Jump to content

[Resolved] Blocked IP please help


pedrojo

Recommended Posts

To whom it may concern,

We have been blacklisted at spamcop:

http://www.spamcop.net/w3m?action=checkblo...;ip=74.55.98.74

Besides that:

http://www.senderbase.org/senderbase_queri...ing=74.55.98.74

The main concern and issue is that I have a reseller plan with 15 domains, but my IP is been shared or reselled with many others, so it is not controllable who is doing the spam.

First I need help with this ongoing issue and please unlist us from your blacklist.

Second is there a way to know the domain who made the spam and no the IP?

Thanks for your assitance.

Pedro

Link to comment
Share on other sites

We have been blacklisted at spamcop:

http://www.spamcop.net/w3m?action=checkblo...;ip=74.55.98.74

Besides that:

http://www.senderbase.org/senderbase_queri...ing=74.55.98.74

The main concern and issue is that I have a reseller plan with 15 domains, but my IP is been shared or reselled with many others, so it is not controllable who is doing the spam.

You are listed because you deserve to be listed: spam is coming from your IP. This is your responsibility. Stop the abuse and de-listing will happen automatically. Allow it to go on and listing will be more frequent and for longer. It is entirely automatic.

What have you done to trace the source of the spew?

Getting a clue might be a good idea.

Link to comment
Share on other sites

spam doesn't come from a domain, it comes from a server. If the equipment with that IP address physically belongs to you, you should unplug it from the internet until you can get it fixed.

Reports about spam coming from that IP address are going to the domain owner at abuse[at]theplanet.com. They have received those reports and chosen not to act on them. I would suggest contact theplanet, as well as whoever is responsible for the server with IP address 74.55.98.74 if it is not you.

Link to comment
Share on other sites

You are listed because you deserve to be listed: spam is coming from your IP. This is your responsibility. Stop the abuse and de-listing will happen automatically. Allow it to go on and listing will be more frequent and for longer. It is entirely automatic.

What have you done to trace the source of the spew?

Getting a clue might be a good idea.

Derek, you are answering a little anxious. I do not deserve to be listed. My IP does. If you read the whole post you can realize that am not the only domain in that IP, so please do not offend me jumping into conclusions. I came here for help not for offenses. And regarding the question you do I have no clue because my domains in my reseller plan did no do the spam and I do not know who was.

Best regards,

Pedro

Link to comment
Share on other sites

Derek, you are answering a little anxious. I do not deserve to be listed. My IP does. If you read the whole post you can realize that am not the only domain in that IP, so please do not offend me jumping into conclusions. I came here for help not for offenses. And regarding the question you do I have no clue because my domains in my reseller plan did no do the spam and I do not know who was.

I read your original post to mean that you were responsible for the reselling, do you mean that you are not the reseller but merely one of the customers of the reseller? If so I apologise unreservedly.

However if you are the reseller then you are responsible for what your customers do, which is what I was trying to say.

Link to comment
Share on other sites

I read your original post to mean that you were responsible for the reselling, do you mean that you are not the reseller but merely one of the customers of the reseller? If so I apologise unreservedly.

However if you are the reseller then you are responsible for what your customers do, which is what I was trying to say.

Derek, as you may know you can be a reseller of a reseller and sometimes even deeper in the chain. So apologizes accepted. Thanks anyway for your reply and what I have learned today is I must try to go independent as being at the top of chain of resellershipness. I have VIP customers and I cannot risk them to this condition that someone in an another domain certainly did.

How do you know that?

Derek, I know that becuse I talked over the phone with my provider and gave me the info minutes ago, he didn´t gave the domain name and that domain is currently blocked. Hopefully he will give the info to post it here.

Regards,

Pedro

Link to comment
Share on other sites

someone in an another domain certainly did.

Again I ask: how can you possibly know that? How can you be so sure that one of your machines or one of those of your 'VIP customers' has not been trojanned or hacked? I ask this because I've seen literally hundreds of people come to this forum asserting that the spam is nothing to do with them, only to find that they have a compromised system on their network. You wouldn't be the first and certainly won't be the last.

Link to comment
Share on other sites

To whom it may concern,

Technically, all the questions you are asking are already addresse within the SpamCop FAQ, the SpamCop Wiki .. both having miltiple links at the top of this very page. One of the specific entries is also duplucated as a Pinned item in this very Forum section. Why am I Blocked? seems a bit hard to miss.

We have been blacklisted at spamcop:

http://www.spamcop.net/w3m?action=checkblo...;ip=74.55.98.74

Besides that:

http://www.senderbase.org/senderbase_queri...ing=74.55.98.74

The main concern and issue is that I have a reseller plan with 15 domains, but my IP is been shared or reselled with many others, so it is not controllable who is doing the spam.

