diamond Posted January 4, 2006 Posted January 4, 2006 Hi , First of all happy new year please do forgive my English language if I run some mistakes it is a second language> I have a website ,and for one week ago I discovered that my email is blocked and blacklisted > I talked with the host server and after they checked they told me that 2006-01-03 12:07:13 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 : 2006-01-03 12:07:14 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 : 2006-01-03 12:07:14 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 : Till now am trying to understand why?? I didn't sent letters except in the holidays I sent to all the members in my site to congratulate them and this is normal. What shall I do to be unlisted in the black list?? This is horrible Thanx alot Best regards Please do explain to me
Miss Betsy Posted January 4, 2006 Posted January 4, 2006 First of all: Happy New Year to you! Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam about 940 times in the past week I am not expert. Someone uses your host server and that someone is infected with a trojan. A trojan is secretly placed on someone's computer by a spammer. The spammer then sends lots of spam through the infected computer. Do you have a good anti virus program on your computer? If you do, then the infected computer is probably not yours. It belongs to someone else who sends mail through your host server. Your host server should be able to see the SpamCop reports. Talk to your host server again. Your host server should be giving you good email service. Your host server needs to tell this person to fix his computer. I am sad for you. The good news is you can get it fixed. Miss Betsy Merlyn is server administrator (next post). It is probably not an infected computer. Your host server is also hosting spammers. You should get another host server.
Merlyn Posted January 4, 2006 Posted January 4, 2006 First of all that machine on 58.20.160.82 has no reverse DNS and many mail servers will and should refuse mail from it. Repost history below and it does not look good. This machine is used to send spam for cosmshop.com (Ruslan Ibragimov / send-safe.com) one of the biggest spammers on the internet. See spammers details here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35198 Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam about 940 times in the past week This machine should be unplugged from the internet! Also: Other hosts in this "neighborhood" with spam reports 58.20.160.3 58.20.160.67 58.20.160.68 58.20.160.71 58.20.160.73 58.20.160.74 58.20.160.79 Report History: -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 3:38:19 PM -0500: you can get double effect for your friend 1609488932 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609488925 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609488909 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 3:28:38 PM -0500: you can get double effect for your friend 1609474368 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: postmaster[at]isp-thailand.com 1609474346 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: abuse[at]isp-thailand.com 1609474324 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: chatree[at]isp-thailand.com 1609474289 ( 58.20.160.82 ) To: spamcop[at]imaphost.com 1609474252 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609474231 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609474204 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 3:25:08 PM -0500: you can get double effect for your friend 1609469839 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: abuse[at]isp-thailand.com 1609469812 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: chatree[at]isp-thailand.com 1609469783 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: postmaster[at]isp-thailand.com 1609469751 ( 58.20.160.82 ) To: spamcop[at]imaphost.com 1609469709 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net 1609469685 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609469663 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 3:18:48 PM -0500: you can get double effect for your friend 1609475368 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609475333 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609475321 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 2:40:54 PM -0500: you can get double effect for your friend 1609420237 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net 1609420233 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609420225 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 2:40:05 PM -0500: you can get double effect for your friend 1609416605 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609416601 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609416590 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 2:37:34 PM -0500: you can get double effect for your friend 1609426757 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609426745 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609426727 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 2:28:02 PM -0500: you can get double effect for your friend 1609445011 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609445006 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net 1609444983 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 1:52:16 PM -0500: you can get double effect for your friend 1609416256 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609416248 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net 1609416225 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net -------------------------------------------------------------------------------- Submitted: Wednesday, January 04, 2006 12:33:03 PM -0500: you can get double effect for your friend 1609460383 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net 1609460298 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net 1609460290 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net Other blocklists you are in: + CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=58.20.160.82 -------------------------------------------------------------------------------- + SBL Spamhaus Block List: sbl.spamhaus.org -> 127.0.0.2 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36469 -------------------------------------------------------------------------------- + XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4 http://www.spamhaus.org/query/bl?ip=58.20.160.82 -------------------------------------------------------------------------------- + SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 This is a very big spamming machine! See: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36469 Ref: SBL36469 58.20.160.0/24 is listed on the Spamhaus Block List (SBL) 03-Jan-2006 00:34 GMT | SR02 dirty block 23 total SBL records for this block, three of them recent and live after the block was supposed to have been cleaned out. CNCGroup, what is wrong in this network? Does it need a new administrator? -- 2005-01-02 Bestiality porn spam spamming via virus-infected PC 'botnets': No one wants mail from this entire /24 Hope this helps
dra007 Posted January 4, 2006 Posted January 4, 2006 Seems our OP left quietly in shame after reading Merlyn's post!
diamond Posted January 4, 2006 Author Posted January 4, 2006 ooooooooooooh My server has done all this shameful things My God. nearly I have understood the cause Thank you very Miss Betsy , Merlyn , but another question please Did you mean I should change the hostserver or to transfer my domain to another host cause they are not one> By the way I am not him am her Best regards Randa
Merlyn Posted January 4, 2006 Posted January 4, 2006 Sorry about the him/her thing. This whole block looks like it is full of zonbied machines that the spammers have control of. I am not sure if this is your physical machine and if it is you should check for worms. if I were you I would change hosts but find one that is not blocked all over the internet.
