Jump to content

unblock my IP


helpline
 Share

Recommended Posts

Hello Sir,

My IP is 66.216.122.76. It appears that you have blocked this IP. our clients cannot send out mail. Please immediately unblock this IP. we are ready to follow all your instructions and suggestions.But please imdiately unblock the above given IP . looking forward for positive reply .

Link to comment
Share on other sites

66.216.122.76 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

DNS error: 66.216.122.76 is alicia.netpivotal.com but alicia.netpivotal.com is 65.61.185.241 instead of 66.216.122.76

Listing History

It has been listed for 24 hours.

Spamtrap hits are a bad sign!

You also have a large increase in the volume of traffic:

Report on IP address: 66.216.122.76 

Volume Statistics for this IP 

Magnitude Vol Change vs. Average

Last day 4.6 1178%

Last 30 days 3.8 83%

Average 3.5

That too is a bad sign. You may be using a hijacked/compromised machine. Have you read the FAQs?

Edited by dra007
Link to comment
Share on other sites

It really doesn't work like that. The posting IP of this user is far, far removed from the IP in question, so I can't even come up with a relationship between the requestor and the system in question.

As already suggested, the identified IP has all the marking of a compromised system. Either solve the problem if it is under your control or ask the hosting provider to step in.

The SpamCopDNSBL does not prevent you from sending e-mail. It is a list of spam-spew source IP addresses used by other ISPs to try to control the amount of spam entering their systems. Removal from this list will occur somewhere from one-half hour to 48 hours ... after the spew stops. You must do your work first.

Link to comment
Share on other sites

Hello Sir,

My IP is  66.216.122.76. It appears that you have blocked this IP. our clients cannot send out mail. Please immediately unblock this IP.  We are ready to follow all your instructions and suggestions.  But please imdiately unblock the above given IP . looking forward for positive reply .

18843[/snapback]

I suggest that you unplug the network cable from the back of the machine until you figure out how to secure your machine. The block will be removed no more than 48 hours after your machine stops sending spam.

Research indicated that the machine as been compromised with "Backdoor.Xibo"

See also: SORBS and PSBL

Sample Header from messages: (Evidence) -- Looks like your machine is sending eBay Phishing scams...

From anonymous[at]alicia.netpivotal.com Mon Oct 11 17:35:28 2004

Delivery-date: Mon, 11 Oct 2004 17:35:28 -0400

Received: from [66.216.122.76] (helo=alicia.netpivotal.com)

by mail.victim.example with esmtp (Exim 4.41)

id 1CH7pI-0006fa-0x

for psbltrap[at]kernelnewbies.nl; Mon, 11 Oct 2004 17:35:28 -0400

Received: (qmail 15002 invoked by uid 48); 11 Oct 2004 21:29:22 -0000

Date: 11 Oct 2004 21:29:22 -0000

To: psbltrap[at]kernelnewbies.nl

Subject: Important Notice From eBay inc.

From: eBay Billing <aw-confirm[at]eBay.com>

Reply-To: aw-confirm[at]eBay.com

MIME-Version: 1.0

Link to comment
Share on other sites

Please unblock our IP and let us know the particular account that is responsible for spamming . we will take care of it. But please first unblock the IP .

18846[/snapback]

Since it appears that the machine itself has been compromised it may not actually be an account within your mail server software package. You'll want to look at your firewall logs. You do have a firewall, right?

Link to comment
Share on other sites

It really doesn't work like that.  The posting IP of this user is far, far removed from the IP in question, so I can't even come up with a relationship between the requestor and the system in question.

18848[/snapback]

How far away is it?

The IP in question 66.216.122.76 is alicia.netpivotal.com and if you go to alicia.netpivotal.com you end up at www.onlywebhosting.com which is 65.61.185.240

Is that far enough away?

Link to comment
Share on other sites

Rackspace in Texas is what I recall from yesterday .... and the other place is the current U.S. tech "favorite" outsourcing spot.

While their server is indeed hosted by Rackspace, their postal address is in London, but from the mangled English, I'm guessing that the OP is from India.

