Help needed to stop electronic attackers

[cosmos2000]

Hi Merlyn and StevenUnderwood,

Thanks for reply and help.

Actually, http://www.chez.com/cosmos2000/Numbers/666.html is the main site from WebSpace provider «chez.com». This URL have frame and non confortable Ads.

CO.NR is just a domain name provider; CO.NR don't provide WebSpace.

Main advantage of http://www.666myth.co.nr is redirection and access to main site with NO frame and NO Ads. This short URL is the one used for publication in Spiders and Search Engines.

But what this mean ?!? ... spam report or/and "spamvertising" ?!? ...

Resolved chez.com to 213.36.127.5

From another list here is some spam reported from 213.36.127.5

Moreover, I really don't understand the content of this other list linked to year 2005, because since decembre 2004 up to today, domain http://www.666myth.co.nr was closed.

[StevenUnderwood]

Moreover, I really don't understand the content of this other list linked to year 2005, because since decembre 2004 up to today, domain http://www.666myth.co.nr was closed.

I think Merlyn was trying to point out that the machine that is now hosting your website has recently been used to send spam to the world. I just did a simple port scan and found there is not even an SMTP server running on that IP (FTP and HTTP only). There is a possibility that there is a virus on that machine or some other insecurity that allows spammers to use that machine to send their crud. I do not believe these are spamcop reports from that address, however, at least none that I can find. Another possibility is that this machine is hosting other spammers and the "spam reported from 213.36.127.5" are actually reports of spamvertized sites, similiar to your original problem.

[Merlyn]

Actually this was the originating IP of the spam

See: http://bl.csma.biz/cgi-bin/listing.cgi?ip=213.36.127.5

The lastest is very recent.

[StevenUnderwood]

Actually this was the originating IP of the spam

OK, Thanks for the update. I find it odd however that there are NO recent reports for this same IP on spamcop. Small targetted spam run?

Parsing input: 213.36.127.5

host 213.36.127.5 = www.chez.com (cached)

No recent reports, no history available

Although senderbase is currently showing very high numbers for that host (1815% 1d and 709% 30d):

http://www.senderbase.org/?searchBy=ipaddr...ng=213.36.127.5

[cosmos2000]

My God! Another bad news ... Anyway, thanks for pointing it to me.

I think Merlyn was trying to point out that the machine that is now hosting your website has recently been used to send spam to the world. I just did a simple port scan and found there is not even an SMTP server running on that IP (FTP and HTTP only). There is a possibility that there is a virus on that machine or some other insecurity that allows spammers to use that machine to send their crud.

If one clicks on URL http://www.chez.com/ there is an aotomatic redirection to:

http://www.chez.tiscali.fr/

Chez.com was bought by TISCALI, one of biggers French ISP (located in Paris).

So, this server seems troubleful if StevenUnderwood notice that:

there is not even an SMTP server running on that IP

What must I do now ??? Change hosting server?

[StevenUnderwood]

I would at least bring this to the attention of their support staff.

Mention that the web server seems to be sending lots of email messages (the senderbase link), some of which are spam (the csma link).

It is possible to be sending valid messages and not be running an SMTP server, a scripted web page, for instance, but the subjects in the csma link are definitely spammy.

[cosmos2000]

StevenUnderwood,

Thanks kindly for the advice.

Have a good night.

[Merlyn]

Good luck Cosmos2000!

I would find a better hosting site if I were you.