Jump to content

APEWS Entry matching your Query: E-598674 108.163.128.0/18


hmhazim

Recommended Posts

Hello petzl,

thanks for the reply, I cannot send emails to either one of them (Yahoo or Gmail or even Hotmail), I am not 100% but, I don't think is a shared IP since is a VPS, It should not be sending any more spam emails since we increase server security about 5 days ago since we so the problem and solve it.

How can I be sure the problem is solve and the server did not got hack again, is there a way to be sure?

I just want for this to be solve.

Please help!

Regards,

Codeman

Your IP address appears to be dedicated to just you, looking at http://www.robtex.com/

I think most of the filtering for Yahoo, Gmail and Hotmail is internal/proprietary although they may use some public DNSBLs as well for premium services. I think you must contact them, individually, to find answers. It may not be any past issues with spam at all (certainly not with the APEWS list). All your DNS records - internet address, (main) name servers and mail exchange - point to the same address. They may not like that, especially the different TLD for the nameserver aliases on that same address - ns1.YOURSITE.eu and ns2.YOURSITE.eu instead of .com (but I don't know). You have rDNS, that is good and I think necessary for them. But they may not like your SPF record (I do not know). Those three lookups:

C:\Documents and Settings\Admin>nslookup -type=ns YOURSITE.COM 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

YOURSITE.COM nameserver = ns2.YOURSITE.eu

YOURSITE.COM nameserver = ns1.YOURSITE.eu

C:\Documents and Settings\Admin>nslookup -type=ptr XXX.XXX.XXX.XXX 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

XXX.XXX.XXX.XXX.in-addr.arpa name = YOURSITE.COM

C:\Documents and Settings\Admin>nslookup -type=txt YOURSITE.COM 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

YOURSITE.COM text =

"v=spf1 +a +mx -all"

C:\Documents and Settings\Admin>

The e-mail side of SpamCop is itself having the devil of a job getting off the hotmail list, that is a different set of circumstances but may indicate the emerging difficulties with those services. All are e-mail service providers and while they could not do anything untoward about limiting the connectivity of rival providers (principally each other) without risking review for monopolization, it is in their users' interests and beyond reproach for them to set high standards for the negotiation of mail into their networks. If, co-incidentally, their competitors and other e-mail services are disadvantaged I would not think they would be too unhappy. Ironically, all three are prime sources of registration addresses for another type of spammer - forum/bulletin board comment spammers.

Good luck in approaching them and finding answers. You really do seem to have done as much as you can about your network security and reputation, from what you have said. But don't forget about double opt-in for your distribution lists (the earlier post from petzl).

Link to comment
Share on other sites

  • Replies 189
  • Created
  • Last Reply

Ok perfect, thanks to all anyways you been really helpfull.

Please I ask to all users who respond this email or a moderator to change my url and ip address to the following in all posts of this thread:

IP: XXX.XXX.XXX.XXX

URL: http://www.mysite.com

Thanks again, and please change it so, I dont have anymore future problems with it, I would really appreciatte.

Regards,

Codeman

Link to comment
Share on other sites

OK, your posts and mine edited to munge, permissions sought to edit others. My edit to your last post was to kill the "live" link to that domain which I suppose you thought was spurious. It is not but no harm done with the link broken. Refer to RFC 2606 for "safe" domain names to use in future for anonymising/munging.

Link to comment
Share on other sites

How can I be sure the problem is solve and the server did not got hack again, is there a way to be sure?

10 Immutable Laws of Security

The only way to be sure is to revert to a known good state. For most people, this means restoring to a clean backup or completely reinstalling. Once someone else has control of your machine, there's no way to be 100% certain of exactly what they've done, which in turn means there's no way to be completely sure you've fixed everything. In most cases you can be pretty sure you've cleaned it all up, but you can never be positive.

Link to comment
Share on other sites

10 Immutable Laws of Security

The only way to be sure is to revert to a known good state. For most people, this means restoring to a clean backup or completely reinstalling. Once someone else has control of your machine, there's no way to be 100% certain of exactly what they've done, which in turn means there's no way to be completely sure you've fixed everything. In most cases you can be pretty sure you've cleaned it all up, but you can never be positive.

Hey man,

thanks for the reply, I already did all that, I want to know how I can delete my IP from Apews.org, since it is the only blacklist left I got to remove and because of that I still cannot send emails to Gmail.

Can someone please let me know how to contact them so, they can remove my IP since their page has no way to contact them.

Please help!

