Luniz Posted February 8, 2005 Posted February 8, 2005 Ok, about an hour ago I realized that my emails/IP got blocked. I got no mail with a report that somebody blocked me (i read sth about it on spamcom.net that i should). I don't have any viruses. I don't send spam and I'm a good boy. Why? My IP is 212.30.95.247... thanks for help..
Merlyn Posted February 8, 2005 Posted February 8, 2005 Senderbase says mail from this IP is up 15725% in the last day. That machine has probably got a trojan or some kind of open proxy or some other malfunction on it but it is surely being used to send spam! abuse complaints would go to abuse[at]siol.net Are you abuse[at]siol.net???
Luniz Posted February 8, 2005 Author Posted February 8, 2005 nope, i have nothing to do with anything ˇ[at]siol.netˇ.... i did have an account (it is still mine) but haven't used it in a year and it's not even configured in my Mozilla Thunderbird. I even don't know how a complaint could go to the abuse[at]siol.net as SiOL and Link are a competition to each other (two completly different ISP)..?? Did my ISP get that report or what? If yes, I will call him in the morning and see what's up...........
Merlyn Posted February 8, 2005 Posted February 8, 2005 Using the Spamcop Parser I received this: Parsing input: 212.30.95.247 host 212.30.95.247 = node.247.lc.link.si. (cached) [report history] Routing details for 212.30.95.247 [refresh/show] Cached whois for 212.30.95.247 : abuse[at]siol.net Using abuse net on abuse[at]siol.net abuse net siol.net = abuse[at]siol.net Using best contacts abuse[at]siol.net
agsteele Posted February 8, 2005 Posted February 8, 2005 I even don't know how a complaint could go to the abuse[at]siol.net as SiOL and Link are a competition to each other (two completly different ISP)..?? Did my ISP get that report or what? If yes, I will call him in the morning and see what's up........... 24101[/snapback] It might help to explain how your mail system is configured and working. That might give some extra assistance in diagnosing what is going on for you. Just explain which programs you are using and which servers (and if possible IP addresses) you are using to send your Email. Andrew
Luniz Posted February 8, 2005 Author Posted February 8, 2005 It might help to explain how your mail system is configured and working. That might give some extra assistance in diagnosing what is going on for you. Just explain which programs you are using and which servers (and if possible IP addresses) you are using to send your Email. Andrew I'm using Mozilla Thunderbird. I have two accounts there 1) XXX[at]link.si server name: pop3.link.si 2) XXX[at]gimb.org server name: gw.gimb.org Both use the same SMTP - smtp.link.si About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP) is this any help?
agsteele Posted February 9, 2005 Posted February 9, 2005 Both use the same SMTP - smtp.link.si About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP) 24107[/snapback] OK, it does help in so far as the source of your block seems to become a bit more clear. smtp.link.si is 212.30.95.20 There appears to be no particular issue with that IP so that rukes out a listing upstream from you. You have observed that your local IP is 212.30.95.247 and, as Merlyn has noted, that IP is generating excessive amounts of Email - probably infected by a Trojan. This IP is still generating massive amounts of outgoing Email. Your IP has been listed in a number of blocklists and is noted as having sent spam to spam traps. The SpamCop bl is still showing you listed for this reason. You need to disconnect your PCs from the Internet, investigate which (if you have more than one) are infected with a trojan and fix that machine. Then update your security settings to tackle this issue. Thanks for being willing and interested in resolving the problem. Andrew
Derek T Posted February 9, 2005 Posted February 9, 2005 About the IP adresses that I use when sending..I don't know them ? I tought that the 212.30.95.247 is my IP (it's a static IP) is this any help? 24107[/snapback] If that is your static IP connected to a DSL line, then the spammers have more control of your computer than you do. What OS are you running? Firewall? antivirus? spybot-control?
Luniz Posted February 9, 2005 Author Posted February 9, 2005 If that is your static IP connected to a DSL line, then the spammers have more control of your computer than you do. What OS are you running? Firewall? antivirus? spybot-control? Yes, that satic ip is connected to a Cable line. There are two computers on this IP connected to the web over a router. Both are using WinXp. Mine has: NOD32, AVG 7.0, Microsoft AntiSpyware, and Ad-Aware. The other one has only the Norton Antivirus (I'd have to check tough). The firewall on router is on. damn it, this sucks
agsteele Posted February 9, 2005 Posted February 9, 2005 damn it, this sucks 24119[/snapback] Yes, it certainly does. You might find it is just one of the machines that has the problem. My suggestion - since you don't mention it - is to install ZoneAlarm on both machines. That should immediately block all outbound traffic asking for permission for any programs that want to access the wider area network. You should then be able to identify which machine has the trojan running. Andrew
Luniz Posted February 9, 2005 Author Posted February 9, 2005 I've just installed ZoneAlarm on my computer and will install it on the other sometime today. Thanks for all the help. Sergej
Luniz Posted February 9, 2005 Author Posted February 9, 2005 ok..i had to uninstall Zone Alarm is it somehow killed my keyboard (when I turned it on, the keyboard wouldn't write in IE but just used letters as shortcuts :S) if i check my ip on Spamcop.net, i get that it is not listed anymore... tough if i try to send mail with Thunderbird, it says (after about 2min of trying to send it) that the server may be unavailable or refusing SMTP connections and that I should ckech if my settings are ok (which weren't changed..) any idea?
Luniz Posted February 9, 2005 Author Posted February 9, 2005 ok..it works..but i had to turn the router firewall off (not all, just SMTP) otherwise it wouldn't let me send out anything..
Derek T Posted February 9, 2005 Posted February 9, 2005 ok..it works..but i had to turn the router firewall off (not all, just SMTP) otherwise it wouldn't let me send out anything.. 24127[/snapback] This might be useful to you. https://grc.com/x/ne.dll?bh0bkyd2 will scan your IP for open ports etc.
Derek T Posted February 10, 2005 Posted February 10, 2005 ok..i had to uninstall Zone Alarm is it somehow killed my keyboard (when I turned it on, the keyboard wouldn't write in IE but just used letters as shortcuts :S) any idea? 24126[/snapback] 1. I had problems with zone alarm blocking internal LAN traffic, settled for Sygate Personal Firewall (also free) in the end. 2. I'm surprised that a Thunderbird user is still using IE! Why not Firefox? 3. Is it possible that it is your router itself (rather than a PC on your LAN) that is hacked? Mine came out of the box showing an HTTP port (among others!) to the world and with the default username/password enabled. Anyone downloading the manual could have changed any or all of my settings remotely! Is yours wireless?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.