One of the companies hosting sites I'm involved with outsourced their support to India a while back, and it's caused a LOT of problems (bad answers, incompetence, etc.). Symantec has done the same, and that's causing them to lose a lot of business, because the support from India is so bad. My bank gets their "portal" services from a company with most of its workers in India, and I've received infected email messages at the address I created only for use by the bank, and the infected messages came from India. I know of the case of an Silicon Vally tech worker who committed suicide after having to train his replacement (who was in India).

I will NOT do business with any more companies who outsource their support to India...period.

DT

Link to comment
Share on other sites

66.216.122.76 has too much spam coming from it! It is already in many blocklists. You will stay listed as long as spam keep coming from this machine.

I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes.

Please secure your machine.

mail output from this machine is up 1,205% today.

Learn how to check your logs.

Spammers are currently using your machine.

Link to comment
Share on other sites

I am not sure he can block them if they are not originating from his site/email server. There are 154 others sharing that server that he has no control over.

Wait...he might be an outsourced Tech Support admin for the Rackspace box, assuming that whoever leases the box has contrated one of the horrible companies in India who do that. That would put his answer in a logical context. They might allow POP before SMTP authentication, so his comment about blocking the IP refers to the particular user who was using SMTP on the box to spam.

However, if this scenario is correct, then the admin should also be able to determine which hosting client is responsible and do more than just block a single source of spam. But I'll be darned if I spend one more minute doing anything that remotely helps someone in India who is doing a job that should be located right here in the U.S.A.

DT

Link to comment
Share on other sites

I have blocked the IP ,that showed frequent occurance in maillog. I hope this helps in decreasing amount of spam.

I'm thinking that blocking a single IP address seems like an awfully small "fix" for what appears to be such a large problem. Has the DNS issue been resolved yet?

DNS error: 66.216.122.76 is alicia.netpivotal.com but alicia.netpivotal.com is 65.61.185.241 instead of 66.216.122.76

http://www.senderbase.org/?sb=1&searchBy=d...=netpivotal.com includes a little factoid of;

Addresses in netpivotal.com used to send email

address ........... hostname ............. DNS Verified Daily Mag .. Monthly Mag

66.216.122.76 .. alicia.netpivotal.com .. N ............. 4.6 ............ 3.8

So as has been hinted at a number of times in this Topic, are you the sole user of the machine at this IP address? Are you employed by netpivotal or are you just one of the users of this hardware? Do you have direct access to this machine?

Link to comment
Share on other sites

OK, let's add some more to the mix of unknowns here. From an unknown "new" user, that makes no attempt at identifying his/her status or association with the "problem" IP / system, I receive the following PM;

Hi Wazoo,

RE: http://forum.spamcop.net/forums/index.php?showtopic=2864

We have now narrowed down the account that was causing the spam and have disabled his account. The account was sending email using PHP which made it hard to narrow down. Could you please now remove this thread from your forum.

To which, I will answer "here" ..... nope ... it doesn't work like that ... and besides;

IP is still listed in the SpamCopDNSBL

SenderBase http://www.senderbase.org/?searchBy=ipaddr...g=66.216.122.76 currently shows;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.8 ........... 1941%

Last 30 days .. 3.9 ............ 141%

Average ........ 3.5

Which is up from yesterday's "Vol Change" of 1025%

So, to both helpline and AdamF .... from this side of the screen, there is still more than just a single account (or is it two accounts now?) that needs to be taken care of .... this box needs some serious attention. Questions asked here are still left wide open, so it's hard to come up with suggestions on just who you folks might need to contact. If this box is under "your" control, I'd say it's time to take it down, reformat, reinstall, and add user accounts only after verifying that these are real accounts (if this is the only issue you seem to be able to track down)

For completeness, my actual PM reply is also provided;

Sorry, it doesn't work like that.  Responded (and included this in that response) in that Topic.  As said there, I don't have a clue as to who you (or helpline) may be, and the issue appears to be more than just one (or is it teo now) acounts.  Can you provide answers to questions already posed and not answered within that Topic?  Please provide them within that Topic.
Link to comment
Share on other sites

Hello Sir,

I have blocked the IP ,that showed frequent occurance in maillog. I hope this helps in decreasing amount of spam.

18886[/snapback]

You need to fix the problem, not just put a band-aid on it. They could just inject from a different IP....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...