Thanks

PD: Can a moderator please remove my IP/URL Completely from this post, so, I dont have further issues. It is mostly remove but, there is still some posts with it, please replace IP with XXX.XXX.XXX.XXX and URL: http://www.yoursite.com

Link to comment
Share on other sites

<snip>

PD: Can a moderator please remove my IP/URL Completely from this post, so, I dont have further issues. It is mostly remove but, there is still some posts with it, please replace IP with XXX.XXX.XXX.XXX

<snip>

...Sorry, you will have to directly contact the person whose post still has your IP address. His e-mail address is service[at]admin.spamcop.net.

...Good luck!

Link to comment
Share on other sites

  • 3 months later...

APEWS Record Number: E-359846

IP : 201.219.39.98

Please help me with deactive for blacklist in apews.

Thanks.

APEWS has nothing to do with me or SpamCop

I just looked from what I can tell, if you wish to report a "False Positive" they have a blog site to report it

http://apews-user.blogspot.com.au/

If you know the, or a ISP using APEWS, send them a email through 201.219.39.98 , if it bounces past the header and bounce message in this blog?

Click the Blue "Join this site" button

Good Luck.

Often though it's simpler to use Gmail often free (yes you can use your domain name) they though don't tolerate spammers

http://support.google.com/a/bin/answer.py?...mp;answer=33352

Another how to

http://smarterware.org/3628/host-your-doma...hout-forwarding

Seems no one should be using APEWSL2?

18 201.219.39.98 APEWS Level 2 l2.apews.org Listed

Comment:

Don't worry. No one is using this block list to filter email.

They do not accept solicitations for removal, so just ignore them.

Link to comment
Share on other sites

Thanks petzl, more helpful than our standard "template" which is nevertheless added FWIW:

There is no connection between SpamCop.net and APEWS. However, because the APEWS FAQ was apparently misunderstood, the following data is provided;

______________________________________________________________________________

Considering the current behavior and management of the APEWS blacklist, we can only agree with the advice given at Al Iverson's DNS RESOURCE -

If you are listed on the APEWS blacklist, as confirmed by checking their website, here's how I would recommend that you handle the situation. (Who the heck am I?)

Note: This isn't guidance on how to avoid a blacklisting or sidestep anti-spam groups. If you have a spam issue, fix it. Don't spam, ever, for any reason. This is information is regarding how to address an issue with a blacklist that is very aggressive at listing non-abusing IP addresses and networks, with no published, attainable path to resolution.

- read it at: http://www.dnsbl.com/2007/08/what-to-do-if-you-are-listed-on-apews.html

________________________________________________________________________________

Link to comment
Share on other sites

  • 2 weeks later...

How will my IP address be remove from apews.org?

Oooops 63.166.XXX.XX is currently listed in APEWS :-(

Entry matching your Query: E-435726

63.166.XXX.0/21CASE: C-17

Spambots, zombies, contaminated CIDR, bad reputation providerHistory:

Entry created 2010-12-10

Link to comment
Share on other sites

There is no connection between SpamCop.net and APEWS. However, because the APEWS FAQ was apparently misunderstood, the following data is provided;

______________________________________________________________________________

Considering the current behavior and management of the APEWS blacklist, we can only agree with the advice given at Al Iverson's DNS RESOURCE -

If you are listed on the APEWS blacklist, as confirmed by checking their website, here's how I would recommend that you handle the situation. (Who the heck am I?)

Note: This isn't guidance on how to avoid a blacklisting or sidestep anti-spam groups. If you have a spam issue, fix it. Don't spam, ever, for any reason. This is information is regarding how to address an issue with a blacklist that is very aggressive at listing non-abusing IP addresses and networks, with no published, attainable path to resolution.

- read it at: http://www.dnsbl.com/2007/08/what-to-do-if-you-are-listed-on-apews.html]

________________________________________________________________________________

Link to comment
Share on other sites

  • 2 months later...

There is no connection between SpamCop.net and APEWS. However, because the APEWS FAQ was apparently misunderstood, the following data is provided;

______________________________________________________________________________

Considering the current behavior and management of the APEWS blacklist, we can only agree with the advice given at Al Iverson's DNS RESOURCE -

If you are listed on the APEWS blacklist, as confirmed by checking their website, here's how I would recommend that you handle the situation. (Who the heck am I?)

Note: This isn't guidance on how to avoid a blacklisting or sidestep anti-spam groups. If you have a spam issue, fix it. Don't spam, ever, for any reason. This is information is regarding how to address an issue with a blacklist that is very aggressive at listing non-abusing IP addresses and networks, with no published, attainable path to resolution.

