Jump to content
Sign in to follow this  
MailAdmin@snaptvgames.com

Request to Remove 64.81.233.190 from your database

Recommended Posts

I have made changes on the network belonging to 64.81.233.190 which is snaptvgames.com

Can you please review your most current logfiles for any problems from this IP and if none are found, please remove it from your database.

Thank You in advance,

Jeff

jbagge[at]itbyjb.com for snaptvgames.com

Share this post


Link to post
Share on other sites

All the Pinned items, links to various FAQs, building of a Wiki, on and on .... yet nothing looked at prior to posting into the wrong Forum section .. geeze .... moved from the Reporting Help section.

http://spamcop.net/w3m?action=checkblock&a...p=64.81.233.190

64.81.233.190 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Listing History

System has been listed for 24 hours.

http://www.senderbase.org/search?searchBy=...g=64.81.233.190

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 4.3 .. 40610%

Last 30 days ... 2.3 ...... 363%

Average ......... 1.7

Date of first message seen from this address 2007-03-26

Real-time blacklists

dnsbl.sorbs.net Web - http://www.sorbs.net/lookup.shtml?64.81.233.190

bl.spamcop.net http://spamcop.net/w3m?action=checkblock&a...p=64.81.233.190

cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=64.81.233.190

Share this post


Link to post
Share on other sites

sorry, this is a peer to peer support group...we can't do that, you may want to write the e-mail address provided in the FAQ though...

There is no reported history, so I suspect your problem is with the spamtraps which are secret to us as well...

ps. as Merlyn points out there are more serious problems with other block lists some of which will not delist automatically..

Edited by dra007

Share this post


Link to post
Share on other sites

I think you have bigger problems. Maybe a trojanned PC

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?64.81.233.190

--------------------------------------------------------------------------------

PSBL Passive spam Block List: psbl.surriel.com -> 127.0.0.2

Listed in PSBL, see http://psbl.surriel.com/listing?ip=64.81.233.190

--------------------------------------------------------------------------------

WPBL Weighted Private Block List: db.wpbl.info -> 127.0.0.2

spam source - http://wpbl.info/record?ip=64.81.233.190

--------------------------------------------------------------------------------

SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.7

Exploitable Server See: http://www.sorbs.net/lookup.shtml?64.81.233.190

--------------------------------------------------------------------------------

SORBSWEB SORBS List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts): web.dnsbl.sorbs.net -> 127.0.0.7

Exploitable Server See: http://www.sorbs.net/lookup.shtml?64.81.233.190

--------------------------------------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=64.81.233.190

64.81.233.190 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=64.81.233.190

--------------------------------------------------------------------------------

DNSBLAUSORBS External Block List - SORBS: sorbs.dnsbl.net.au -> 127.0.0.2

64.81.233.190 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=64.81.233.190

Looks like you requested removal from the cbl.abuseat.org at 2007-04-24 17:43 GMT

But you have many problems with your server

Senderbase shows

Last day 4.3 40467%

Last 30 days 2.3 363%

Share this post


Link to post
Share on other sites

[Thank You everyone for your help and I apologize for not posting in the correct place.

Im a smart guy, so maybe the links or verbage should be modified so I know where to post next time.

I still have not found the culprit, but thank you for the useful information and sites.

Jeff

Share this post


Link to post
Share on other sites
snaptvgames.com' post='55888' date='Apr 24 2007, 05:12 PM']

[Thank You everyone for your help and I apologize for not posting in the correct place.

Im a smart guy, so maybe the links or verbage should be modified so I know where to post next time.

Maybe you could help explain????

SpamCop Reporting Help

A forum to help users with reporting spam using the SpamCop Parsing and Reporting Service. Questions about the SpamCop Email System and/or Accounts should be directed to the SpamCop Email System & Accounts Forum. Questions about "your e-mail Blocked by SpamCop" should be directed to the SpamCop Blocklist Help Forum. Etc. etc., etc.

Hmmm, this is the one you selected to post into with your question about being listed in the SpamCopDNSBL, which certainly falls into the scenario of "yoir e-mail being blocked" .. and thusly the suggested "post it somewhere else" seems clear and appropriate ...

SpamCop Blocklist Help

A forum to help those who use or have had their e-mail blocked based on use of the SpamCopDNSBL by the receiving ISP.

Please read the "Why Am I Blocked?" FAQ entry before posting.

And this isn't clear enough? The suggestion to read the FAQ first is of no value?

Datapoint: at the time of this post;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 40412%

Last 30 days .. 2.3 ..... 363%

Average ........ 1.7

Share this post


Link to post
Share on other sites
snaptvgames.com' post='55888' date='Apr 24 2007, 10:12 PM']I still have not found the culprit, but thank you for the useful information and sites.

