Jump to content

My domain is blacklisted


diamond

Recommended Posts

Posted

Hi ,

First of all happy new year

please do forgive my English language if I run some mistakes it is a second language>

I have a website ,and for one week ago I discovered that my email is blocked and blacklisted > I talked with the host server and after they checked they told me that

2006-01-03 12:07:13 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 :

2006-01-03 12:07:14 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 :

2006-01-03 12:07:14 H=(chestersmail.com) [58.20.160.82] F=<info[at]top-40-wanadoo.com> rejected RCPT <info[at]roro777.com>: Message rejected because (chestersmail.com) [58.20.160.82] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82 :

Till now am trying to understand why?? I didn't sent letters except in the holidays I sent to all the members in my site to congratulate them and this is normal.

What shall I do to be unlisted in the black list??

This is horrible

Thanx alot

Best regards

Please do explain to me

Posted

First of all: Happy New Year to you!

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 940 times in the past week

I am not expert. Someone uses your host server and that someone is infected with a trojan. A trojan is secretly placed on someone's computer by a spammer. The spammer then sends lots of spam through the infected computer.

Do you have a good anti virus program on your computer? If you do, then the infected computer is probably not yours. It belongs to someone else who sends mail through your host server. Your host server should be able to see the SpamCop reports.

Talk to your host server again. Your host server should be giving you good email service. Your host server needs to tell this person to fix his computer.

I am sad for you. The good news is you can get it fixed.

Miss Betsy

Merlyn is server administrator (next post). It is probably not an infected computer. Your host server is also hosting spammers. You should get another host server.

Posted

First of all that machine on 58.20.160.82 has no reverse DNS and many mail servers will and should refuse mail from it.

Repost history below and it does not look good.

This machine is used to send spam for cosmshop.com (Ruslan Ibragimov / send-safe.com) one of the biggest spammers on the internet.

See spammers details here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35198

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 940 times in the past week

This machine should be unplugged from the internet!

Also:

Other hosts in this "neighborhood" with spam reports

58.20.160.3 58.20.160.67 58.20.160.68 58.20.160.71 58.20.160.73 58.20.160.74 58.20.160.79

Report History:

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 3:38:19 PM -0500:

you can get double effect for your friend

1609488932 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609488925 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609488909 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 3:28:38 PM -0500:

you can get double effect for your friend

1609474368 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: postmaster[at]isp-thailand.com

1609474346 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: abuse[at]isp-thailand.com

1609474324 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: chatree[at]isp-thailand.com

1609474289 ( 58.20.160.82 ) To: spamcop[at]imaphost.com

1609474252 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609474231 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609474204 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 3:25:08 PM -0500:

you can get double effect for your friend

1609469839 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: abuse[at]isp-thailand.com

1609469812 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: chatree[at]isp-thailand.com

1609469783 ( http://bkmghjail.cosmshop.com/?cdefailxssrybkmz... ) To: postmaster[at]isp-thailand.com

1609469751 ( 58.20.160.82 ) To: spamcop[at]imaphost.com

1609469709 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

1609469685 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609469663 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 3:18:48 PM -0500:

you can get double effect for your friend

1609475368 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609475333 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609475321 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 2:40:54 PM -0500:

you can get double effect for your friend

1609420237 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

1609420233 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609420225 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 2:40:05 PM -0500:

you can get double effect for your friend

1609416605 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609416601 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609416590 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 2:37:34 PM -0500:

you can get double effect for your friend

1609426757 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609426745 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609426727 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 2:28:02 PM -0500:

you can get double effect for your friend

1609445011 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609445006 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

1609444983 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 1:52:16 PM -0500:

you can get double effect for your friend

1609416256 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609416248 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1609416225 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 12:33:03 PM -0500:

you can get double effect for your friend

1609460383 ( 58.20.160.82 ) To: abuse[at]chinanet.cn.net

1609460298 ( 58.20.160.82 ) To: abuse[at]cnc-noc.net

1609460290 ( 58.20.160.82 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

Other blocklists you are in:

+ CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=58.20.160.82

--------------------------------------------------------------------------------

+ SBL Spamhaus Block List: sbl.spamhaus.org -> 127.0.0.2

http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36469

--------------------------------------------------------------------------------

+ XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=58.20.160.82

--------------------------------------------------------------------------------

+ SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?58.20.160.82

This is a very big spamming machine!

See: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36469

Ref: SBL36469

58.20.160.0/24 is listed on the Spamhaus Block List (SBL)

03-Jan-2006 00:34 GMT | SR02

dirty block

23 total SBL records for this block, three of them recent and live after the block was supposed to have been cleaned out. CNCGroup, what is wrong in this network? Does it need a new administrator?

--

2005-01-02 Bestiality porn spam spamming via virus-infected PC 'botnets':

No one wants mail from this entire /24

Hope this helps

Posted

ooooooooooooh

My server has done all this shameful things

My God.

nearly I have understood the cause

Thank you very Miss Betsy , Merlyn , but another question please

Did you mean I should change the hostserver or to transfer my domain to another host cause they are not one>

By the way I am not him am her

Best regards

Randa

Posted

Sorry about the him/her thing.

This whole block looks like it is full of zonbied machines that the spammers have control of. I am not sure if this is your physical machine and if it is you should check for worms. if I were you I would change hosts but find one that is not blocked all over the internet.