- read it at: http://www.dnsbl.com/2007/08/what-to-do-if-you-are-listed-on-apews.html]

________________________________________________________________________________

Link to comment
Share on other sites

Further comment (just a suggestion, again nothing to do with SpamCop) - you might like to check the results at http://www.senderbase.org/lookup/domain?se...ring=nus.edu.sg (if that's yours, none of us can actually be sure).

Looks like you have a few dynamic allocations that are listed on the CBL. Those have links to the CBL and identify problems observed. None of that should affect your designated outgoing servers but, while you're at it ...

Examples on the first page

http://cbl.abuseat.org/lookup.cgi?ip=137.132.3.9 ("This IP is infected with, or is NATting for a machine infected with Win32/Zbot (Microsoft). ")

http://cbl.abuseat.org/lookup.cgi?ip=137.132.3.10 ("This IP is infected with, or is NATting for a machine infected with Win32/Zbot (Microsoft). ")

... there may be others on subsequent results pages.

Also have a look at senderscore.org - metrics are not brilliant, may be showing problems with your mail exchange which would be more relevant - but then you've probably already caught up with whatever was happening with that if you're looking at APEWS delisting:

https://www.senderscore.org/lookup.php?lookup=137.132.14.18&ipLookup=Go

https://www.senderscore.org/lookup.php?lookup=137.132.14.19&ipLookup=Go

https://www.senderscore.org/lookup.php?lookup=137.132.14.28&ipLookup=Go

https://www.senderscore.org/lookup.php?lookup=137.132.14.29&ipLookup=Go

Good luck.

Link to comment
Share on other sites

O/P hasn't logged in since replies posted. senderscore.org metrics haven't been updated but CBL have added some amended comment to the two observations referenced above, following further detections.

This IP address is infected with, or is NATting for a machine infected with Pushdo. Pushdo is a DDOS trojan - meaning that it was (at least of the timestamp given above) participating in a HTTP-based (web protocol) distributed denial of service attack on web server.

REMEMBER: Pushdo is a HTTP (web), NOT Email, DDOS tool. The attacks are on port 80

Pushdo is usually associated with the Cutwail spam trojan, as part of a Zeus or Spyeye botnet. Together, this provides the attacker with DDOS, email spam, and information theft capabilities. This is something you really want to get rid of. But remember, we detected this specifically by the DDOS traffic to a web server.

Some scary stuff going down on t'interwebz at the moment.

Link to comment
Share on other sites

Hi Team,

For your information our all Outgoing IP's got blocked at apews.org. Need your advice how to unblock the Ip's.

We have checked all the mentioned link which you have posted and looks normal

Thanks

Your "senderbase score" needs to over 90 or someone is hitting spamtraps

https://www.senderscore.org/lookup.php?look...amp;ipLookup=Go

https://www.senderscore.org/lookup.php?look...amp;ipLookup=Go

https://www.senderscore.org/lookup.php?look...amp;ipLookup=Go

https://www.senderscore.org/lookup.php?look...amp;ipLookup=Go

You need to advise your email marketers to confirm email address's, only respond to email address's that reply confirming that address and wish to receive email (must have a WORKING unsubscribe)

http://en.wikipedia.org/wiki/Opt-in_email

Just bombing email address's makes YOU and marketeer hated

The secret to get off blocklists is not to get on them

Link to comment
Share on other sites

Linear posts 6 and 7 merged from "new" topic which appears to be the same as existing. Unless there is some indication of SpamCop blocklist involvement this will he moved to the lounge, the only indication so for has been APEWS listing and, as we have said, that is nothing to do with SC.

There is no indication any of the further advice has been understood or acted upon - srikardavuluri please IGNORE APEWS blocking as clearly advised in the references provided - can you nominate a single significant destination that is actually using that BL to block mail delivery?

At the same time, if you are nus.edu.sg (we're not sure and you're not saying so far) the CBL is showing evidence of compromised machines on your network which might actually affect the deliverability of e-mail from your network - but nothing involving SpamCop. People are still interested in offering advice but really you are giving us nothing to work with at this point.

Don't hesitate to query anything you are not understanding.

srikardavuluri - answering Derek T's query at 85408[/snapback] above "Which IP's? Which blocklist?" would be a good way to progress if you want to tap into the experience of members here. You have real issues more immediate than the inconsequential APEWS listing (if you are nus.edu.sg) as petzl and I are trying to tell you.

