[Wazoo]

From a PM;

what do You say now ? Did You see traffic or not within this time period of 15 hours - starting about 23,00 MET 03/21/06, ending about 15,00 MET 03/22/06 ? Everything was down /no el. power, no PC in net, all cables unplugged , cable modem off and unplugged, no el.power/.

Eke

I added in results seen by editing the contents of Linear Post #13 in this Topic. I find it odd that the numbers did a major drop "today" .. as compared to while everything was turned off ....

[dbiel]

From a PM;

I added in results seen by editing the contents of Linear Post #13 in this Topic.  I find it odd that the numbers did a major drop "today" .. as compared to while everything was turned off ....

41557[/snapback]

Unless he got a new IP address when rebooting.

[Derek T]

what do You say now ? Did You see traffic or not within this time period of 15 hours - starting about 23,00 MET 03/21/06, ending about 15,00 MET 03/22/06 ? Everything was down /no el. power, no PC in net, all cables unplugged , cable modem off and unplugged, no el.power/.

I say that the spammers have more control of your system than you do.

And that you are an idiot.

[eke]

Hi, Wazoo,

I think, it shows evidence of the fact, maybe was my PC hacked as I found out this RPC - remote process control was hacked in my PC. Everything was already closed and blocked by me.

It was very interesting that as postmaster server was 217.0.0.2 signed . Do You know this IP address ? This IP has tried to take control over my PC and network. For Your information some fact You can see, too:

SenderBase Results from 22.March 2006 at 10,00 AM:

Report on IP address: 213.47.132.46

Volume Statistics for this IP Magnitude Vol Change vs. Average

Last day 3.4 382%

Last 30 days 3.3 228%

Average 2.7

CIDR range 213.47.128.0/20

Why is this CIDR range so wide , whe n my IP is 213.47.132.46 and they are working with ..128.0/20 ? It is not my range.

Eke

P.S.

I tried already to answer You the same I am writing now and suddenly was everything away. Somebody didnt like it, what I wrote.

[eke]

Derek,

next time make a use of one mirror, if You want to attack me, buta magyar.

Very special way of conversation, like Your UK. Instead to try to help someone You still attack me, thank You. Really british sense for seriousity. I am very sorry about You and Your next life in the future.

:angry: :angry: :angry:

I say that the spammers have more control of your system than you do.

And that you are an idiot.

41560[/snapback]

Your way of conversation is typical british honest and seriousity.

Try to get Your emotions under control /a gentleman can do that, but You are not one/.

Have a nice day a do not blame me. I did not fall down on Your niveau.

Eke

[eke]

Hi, dbiel,

I have still the same IP.

Eke

Unless he got a new IP address when rebooting.

41559[/snapback]

[eke]

Hi, Merlyn,

thank You, nice said. I hope You will have the same or similar experience in the future. And if You are really "A Spamcop advocate" then do not forget the primary rule of good advocate:

Protect the client instead of attack him.

Eke

nuff said!

41512[/snapback]