br53 Posted September 8, 2006 Share Posted September 8, 2006 Hi, Our server is listed due to spam traps: http://www.spamcop.net/bl.shtml?210.9.130.146 I've since made changes so that we don't accept messages and then bounce back delivery failures. But this morning when we were due to be automatically delisted, it's back to 23 hours. I've used the form to contact Spamcop already, but it's becoming quite urgent so I'm posting here too. Any help is appreciated. Thanks Josh Link to comment Share on other sites More sharing options...
dra007 Posted September 8, 2006 Share Posted September 8, 2006 Sender base shows an unusual increase in trafic recently: Report on IP address: 210.9.130.146 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.0 404% Last 30 days 2.9 -64% Average 3.3 I, however, cannot find any reported history that would shed some light on this. If you already wrote to the deputies, patience is golden, and I am sure you'll be able to resolve your issue. Please let us know. Link to comment Share on other sites More sharing options...
Wazoo Posted September 8, 2006 Share Posted September 8, 2006 While waiting for a Deputy response, perhaps take a look at http://psbl.surriel.com/listing?ip=210.9.130.146 .. seems that their spamtraps were also hit today ... Link to comment Share on other sites More sharing options...
Miss Betsy Posted September 8, 2006 Share Posted September 8, 2006 If the volume is up, that can mean a compromised machine that does not use the normal port 25 to send the spew. Check your firewall logs for unusual traffic. Miss Betsy Link to comment Share on other sites More sharing options...
Derek T Posted September 8, 2006 Share Posted September 8, 2006 If the volume is up, that can mean a compromised machine that does not use the normal port 25 to send the spew. Check your firewall logs for unusual traffic. and the PSBL evidence shows real fresh spam rather than bounces, which also suggests either a trojanned machine or an SMPT-AUTH hack, rather than the problem being simply auto-replies. There is also now one human report to add to the spamtrap hits: Submitted: 08 September 2006 08:11:27 +0100: Fwd: * 1912415028 ( 210.9.130.146 ) To: abuse[at]connect.com.au (which will have reset the delist clock) looks like the reports are going to your upstream, you might discuss with them getting copies of the reports or registering your own abuse address. It seems you have a real 'live' problem to deal with here, things seem to be going from bad to worse. Link to comment Share on other sites More sharing options...
Merlyn Posted September 8, 2006 Share Posted September 8, 2006 The PSBL is pretty interesting: 2006-09-01 00:36:36.18671 received spamtrap mail 2006-09-04 23:13:08.923761 major smtp violation 2006-09-05 19:08:39.299366 received spamtrap mail 2006-09-07 20:03:03.386709 received spamtrap mail Wonder what a major smtp violation is? Link to comment Share on other sites More sharing options...
br53 Posted September 12, 2006 Author Share Posted September 12, 2006 Thanks for all the replies. We located 4 computers infected with variants of w32.stration. Josh Link to comment Share on other sites More sharing options...
turetzsr Posted September 13, 2006 Share Posted September 13, 2006 We located 4 computers infected with variants of w32.stration....Great going, Josh, and thanks for taking the time to return here to let us know! <g> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.