Link to comment
Share on other sites

Hi Farelf,

Can you please provide your email address or the contact number so that we will contact you for the domain blocking issue

Thanks

Well, this is a public forum whereby we all try to learn as we go through open discussion, but we can all understand some matters are best not discussed in public - sending PM.
Link to comment
Share on other sites

Hi Team,

We are from NUS Singapore,Below are the Ip address got blocked in the apews.org and also provided the blocked URL when one of our user try to send the email

137.132.14.25

137.132.14.26

http://www.apews.org/?page=test&C=1402...p=137.132.14.25

Can you please assist to delist the IP address

Thanks

http://www.apews.org/

abuse[at]apews.org

Might pay to ask if they are still alive?

This guy Al Verson (knowledgeable) has his doubts

http://www.dnsbl.com/2007/08/what-to-do-if...d-on-apews.html

APEWS IP is 208.83.212.43 contact PDIBENEDETTO[at]datacenterscanada.com

The site expire December this year

Expiration Date:27-Dec-2013 19:25:43 UTC

Unless reneWed

Link to comment
Share on other sites

I can only repeat what I have said before - APEWS is NOT your problem and SpamCop has nothing to do with it anyway. Please re-read previous posts. Consult:

http://multirbl.valli.org/dnsbl-lookup/137.132.14.25.html

http://multirbl.valli.org/dnsbl-lookup/137.132.14.26.html

Note the comments there:

APEWS Level 2 l2.apews.org Listed

Comment: Don't worry. No one is using this block list to filter email.

There are other blocklists you should be more concerned about as indicated by the multirbl.valli.org results, also your SenderScore metrics are not good for assured e-mail deliverability.

Both outgoing servers (as you designate them) have the same servername in their pointer records which may not be helping (I don't know but servernames are usually unique within a network):

C:\Documents and Settings\Admin>nslookup -type=ptr 137.132.14.25 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

25.14.132.137.in-addr.arpa name = exch-out.nus.edu.sg

C:\Documents and Settings\Admin>nslookup -type=ptr 137.132.14.26 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

26.14.132.137.in-addr.arpa name = exch-out.nus.edu.sg

C:\Documents and Settings\Admin>

Talk to your IT people (ccenet[at]nus.edu.sg). And those are not your only outgoing servers.

Back to SenderScore.org. 58 domains are logged as sending through 137.132.14.25 (could be many more). Hardly any of them are using any form of authentication. Any of them could be sending spam and some certainly are. Similarly 41 domains are logged through 137.132.14.26.

From the CBL via SenderBase.org - other servers are sending direct to the internet from the nus.edu.sg network and some of those "appear(s) to be infected with a spam sending trojan, proxy or some other form of botnet." Currently:

http://cbl.abuseat.org/lookup.cgi?ip=137.132.3.9

http://cbl.abuseat.org/lookup.cgi?ip=137.132.3.10

http://cbl.abuseat.org/lookup.cgi?ip=137.132.228.5

http://cbl.abuseat.org/lookup.cgi?ip=137.132.250.13

http://cbl.abuseat.org/lookup.cgi?ip=137.132.250.14

Note the CBL pages offer extensive and often specific advice on clearing up infections - at both the individual machine and network levels.

There is a possibility many others are infected but as yet undetected - including 137.132.14.25 and 137.132.14.26 and/or machines sending through them.

Your mail exchangers designated in your nus.edu.sg domain DNS records are (as noted earlier by petzl)

mailc.nus.edu.sg (137.132.14.18)

maild.nus.edu.sg (137.132.14.28)

maila.nus.edu.sg (137.132.14.19)

mailb.nus.edu.sg (137.132.14.29)

Those also operate as outgoing servers, when they identify themselves as

mail3.nus.edu.sg (137.132.14.18)

mail4.nus.edu.sg (137.132.14.28)

mail1.nus.edu.sg (137.132.14.19)

mail2.nus.edu.sg (137.132.14.29)

I'm no expert but that doesn't seem kosher to me - but who knows?

Contact your IT people to do something to fix your e-mail problems - otherwise they can only get worse. Apart from pointing out the apparent anomalies which might contribute to those problems and the more likely causes and sources of blocking, I'm afraid nobody here can do much more for you. Certainly we cannot help with any de-listing. Least of all with the lame APEWS.

You can confess now that you're just a bored student having a laugh, if you want to. Well, I suppose your e-mail service doesn't actually give you a lot to laugh about - but it's probably better than many.

S

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...