Jump to content

Server blocked 66.96.251.170


joeasbridg3
 Share

Recommended Posts

Hi i'm new to this forum and hoping that i am posting in the correct place

i'm not to sure how these things worked, im pretty sure that Spamcop have told my ISP that i have been spamming and they have deactivated my server...is this correct?

basically i received an email from my ISP that they had been sent from Spamcop

i have completed all the fields and queries and am now waiting for my server to be reactivated

can anyone tell me the timescale of this please?

will my ISP not reactivate me without Spamcop's say so

how did this work?

all help greatly appreciated and let me know if you need anymore information

thanks in advance :)

Link to comment
Share on other sites

Hi i'm new to this forum and hoping that i am posting in the correct place

i'm not to sure how these things worked, im pretty sure that Spamcop have told my ISP that i have been spamming and they have deactivated my server...is this correct?

There are FAQs a-plenty that will tell you how spamcop works. Your server is not on the SCBL and there are no rteports (either human or spamtraps) listed against it. Please post the text of the email from your ISP: it may be that SpamCop is not involved at all.

Link to comment
Share on other sites

http://www.spamcop.net/w3m?action=checkblo...p=66.96.251.170

66.96.251.170 not listed in bl.spamcop.net

http://www.senderbase.org/senderbase_queri...g=66.96.251.170

Hostname: server1.kiddfectious.com

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 0.0 .. N/A

Last month .. 4.2

Slow traceroute 66.96.251.170

Trace 66.96.251.170 ...

66.28.4.234 RTT: 51ms TTL:170 (te4-3.ccr01.phl03.atlas.cogentco.com probable bogus rDNS: No DNS)

38.112.240.34 RTT: 50ms TTL:170 (hostnoc.demarc.cogentco.com probable bogus rDNS: No DNS)

64.191.116.246 RTT: 187ms TTL:170 (core.sctn01.volumedrive.com probable bogus rDNS: No DNS)

* * * failed

* * * failed

* * 66.96.251.170 RTT: 51ms TTL: 49 (server1.kiddfectious.com ok)

Fetching http://66.96.251.170/ ...

GET / HTTP/1.1

Host: 66.96.251.170

HTTP/1.1 200 OK

Date: Wed, 15 Apr 2009 11:47:17 GMT

Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8

Last-Modified: Wed, 01 Apr 2009 19:41:18 GMT

Apache is working on your cPanel<sup>®</sup> and WHM™ Server</h1>

<p>If you can see this page,

http://www.spamcop.net/sc?track=66.96.251.170

Parsing input: 66.96.251.170

ISP believes this issue is resolved 66.96.251.170

ISP believes this issue is resolved: 66.96.251.170 - no date available

Partial list of the last 90 days of Reports sent out against that IP Address.

Submitted: Monday, April 06, 2009 3:12:27 PM -0500:

MOU at Sankeys this Friday check out exclusive footage

4008890123 ( http://www.kiddfectious.com/presspack/mou/eflyer ) To: abuse[at]burst.net

4008890119 ( http://www.kiddfectious.com/mou ) To: abuse[at]burst.net

4008890107 ( http://www.djalexkidd.com/pommo/user/login.php ) To: abuse[at]burst.net

4008890098 ( http://www.djalexkidd.com/pommo/user ) To: abuse[at]burst.net

4008890082 ( 66.96.251.170 ) To: abuse[at]burst.net

-------------------

Submitted: Thursday, March 26, 2009 10:35:07 AM -0500:

De Puta Madre this Saturday at Area 51 w/ Yousef

3975224705 ( http://www.new.facebook.com/group.php?gid=45587... ) To: spamcop[at]facebook.com

3975224704 ( http://www.djalexkidd.com/pommo/user/login.php ) To: abuse[at]burst.net

3975224703 ( 66.96.251.170 ) To: nomaster[at]devnull.spamcop.net

-----------------------

Submitted: Thursday, March 26, 2009 6:01:22 AM -0500:

Kiddfectious Recordings forthcoming releases, KF005 and KFX0

3974444945 ( 66.96.251.170 ) To: abuse[at]burst.net

----------------------------------

Submitted: Tuesday, March 24, 2009 6:56:09 PM -0500:

Kiddfectious Recordings forthcoming releases, KF005 and KFX0

3970087224 ( http://www.djalexkidd.com/pommo/user/login.php ) To: abuse[at]burst.net

3970087223 ( 66.96.251.170 ) To: nomaster[at]devnull.spamcop.net

------------------------

Submitted: Monday, March 23, 2009 6:47:41 AM -0500:

spam-LOW: Chaos Theory Tour

3965169428 ( 66.96.251.170 ) To: abuse[at]burst.net

----------------

Submitted: Friday, March 20, 2009 3:25:06 PM -0500:

Chaos Theory Tour

3958082321 ( http://www.chaostheorytour.com/ ) To: abuse[at]dreamhost.com

3958082320 ( http://www.djalexkidd.com/pommo/user/login.php ) To: abuse[at]burst.net

3958082319 ( 66.96.251.170 ) To: abuse[at]burst.net

------------------------

done copying stuff

No idea what your ISP asked you to do, fill in, whatever. Timescale is whatever your ISP decides. FAQs exist, a Wiki wxists, Dictionary, Glossary, in addition to countless other Topics and Discussion already in place. What exactly did you not find explained? How about starting with a look at What is SpamCop.net?