64.81.233.190 (Los Angeles, CA, US)

Looks to me this IP is compromised (any thug and or spammer who wants to has full control over it!)

Suggest you do a security check from my Signature (It is a Symantec site)

Share this post


Link to post
Share on other sites
snaptvgames.com' post='55875' date='Apr 24 2007, 02:44 PM']I have made changes on the network belonging to 64.81.233.190 which is snaptvgames.com

Can you please review your most current logfiles for any problems from this IP and if none are found, please remove it from your database.

Hi Jeff

It's good to see that some admins are indeed trying/taking some action to stop spam coming from their servers. The spamcop blocklist is completely automatic. If the spam stops, your IP address gets dropped automatically. If the spam continues, you will continue to be on the blocklist. A good way to check if the spam has stopped is to take a look at the senderbase website ( http://www.senderbase.org/search?searchString=64.81.233.190 ). Looks like spam is still coming from your IP address.

Share this post


Link to post
Share on other sites
A good way to check if the spam has stopped is to take a look at the senderbase website ( http://www.senderbase.org/search?searchString=64.81.233.190 ).

Just curious .. I've posted that link three or four times in this Topic already .. complete with numbers seen ...???

Yet another data point - at the time of this posting;

Report on IP address: 64.81.233.190

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 40413%

Last 30 days .. 2.3 ..... 363%

Average ........ 1.7

The 'slow down' seems to have stopped .....

Share this post


Link to post
Share on other sites

C:\>telnet 64.81.233.190 25

220 AVG ESMTP Proxy Server 7.5.460/7.5.463 [269.5.10/774]

Geeze, I can't believe that this response line shows up yet again on a system that is having spew problems ....

Share this post


Link to post
Share on other sites
Just curious .. I've posted that link three or four times in this Topic already .. complete with numbers seen ...???

No offense Wazoo, I stopped reading your posts long time ago. I felt that most of your posts are bashing users for doing this and that rather than helping them. Moreover, your sentences are so twisted that sometimes I cannot understand what you are saying. I dont know why I bothered to read this post of yours, but I think you get the point.

raju

Share this post


Link to post
Share on other sites
Maybe you could help explain????

He did explain, sort of. I don't remember now exactly what happens when you access the forum through the spamcop help page, but IIRC, it takes you directly to the reporting help forum.

Those who forget where they are trying to find an answer and thus post in the wrong forum and those who come here directly from the official page probably make up most of the 'wrong' forum entries.

Since we don't have any control over how that page presents the information and where it links to and everybody makes mistakes especially when they are stressed, IMHO, the best thing to do is for moderators to move the post with the explanation that they will get better answers in the right forum. I don't think we are ever going to be able to eliminate stress or be able to edit the entry page and therefore people are going to post in the wrong forum. And it hardly seems fair to blame them for the stupid way people learn about the forum or for being stressed because they have a problem - or us for not making it clear.

Miss Betsy

Share this post


Link to post
Share on other sites

C:\>telnet 64.81.233.190 25

220 AVG ESMTP Proxy Server 7.5.460/7.5.463 [269.5.10/774]

Geeze, I can't believe that this response line shows up yet again on a system that is having spew problems ....

Wazoo: You don't have AVG on your system do you? I had a similiar issue after one of their upgrades, it re-enabled the SMTP proxy on my local machine so that every port 25 connection was going through their proxy.

Do you find any systems that does NOT show the AVG proxy?

Share this post


Link to post
Share on other sites

My inbound mailflow is as follows

mx records points to a third party spam provider (they must be running AVG)

My firewall only allows inbound connections on port 25 from the specific IPS of the thirdparty spam solution

My firewall now only allows outbound connections on port 25 and the exchange server appears to be clean

Also, all computers were turned off last night so I would interested in knowing the last 12 hour logs.

I'm really sorry for screwing up my posting, wow, I would vote for buttons that say "blacklisted removal" not blocklist since since that usually refers to ISP providers which I doubt post a resolution this way.

Either way, I admit I'm wrong and dont want to argue about this anymore.

Enjoy your day,

Share this post


Link to post
Share on other sites
snaptvgames.com' post='55919' date='Apr 25 2007, 11:07 AM']

Also, all computers were turned off last night so I would interested in knowing the last 12 hour logs.