Posted

By the way am using now a kaspersky as antivirus program am trying it >

when I read the name Ibragimov I remembered kaspersky

Let me tell you something Myrlin

Tow weeks ago I was trying to know the cause of the problem

The hostserver told me nothing wrong with them and my email is working fine and I should go back to the place from which I bought the domain

I did it is telelink in my country They told they are not the cause and I should talk with the host server

I was keep running for two weeks and it seems the I will continue but now after Ruslan Ibragimov lol >

just today and after big test my hostserver gave me the report

Thank you again merlyn

Am so happy cause you explained to me

My best regards and wishes

Posted

This whole block looks like it is full of zonbied machines that the spammers

sorry I didn't understand

What blook and what machines ????

Please let me know

should I transfere my domain to another host

If it was the cause I only booked a domain from them and I can transfer <

But what about the serverhost??

Please

Posted

http://www.senderbase.org/?searchBy=ipaddr...ng=58.20.160.82

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ....... 5.7 .. 3098%

Last 30 days . 5.1 ... 649%

Average ....... 4.2

per the data developed for the SpamCop FAQ "here" at SenderBase's "Magnitude" Explained .... these numbers would be telling a story about e-mail from this server omce averaging 13,000+ emails a day to the current last-24-hours of outgoin traffic sneaking up on 1,000,000 e-mails a day .... "we" are making the assumption that it isn't you that is sending all these e-mails. As the data isn't found in the WHOIS lookup;

whois -h whois.apnic.net 58.20.160.82 ...

inetnum: 58.20.0.0 - 58.20.255.255

netname: CNCGROUP-HN

descr: CNC Group HuNan province network

descr: China Network Communications Group Corporation

descr: No.156,Fu-Xing-Men-Nei Street,

descr: Beijing 100031

country: CN

admin-c: CH444-AP

tech-c: CH444-AP

mnt-by: APNIC-HM

mnt-lower: MAINT-CNCGROUP-HN

mnt-routes: MAINT-CNCGROUP-RR

status: ALLOCATED PORTABLE

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation's account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: hm-changed[at]apnic.net 20050331

changed: hm-changed[at]apnic.net 20050426

source: APNIC

route: 58.20.0.0/16

descr: CNCGroup HuNan province network

country: CN

origin: AS9929

mnt-by: MAINT-CNCGROUP-RR

changed: hm-changed[at]apnic.net 20050427

source: APNIC

person: CNCGroup Hostmaster

nic-hdl: CH444-AP

e-mail: abuse[at]cnc-noc.net

address: No.156,Fu-Xing-Men-Nei Street,

address: Beijing,100031,P.R.China

phone: +86-10-82993155

fax-no: +86-10-82993144

country: CN

changed: abuse[at]cnc-noc.net 20041220

mnt-by: MAINT-CNCGROUP

source: APNIC

There is no one here that can actually guess at just what type of network you are actually hosted on or using .. but can note that the CH444-AP (and CH445-AP) 'locations' are world-known for spam traffic.

Still playing with trying to figure out an actual connection with the data seen at http://www.senderbase.org/search?searchStr...hestersmail.com .. where exactly are you getting your "hosting" amd "e-mail services" from ...????

Posted
What blook and what machines ????

IP addresses (xxx.xx.xxx.xx) are arranged in blocks of 24. Hosts 'buy' these blocks. You buy your IP address from the host.

machines = computers

The computers who use the IP addresses in this block seem to have many, many computers controlled by the spammers. Check your computer to be sure it is not you. Try this free online virus scanner Online Virus checker You share the email server with others so it may be someone else.

You also have your internet service provider. the internet service provider lets you connect to the internet. the internet service provider (ISP) will also give you email.

You can email from your domain through the host who gives you the domain. The domain email server may be a different email server than your ISP. Therefore, the IP address will be different.

I think that 'Yes, you should book your domain with another host.'

Posted
This whole block looks like it is full of zonbied machines that the spammers

sorry I didn't understand

What blook and what machines ????

Please let me know

38866[/snapback]

The block I was talking about was the /24 block meaning 58.20.160.0 through 58.20.160.255 which would include your IP. A /24 block has 256 IP's

Hers is a simple table to show you the number of IP addresses per block size.

(Block size) total-addresses (IP's)

/20 4096

/21 2048

/22 1024

/23 512

/24 256 <--- the block you are on in Spamhaus

/25 128

/26 64

/27 32

/28 16

/29 8

/30 4

/32 1

Hope this helps

Posted

Where do I begin to tell the story of how hard spam can be

The sad spam story that is bigger than the sea

Where do I start

I will start again by thanking for the full details and for your patience > Really you have helped me to understand what is going on around me .

I have contacted my ISP provider they said it is not their fault beside the domain host and the server host .No one of them as they said responsibe for what has happened

As an answer for Wazoo question my ISP provider is Batelco at Jordan

The domain at link.jo

As for my hosting , it is with ehostpros and they are very nice people

Any how I will change my ISP provider to another one and transfer my domain to another host I hope this will work .

Thank you very much and I appreciate it greatly

Posted
Any how I will change my ISP provider  to another  one and transfer my domain to another host I hope this will work .

Thank you very much and I appreciate it greatly

38893[/snapback]

And thanks to you for making the effort to try and understand.

I'm sorry you need to change ISPs. However, spammers have spoilt Email for everyone.

Andrew

Posted
As an answer for Wazoo question  my ISP provider is Batelco at Jordan

The domain at link.jo

As for  my  hosting , it  is with ehostpros and they are very nice people

38893[/snapback]

Given the above, it seems very strange that your OUTGOING mail goes through a server in China. Maybe the hosting provider was actually trying to tell you that they've blocked INCOMING spam from that server in China?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...