petzl Posted October 21, 2015 Share Posted October 21, 2015 I'm using a provider which has a lot of BOTNET infections http://www.senderbase.org/lookup/?search_string=168.1.6.11 Are these servers infected and is it safe to send data through them? http://www.abuseat.org/lookup.cgi?ip=168.1.6.11 This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem".ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.). Don't look to me like I should use credit card bank details etc?Yet reply from them is The reports you are seeing on the senderbase page reflect blacklist reports filed against these IP addresses. Our server IPs are used by multiple users, and can sometimes be used and implicated in detected (if not actual) malicious usage. This is caused by users sending spam, using bots, etc. and triggering a report to be filed against an IP address.This is an unfortunate byproduct of shared IPs; however, blacklisting is a very common internet occurrence, and is usually not any issue unless you try to use a service that strictly prohibits the use of blacklisted IP address. In short, what you are seeing is perfectly normal, and is not an issue unless a given site/service is set to block connections based on this blacklist report. Because of the common nature of these blacklistings, these types of blocks are exceptional, as otherwise a great deal of internet activity worldwide would come to a grinding halt. Which I believe is rubbish I believe any CBL listing is a BOTNET (zombie computer run by criminals) and the server or a ADMIN linked computer to that server is infected! In the case of BOTNET infections it is the server not the user (yes if spam is sent and port 25 is not blocked the server with that IP can be used to send spam)!Is this sentiment right or wrong?THANKS Link to comment Share on other sites More sharing options...
Lking Posted October 21, 2015 Share Posted October 21, 2015 Petzl, I think you are correct, the response from your ISP is bullsh**! Having an IP listed on a block list may be common for an ISP that does not care if their resources are used by spammers. But I have had the same domain/email address sense March 1996 and I have never had an IP listed on any block list. I manage 5 domains and a sub-domain, most with mail service, none of which are on servers that have listed IPs. Although there are locations were you do not have a choice of more than one ISP, my advice would be to find a new service provider. As a matter of principle, it would bother me to give my money to an ISP that did not police/supported spammers. JMHO. Link to comment Share on other sites More sharing options...
petzl Posted October 21, 2015 Author Share Posted October 21, 2015 Petzl, I think you are correct, the response from your ISP is bullsh**! Having an IP listed on a block list may be common for an ISP that does not care if their resources are used by spammers. But I have had the same domain/email address sense March 1996 and I have never had an IP listed on any block list. I manage 5 domains and a sub-domain, most with mail service, none of which are on servers that have listed IPs. Although there are locations were you do not have a choice of more than one ISP, my advice would be to find a new service provider. As a matter of principle, it would bother me to give my money to an ISP that did not police/supported spammers. JMHO. Thanks Lking (I've paid $40 for 12 months) This is a VPN provider I just have to turn the VPN off when I use online banking! I always check if the IP I'm using, before I do banking, appears clean Did try to express my concerns Just got a reply blaming their infected customer computers? Which may have some relivance trouble is CBL routinely recheck IP. So when I see same IP's listed for over a week seems improbable to me? VPN randomly assigns your computer a IP of about 30 just for Australia? Which AFAIK is rubbish a BOTNET has to have a ADMIN logon/password to server to be installed to work So sent this reply back Thanks for your time Don't explain why my Australian provider TELSTRA *never* have BOTNET infestations? This is the IP range of my TELSTRA IP I connect to *before* using VPN 101.190.170.121 http://www.senderbase.org/lookup/ip/?search_string=101.190.170.121 TELSTRA is Australia's major ISP Also checked TELSTRA IP range they send email from 203.35.135.204 http://www.senderbase.org/lookup/?search_string=203.35.135.204 No BOTNET infestations? I'm now connected to VPN IP 168.1.6.49 which appears clean although showing it presently is sending a lot of email This can be stopped by blocking outbound port 25 (possibly not an option for VPN)? Again heavily listed with BOTNETS of various types http://www.senderbase.org/lookup/ip/?search_string=168.1.6.49 Again just pointing out my only concern is where I are advised that a server is infected with a BOTNET that collects Bank details/credit card/ logons? Such as this CBL (BOTNET) listed IP 168.1.6.56 server? http://www.abuseat.org/lookup.cgi?ip=168.1.6.56 This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem". ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.). Please consider matter closed no point in going in circles. Thanks for your time and input. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.