diamond Posted January 4, 2006 Author Posted January 4, 2006 By the way am using now a kaspersky as antivirus program am trying it > when I read the name Ibragimov I remembered kaspersky Let me tell you something Myrlin Tow weeks ago I was trying to know the cause of the problem The hostserver told me nothing wrong with them and my email is working fine and I should go back to the place from which I bought the domain I did it is telelink in my country They told they are not the cause and I should talk with the host server I was keep running for two weeks and it seems the I will continue but now after Ruslan Ibragimov lol > just today and after big test my hostserver gave me the report Thank you again merlyn Am so happy cause you explained to me My best regards and wishes
diamond Posted January 4, 2006 Author Posted January 4, 2006 This whole block looks like it is full of zonbied machines that the spammers sorry I didn't understand What blook and what machines ???? Please let me know should I transfere my domain to another host If it was the cause I only booked a domain from them and I can transfer < But what about the serverhost?? Please
Wazoo Posted January 5, 2006 Posted January 5, 2006 http://www.senderbase.org/?searchBy=ipaddr...ng=58.20.160.82 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ....... 5.7 .. 3098% Last 30 days . 5.1 ... 649% Average ....... 4.2 per the data developed for the SpamCop FAQ "here" at SenderBase's "Magnitude" Explained .... these numbers would be telling a story about e-mail from this server omce averaging 13,000+ emails a day to the current last-24-hours of outgoin traffic sneaking up on 1,000,000 e-mails a day .... "we" are making the assumption that it isn't you that is sending all these e-mails. As the data isn't found in the WHOIS lookup; whois -h whois.apnic.net 58.20.160.82 ... inetnum: 58.20.0.0 - 58.20.255.255 netname: CNCGROUP-HN descr: CNC Group HuNan province network descr: China Network Communications Group Corporation descr: No.156,Fu-Xing-Men-Nei Street, descr: Beijing 100031 country: CN admin-c: CH444-AP tech-c: CH444-AP mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HN mnt-routes: MAINT-CNCGROUP-RR status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ changed: hm-changed[at]apnic.net 20050331 changed: hm-changed[at]apnic.net 20050426 source: APNIC route: 58.20.0.0/16 descr: CNCGroup HuNan province network country: CN origin: AS9929 mnt-by: MAINT-CNCGROUP-RR changed: hm-changed[at]apnic.net 20050427 source: APNIC person: CNCGroup Hostmaster nic-hdl: CH444-AP e-mail: abuse[at]cnc-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China phone: +86-10-82993155 fax-no: +86-10-82993144 country: CN changed: abuse[at]cnc-noc.net 20041220 mnt-by: MAINT-CNCGROUP source: APNIC There is no one here that can actually guess at just what type of network you are actually hosted on or using .. but can note that the CH444-AP (and CH445-AP) 'locations' are world-known for spam traffic. Still playing with trying to figure out an actual connection with the data seen at http://www.senderbase.org/search?searchStr...hestersmail.com .. where exactly are you getting your "hosting" amd "e-mail services" from ...????
Miss Betsy Posted January 5, 2006 Posted January 5, 2006 What blook and what machines ???? IP addresses (xxx.xx.xxx.xx) are arranged in blocks of 24. Hosts 'buy' these blocks. You buy your IP address from the host. machines = computers The computers who use the IP addresses in this block seem to have many, many computers controlled by the spammers. Check your computer to be sure it is not you. Try this free online virus scanner Online Virus checker You share the email server with others so it may be someone else. You also have your internet service provider. the internet service provider lets you connect to the internet. the internet service provider (ISP) will also give you email. You can email from your domain through the host who gives you the domain. The domain email server may be a different email server than your ISP. Therefore, the IP address will be different. I think that 'Yes, you should book your domain with another host.'
Merlyn Posted January 5, 2006 Posted January 5, 2006 This whole block looks like it is full of zonbied machines that the spammers sorry I didn't understand What blook and what machines ???? Please let me know 38866[/snapback] The block I was talking about was the /24 block meaning 58.20.160.0 through 58.20.160.255 which would include your IP. A /24 block has 256 IP's Hers is a simple table to show you the number of IP addresses per block size. (Block size) total-addresses (IP's) /20 4096 /21 2048 /22 1024 /23 512 /24 256 <--- the block you are on in Spamhaus /25 128 /26 64 /27 32 /28 16 /29 8 /30 4 /32 1 Hope this helps
diamond Posted January 5, 2006 Author Posted January 5, 2006 Where do I begin to tell the story of how hard spam can be The sad spam story that is bigger than the sea Where do I start I will start again by thanking for the full details and for your patience > Really you have helped me to understand what is going on around me . I have contacted my ISP provider they said it is not their fault beside the domain host and the server host .No one of them as they said responsibe for what has happened As an answer for Wazoo question my ISP provider is Batelco at Jordan The domain at link.jo As for my hosting , it is with ehostpros and they are very nice people Any how I will change my ISP provider to another one and transfer my domain to another host I hope this will work . Thank you very much and I appreciate it greatly
agsteele Posted January 5, 2006 Posted January 5, 2006 Any how I will change my ISP provider to another one and transfer my domain to another host I hope this will work . Thank you very much and I appreciate it greatly 38893[/snapback] And thanks to you for making the effort to try and understand. I'm sorry you need to change ISPs. However, spammers have spoilt Email for everyone. Andrew
Snowbat Posted January 7, 2006 Posted January 7, 2006 As an answer for Wazoo question my ISP provider is Batelco at Jordan The domain at link.jo As for my hosting , it is with ehostpros and they are very nice people 38893[/snapback] Given the above, it seems very strange that your OUTGOING mail goes through a server in China. Maybe the hosting provider was actually trying to tell you that they've blocked INCOMING spam from that server in China?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.