There sure is some strange data offered on those pages.

Host name: ns1.hostingzone.cl .... "ns" is usually used to designate a "Name Server" ????

Date of first message seen from this address: 2008-09-11 .... you didn't mention anything about the timeline of your 'reselling' .. if there is any connecton

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 4.0 .. -66%

Last month .. 4.4

100,000 e-mails a day seems pretty high for a 'Name Server' ...????

http://www.senderbase.org/senderbase_queri...=hostingzone.cl

Date of first message seen from this domain: 2008-09-13 ... more shiney-new stuff ????

Past 90 days of Reports returns;

Submitted: Tuesday, December 09, 2008 4:27:07 AM -0600:

You can save up to 70% on Cia1is

3712746218 ( http://zemovikumpani.php5.cz/rf.html ) To: mole[at]devnull.spamcop.net

3712746217 ( 74.55.98.74 ) To: mole[at]devnull.spamcop.net

--------------------------------------------

Submitted: Monday, December 08, 2008 10:28:09 AM -0600:

Ñåðèàëû íà DVD - ëó÷øèé ïîäàðîê íà Íîâûé ãîä.

3710014171 ( http://bityutskiyel.narod.ru/ ) To: abuse[at]yandex.ru

3710014169 ( 74.55.98.74 ) To: abuse[at]theplanet.com

-------------------------------------------

Submitted: Monday, December 08, 2008 3:17:21 AM -0600:

Òåáå íðàâÿòüñÿ òàêèå òåëêè?

3709222525 ( 74.55.98.74 ) To: abuse[at]theplanet.com

of which only two actually count in the SpamCopDNSBL scoring. There is no way that two Reports and 100,000 e-mails a day works out mathematically, so one would have to be looking at spamtrap hits. Once again, I'll refer back to the FAQ/Wiki entries.

First I need help with this ongoing issue and please unlist us from your blacklist.

Second is there a way to know the domain who made the spam and no the IP?

Only answers to the above already exist within the referenced FAQ/Wiki/Pinned enties and the countless numbers of previously posted Topics and Discussion about this same scenario.

The most unique thing about your query is the use of a 'Name Server' as causing you so much grief. But, there's also much more that you seem to have left out in order for anyone on this side of the screen to do much more research.

Link to comment
Share on other sites

Derek, I know that becuse I talked over the phone with my provider and gave me the info minutes ago, he didn´t gave the domain name and that domain is currently blocked. Hopefully he will give the info to post it here.

As someone else has said here, spam comes from IPs, not domains. Domain names in spam are always forged. he domain name will not help you to identify the source of the spam. It may yet be you or one of your customers.

Link to comment
Share on other sites

As someone else has said here, spam comes from IPs, not domains. Domain names in spam are always forged. he domain name will not help you to identify the source of the spam. It may yet be you or one of your customers.

Derek, I don´t see why are you so concerned about knowing if my customers did or did not send the spam. What I am telling you for sure is that a I spoke with my provider and recognize that xxx domain (he didn´t give the name) did sent spam during the weekend. If you want to check this you can call 562 - 2049096 this is Chile. Their web page is http://www.intersitio.cl , or you can email them soporte[at]interistio.cl

Anyway I don´t understand your point here. Or you trust what I am saying or you contact them to double check.

Regards,

Pedro

Link to comment
Share on other sites

Technically, all the questions you are asking are already addresse within the SpamCop FAQ, the SpamCop Wiki .. both having miltiple links at the top of this very page. One of the specific entries is also duplucated as a Pinned item in this very Forum section. Why am I Blocked? seems a bit hard to miss.

Wazoo, thanks for your very clear answer. I already sent this to my provider in Chile for him to analize his logs and all the NS stuff that I really do not understand. As soon as I dont see my IP listed in spamcop.net I will add a Solved to the sbject of this thread.

Best Regards,

Pedro

Link to comment
Share on other sites

Derek, I don´t see why are you so concerned about knowing if my customers did or did not send the spam. What I am telling you for sure is that a I spoke with my provider and recognize that xxx domain (he didn´t give the name) did sent spam during the weekend.

The point is that *any* of the customers (and customers of customers) that use this IP to send mail could be infected with spam-sending malware. Most malware doesn't leave clues in logs or headers as to where it originated, so to say that the spam is the fault of a single customer is probably not accurate. Your webhost should look at ways to improve their overall network security so that customers won't get infected and if they do, the mail the malware generates cannot be sent.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...