That link is available to the public: http://www.senderbase.org/search?searchString=64.81.233.190

The traffic does seem to be dropping. As of this post:

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 3.9 11801%

Last 30 days 2.5 369%

Average 1.8

Also, be aware from that page that your IP is not on SpamCop's list but is currently on the following blocklist (and that is generally the term used, your connections are being blocked, not blacked). There may be many other lesser known (or even private) lists that have included your IP by now as well.

dnsbl.sorbs.net Web - http://www.sorbs.net/lookup.shtml?64.81.233.190

From that site:

Address and Port: 64.81.233.190

Record Created: Mon Apr 23 18:07:36 2007 GMT

Record Updated: Mon Apr 23 18:07:36 2007 GMT

Additional Information: spam Sending Trojan or Proxy attempted to send mail from/to from=<dussaultardd[at]digitalh2ofall.com> to=<d.flett[at]paticipating.domain>

Currently active and flagged to be published in DNS

Share this post


Link to post
Share on other sites
Wazoo: You don't have AVG on your system do you? I had a similiar issue after one of their upgrades, it re-enabled the SMTP proxy on my local machine so that every port 25 connection was going through their proxy.

http://free.grisoft.com/doc/5616/lng/us/tpl/v5

http://free.grisoft.com/doc/5626/lng/us/tpl/v5

http://free.grisoft.com/doc/5627/lng/us/tpl/v5

(Some) detail offered up about this little detail .. though noting that they don't use the word 'Proxy' for some reason. Basically, turning off the 'outgoing scanning of e-mail' will result in killing off the Port 25 Proxy ...

I only send out 'Plain-Text' e-mail to begin with, so I don't scan outgoing ....

Do you find any systems that does NOT show the AVG proxy?

Many of them .. but these are actual e-mail servers. In this case, as was expected, the system in question turns out to be an Exchange server. The expected 'banner' would be sonething that sang the tune of Microsoft ....

http://www4.grisoft.com/doc/products-avg-e...s/crp/0#details

what I can't find there is the current 'version' of this 'paid' version for a server-type tool .... I will note that my running version of the 'free personal' version is showing 7.5.446 [269.5.1/764] as compared to the found data of 7.5.460/7.5.463 [269.5.10/774] on the server in question ....

Share this post


Link to post
Share on other sites
snaptvgames.com' post='55919' date='Apr 25 2007, 10:07 AM']My inbound mailflow is as follows

mx records points to a third party spam provider (they must be running AVG)

I'm going with that what you typed isn't what you meant ....

ns52.1and1.com reports the following MX records:

Preference Host Name IP Address TTL

10 mx1.spamsoap.com 208.65.144.12 86400

20 mx2.spamsoap.com 208.65.144.13 86400

30 mx3.spamsoap.com 208.65.145.2 86400

Bit of course, none of these have much to do with your Topic staring query about your outgoing e-mail ....

Not sure who spamsoap.com may be, but 1and1 is fairly famous around here.

My firewall only allows inbound connections on port 25 from the specific IPS of the thirdparty spam solution

My firewall now only allows outbound connections on port 25 and the exchange server appears to be clean

That description seems somewhat incomplete. Where's the firewall and its settings for your 'internal' network?

Also, all computers were turned off last night so I would interested in knowing the last 12 hour logs.

You have the same access to the same data that I and others 'here' have been pointing you to all along ...

http://www.senderbase.org/search?searchString=64.81.233.190

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.9 .. 11625%

Last 30 days .. 2.5 ..... 369%

Average ........ 1.8

Unless you have some other justification for this massive traffic flow, it doesn't appear that the 'problem' is solved yet. SenderBase's "Magnitude" Explained suggests something like 13,000 e-mails a day. Are 'you' sending this much stuff out?

I'm really sorry for screwing up my posting, wow, I would vote for buttons that say "blacklisted removal" not blocklist since since that usually refers to ISP providers which I doubt post a resolution this way.

Technically, I don't know whrere you see "Buttons that say anything" around here as far as Forum Titles, Sections, whatever ... The actual "Remove from the blocklist" buttons are available from the SpamCop FAQ or the SpamCopDNSBL check page .. in this case, the web-page at http://spamcop.net/w3m?action=checkblock&a...p=64.81.233.190 .. which has also been referenced a few times within this very Topic.

BTW: I Banned your attempted duplicate (Postmaster) account ... Per the data at Spammers love Forum name = e-mail address , SECTION 7 - Change of Username , and a few other reasons, a name-change request would be appreciated for 'this' account ...

Share this post


Link to post
Share on other sites

Just 4 hours later and the numbers are rising again!

Last day 3.9 11717%

Last 30 days 2.5 369%

Edited by Merlyn

Share this post


Link to post
Share on other sites

Another 24 hours and the plug is pulled:

Report on IP address: 64.81.233.190

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 0.0 -100%

Last 30 days 2.5 362%

Average 1.8

Share this post


Link to post
Share on other sites

Another 24 hours and the plug is pulled:

Yes I saw that. Looks like he disconnected the machine. Took long enough. A lot of junk was spread till he got the hint. Hopefully he doesn't turn it back on till it's fixed.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×