Jump to content

ISP blocked


gerr64
 Share

Recommended Posts

I'm hoping this thread will be noticed over at ripplehost, where I posted the link. It's hard to for me to tell how much effort the admin over there has to go through, or is willing to go through to get it resolved. If it is a formmail hack, it seems it would be a easy fix for him though.

Link to comment
Share on other sites

Thanks.

I haven't a clue what all this means, but I will post this thread on the ripplehost.com forum and see what happens.  Apparently the owner there is either unable or unwilling to solve this.

16721[/snapback]

It looks like some sort of PHP exploit -- or cgi exploit. I see spam received today at a trap. This line is of interest:

Received: from nobody by server1.ripplehost.com with local ...

I have no idea whether your hosting company provides scripts for their users or allows users to install and use whatever scripts that they want to use. Formmail scripts are (or were) frequently abused but I believe there are other vulnerable scripts also.

Link to comment
Share on other sites

Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

When it was on the BL last week, Spamcop was the only one to list it when I input their IP 69.72.225.234 into

http://www.dnsstuff.com/tools/ip4r.ch?ip=69.72.225.234+

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds:

PTR "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

Link to comment
Share on other sites

Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds: 

PTR  "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

16994[/snapback]

1. The nature of the beast. SpamCop is very easy to get onto and off! It's realtime and aims to block current spews as quickly as possible, de-listing when the spew stops. Other lists have other criteria for listing and are slower to react; some require a donation to charity to get off, others you can never get off.

2. It's a big problem if you want to mail someone whose admin won't accept mail without rDNS! Statistically, it's probably not such a big problem in practical terms BUT it is RFC-ignorant and should be corrected.

Link to comment
Share on other sites

Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Don't expect it to last very long! Ripplehost is total crap (remember, you get what you pay for). Here's proof...when you first posted this topic, none of us could access "www.ripplehost.com," which left us scratching our heads a bit. The scratching can stop. It seems that the idiot who runs Ripplehost forgot to renew his domain name in a punctual manner, so it went inactive!

You should run away from that host as fast as you can. Failing that, expect further problems.

DT

Link to comment
Share on other sites

Ripplehost is no longer on spamcop's BL, not sure why, but it is good news.

Couple of questions:

When it was on the BL last week, Spamcop was the only one to list it when I input their IP 69.72.225.234 into

http://www.dnsstuff.com/tools/ip4r.ch?ip=69.72.225.234+

Why would spamcop and not other lists have this hosts IP listed?

Also, the spam database still responds: 

PTR  "69.72.225.234 has no reverse DNS entry; some mail servers may not accept your mail"

Is this a big problem, or would most mail servers accept email from Ripplehost anyway?

16994[/snapback]

That IP was blocked but then automatically delisted after 48 hours. There was spam to the spamtraps from that server -- looks like it might have been an insecure proxy/cache or scri_pt on the server.

Every blocklist has different or slightly different criteria for listing - some list for open proxies, some for open relays ... SpamCop lists based on reports of spams from our users and to our spamtraps -- regardless of the reasons for the spam.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...