Jump to content

Help........


Mr.Spireite
 Share

Recommended Posts

It sounds to me from Ellen's post, from his friend getting several emails from a forged email address that doesn't exist, his problems in finding his site, and his general ignorance of email and website functioning, that a virus has picked up his domain name and the fact that he can't find his website is unrelated.

Apparently the spamcop report was a virus (from Ellen's comment and his ISP's comment about spamcop needing to be more careful), but if the ISP knew that, they didn't shut his site down. (Is it possible that if he has the virus, that he would have connectivity problems?)

Let's hope that he learns something along the way. To read his posts is like watching a driver drifting back and forth across the Interstate at 70 mph because she is putting on mascara while talking on the cell phone or he is shaving while reading the road map. Scary!

Miss Betsy

Link to comment
Share on other sites

It sounds to me from Ellen's post, from his friend getting several emails from a forged email address that doesn't exist, his problems in finding his site, and his general ignorance of email and website functioning, that a virus has picked up his domain name and the fact that he can't find his website is unrelated.

16705[/snapback]

I have to rely on guessing based on a lack of information.

And right now, things are failing a few sanity checks.

What happens now, my Ip address that was reported was 195.92.193.211 www.aspire-radio.com

16459[/snapback]

Resolved www.aspire-radio.com to aspire-radio.com. to 66.194.40.119

[www.aspire-radio.com has 1 MX record aspire-radio.com.(0)]

Resolved aspire-radio.com to 66.194.40.119

Has www.aspire-radio.com found a new host?

It appears that there is a virus spoofing the e-mail address, and some people may be making manual reports or abusively bouncing the virus to the ISP. If the ISP staff is not competent, they may take the wrong action. This would be a cascade of failures.

And then there is the spamcop.net report:

Apparently the spamcop report was a virus (from Ellen's comment and his ISP's comment about spamcop needing to be more careful), but if the ISP knew that, they didn't shut his site down.  (Is it possible that if he has the virus, that he would have connectivity problems?)

16705[/snapback]

Parsing input: 195.92.193.211

host 195.92.193.211 = cmailm4.svr.pol.co.uk (cached)

A mail server is also hosting user's web sites? It is possible, but generally I would expect that for a large ISP these functions would be on different servers.

And in any case,

A few worms use an MX to relay, but most go direct to MX. So the headers of the worm that Ellen seems to have would have to be examined to see if a mail forwarder was involved, and the parser did not look back far enough.

Otherwise, the reverse DNS indicates that a mail server got infected with a virus. And that the virus was spoofing the aspire-radio.com e-mail address.

I think that Ellen might want to look at that report again and verify where the virus really came from.

Something just does not match here.

Google Groups report for 195.92.193.211

And

MAPS OPS spam database

Show a bit of apparent muti-hop spam being reported from that I.P. address. All of it older than what should affect this thread though.

-John

Personal Opinion Only

Edited by WB8TYW
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...