Link to comment
Share on other sites

The way spamcop works is that reporters send copies of spam to spamcop. Spamcop has software called a parser that finds out what IP address sent the spam and sends a report to the abuse department of that IP address. The parser also looks at the websites advertised in the spam and sends a report to the web host. Your ISP decided that the spam came from your computer and forwarded the report to you.

If there is enough spam coming from an IP address, the IP address is added to the spamcop blocklist. ISPs use this blocklist to filter spam; some ISPs will actually block any email from that IP address. Spamcop does not make a blocklist of websites that are advertised in the spam. Other blocklists do list websites advertised in spam.

We do not know what fields and queries you have completed. The questionnaire you completed probably came from your ISP.

The IP address you have given is not listed on the spamcop blocking list. It has a 'good' listing in senderbase.

Your ISP does not want to be listed on the spamcop blocklist so they have cut your connection to the internet until you correct whatever caused the spamcop report.

At this point, we do not know whether your computer is infected with a trojan that is sending spam without your knowledge or whether you were sending unsolicited email to people advertising your website. You cannot buy lists of addresses.

This matter is between you and your ISP. People here might be able to help you understand what your ISP is asking you to do if you ask specific questions.

Miss Betsy

Link to comment
Share on other sites

i'm not to sure how these things worked, im pretty sure that Spamcop have told my ISP that i have been spamming and they have deactivated my server...is this correct?
Hello, sorry you are having problems. I'm not sure that what you say is correct, however.

First of all, just to be clear, it wasn't SpamCop that deactivated your server -- it can't do this, only your ISP can do this. So, as Miss Betsy notes, it is ultimately between you and your ISP as to whether and when your server will be back online.

We don't know much about your situation because you haven't told us much. Based on the info that Wazoo uncovered, it appears that someone sent unsolicited mail promoting websites at your address. At least one of the recipients of the message filed a report via SpamCop, and this report reached your ISP, which (if what you say is correct) suspended your server.

Actually, I find that the links to this address uncovered by Wazoo actually work and point to live sites. Are these your sites? They seem no longer to be blocked.

Your address is NOT on the SpamCop blocking list, which means that it has not been spotted sending actual spam mailings (which is a good thing). This also means that there is little that SpamCop by itself can do about your problem.

If you are still blocked, you need to find out from your ISP exactly why you are blocked (e.g., "you sent spam mail," or "your website was advertised via spam," etc.) and what they expect you to do in order for them to unblock you.

-- rick

Link to comment
Share on other sites

From the information available it seems that server1.kiddfectious.com is being reported sending out information about Kiddfectious eg: 'Kiddfectious Recordings forthcoming releases, KF005 and KFX0' So there's a direct link between the server and the content. So I think we can rule out trojans, open wireless networks and other similar security concerns.

So on the assumption that Kiddfectious is a legitimate service (and this is the OP's business) then it would look like some recipients are receiving stuff they think they didn't request.

So that would point to

a badly configured mailing list which allows other folks to subscribe a different person to the list

a mailing list where the OP has neglected to get permission to add recipients or the OP has presumed consent which evidently doesn't exist

recipients have forgotten that they signed up for the mailing list and have started to report this list

one of the many other reasons why folk might consider the these Emails to be spam.

Still presuming that the OP is Kiddfectious, I'd say that the Email list needs to be cleaned out and started with properly consenting recipients.

Andrew

Edited by agsteele
Link to comment
Share on other sites

...So on the assumption that Kiddfectious is a legitimate service (and this is the OP's business) then it would look like some recipients are receiving stuff they think they didn't request.
Seems like a sound analysis to me. Other data -

nslookup, MX

Non-authoritative answer:

kiddfectious.com MX preference = 0, mail exchanger = kiddfectious.com

kiddfectious.com internet address = 66.96.251.170 (which is also server1.kiddfectious.com and ns1.kiddfectious.com)

According to DomainDossier, SMTP (mail) outgoing on port 25 is inactive for that domain (other services are fine, including mail inwards). Disabling outwards mail is apparently the action of the provider - as others have said.

So that would point to

a badly configured mailing list which allows other folks to subscribe a different person to the list

a mailing list where the OP has neglected to get permission to add recipients or the OP has presumed consent which evidently doesn't exist

recipients have forgotten that they signed up for the mailing list and have started to report this list

one of the many other reasons why folk might consider the these Emails to be spam.

Still presuming that the OP is Kiddfectious, I'd say that the Email list needs to be cleaned out and started with properly consenting recipients.

Exactly. Alternatively, if consenting subscribers have been mistakenly/maliciously misreporting material as spam that needs to be shown and it would then be they who are censured (having the vague notion that not all business competitors might be entirely scrupulous) and THAT would be a SC action.

I note there is provision for subscription on the kiddfectious.com website. Just what is the process from that point, when the "Subscribe" button is pushed?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...