g4mby Posted January 12, 2006 Posted January 12, 2006 For several months I noticed that much of the Ebay and PayPal phishing junk had been coming from a powweb.com source. My first report to them was acknowledged with a note saying that the problem had been dealt with. The second acknowledgement said something along the lines that had they received my first report they would have acted upon it and stopped the flow of spam. Recently all spam that I receive from a powweb.com source pretends to be from the Chase Bank. I am getting these on a regular basis now and no other spam is arriving here from this network. The parser reports this: Parsing input: 66.152.98.101 host 66.152.98.101 = clust10-www01.powweb.com. (cached) [report history] ISP does not wish to receive report regarding 66.152.98.101 ISP does not wish to receive reports regarding 66.152.98.101 - no date available Routing details for 66.152.98.101 [refresh/show] Cached whois for 66.152.98.101 : abuse[at]powweb.com Using abuse net on abuse[at]powweb.com abuse net powweb.com = admin[at]powweb.com, abuse[at]powweb.com Using best contacts admin[at]powweb.com abuse[at]powweb.com Entering other PowWeb IP addresses produces similar reports. Does this mean that PowWeb have no intention of stopping the spam by indicating that they do not want SpamCop's reports? A search of Google and Google Groups suggests that this might be the case. The reports were sent though. Why? I would have thought that the report would have gone to a 'devnull' type address if the ISP has indicated it doesn't want them. Apart from getting the IP addresses onto the SCBL there seems little point in sending reports to PowWeb any longer. I certainly won't bother adding any additional comments. Any thoughts or clarification would be appreciated.
Wazoo Posted January 13, 2006 Posted January 13, 2006 I've managed some web sites hosted there and had no problems with the service there, to include anti-spam efforts, control of web-sites and e-mail servers. But have to admit, it's been a while since I've visited their support forums, so things may have changed. The IP you list shows signs of problems at http://www.senderbase.org/search?searchString=66.152.98.101 .. but in contrast to your other checks, I looked at the (three) servers used in old e-mail I've got and there are no issues on those three. First guess is that some user has a compromised scri_pt file on a hosted site .. historically, this used to be handled pretty quickly by their support staff ... but again, I'm talking a bit historically ... at least 6 months or so ... setting a data point here ... Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.6 .. 1215% Last 30 days .. 4.0 ... 295% Average ........ 3.5 at 10:19 GMT -6 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ......... 4.4 .. 803% Last 30 days ... 4.1 .. 296% Average ......... 3.5
Farelf Posted January 13, 2006 Posted January 13, 2006 PowWeb seem to be well-regarded in general terms: http://www.webhostingjungle.com/powweb/reviewg.shtml http://www.10-cheapwebhosting.com/hosts/PowWeb.php Recent SCBL entries for addresses 66.152.98.21 66.152.98.22 66.152.98.24 66.152.98.53 66.152.98.61 66.152.98.64 66.152.98.73 66.152.98.101 66.152.98.102 66.152.98.103 66.152.98.104 66.152.98.105 - 4 of which were currently listed when checked. Can only imagine that once they receive initial reports with sufficient data to act, they request no further. I would not give up on them - maybe send a manual report or two, see how they respond. Don't really look like the "typical" spambags to me (but then I'm not seeing the same continual round-Robin of spam and evidently they're not sufficiently pro-active to obtain express de-listing.) ... it's been a while since I've visited their support forums, so things may have changed ...39249[/snapback] There's a clue. Why not visit the lion's den, ask some questions in their user forums, see if you can snag some official reponse there? http://forum.powweb.com/showthread.php?p=355008 might be a starting point. They seem to have listings on SORBS too, which is probably worth mentioning if you do that - http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.152.98.101
Recommended Posts
Archived
This topic is now archived and is closed to further replies.