Jump to content

Spamcop after virus / spyware attack


sroberts

Recommended Posts

My Ip is 82.41.221.43

For the last 3 days i have been fighting virus/spyware/trojans etc etc etc i believe i have now resolved this only to find that spamcop is blocking me sending any mails.

Outlook returns the folowing message

The server responded: ??3 5.3.0 Error 601:Rejected by spam filter - bl.spamcop.net'

I have no interest in spamming or anything like it.

please help .

Regards

Steve

Link to comment
Share on other sites

  • Replies 114
  • Created
  • Last Reply

SpamCop blocks nothing. This is explained in the existing entries found in the SpamCop FAQ, link at the top of this page.

http://www.spamcop.net/w3m?action=checkblock&ip=82.41.221.43

82.41.221.43 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 2.2 days, it has been listed 2 times for a total of 44 hours

http://www.senderbase.org/?searchBy=ipaddr...ng=82.41.221.43

Real-time blacklists

bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=82.41.221.43

dynablock.njabl.org Dynamic IP - http://www.njabl.org/cgi-bin/lookup.cgi?query=82.41.221.43

9 Mar 2006 1645 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 13660%

Last 30 days .. 2.7 .... 223%

Average ........ 2.2

At this point, it doesn't appear that the spew has stopped.

Link to comment
Share on other sites

it has just gone up to 23 hours again. while i was waiting for a response ..

everytime i hit send and recieve i can see it is sending emails .. i have running .. avg 7 / spyware doctor / zone alarm / search and destroy / microsoft anti spyware and ad-adware .. and on top of all that i now cant even send an email to anyone ...

what more can i do please help.

Regards

Steve

Link to comment
Share on other sites

9 Mar 2006 1714 GMT -6

Report on IP address: 82.41.221.43

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 13685%

Last 30 days .. 2.7 .... 223%

Average ........ 2.2

Spew 'seen' is still going up .... per SenderBase's "Magnitude" Explained one would say that there's something like 20,000+/day e-mails leaving the system at this IP address .... surely this should be noticed .... firewall logs, system logs, application logs ..????

03/09/06 17:19:52 Slow traceroute 82.41.221.43

Trace 82.41.221.43 ...

194.117.136.214 RTT: 127ms TTL: 16 (No rDNS)

62.30.251.29 RTT: 137ms TTL: 16 (pc-62-30-251-29-ro.blueyonder.co.uk ok)

80.195.0.18 RTT: 129ms TTL: 16 (No rDNS)

82.41.221.43 RTT: 158ms TTL: 44 (82-41-221-43.cable.ubr13.edin.blueyonder.co.uk ok)

http://www.spamcop.net/sc?track=82.41.221.43

Statistics:

82.41.221.43 listed in bl.spamcop.net (127.0.0.2)

82.41.221.43 not listed in dnsbl.njabl.org

82.41.221.43 not listed in dnsbl.njabl.org

82.41.221.43 not listed in cbl.abuseat.org

82.41.221.43 listed in dnsbl.sorbs.net ( 127.0.0.10 )

82.41.221.43 not listed in relays.ordb.org.

ns2.stelogic.co.uk reports the following MX records:

Preference Host Name IP Address

10 mail.stelogic.co.uk 67.15.32.16

03/09/06 17:29:32 Slow traceroute stelogic.co.uk

Trace stelogic.co.uk (67.15.32.16) ...

129.250.10.190 RTT: 52ms TTL: 16 (ge-6.ev1.hstntx01.us.bb.verio.net ok)

66.98.241.29 RTT: 52ms TTL: 16 (gphou-66-98-241-29.ev1.net bogus rDNS: host not found [authoritative])

66.98.241.124 RTT: 54ms TTL: 16 (gphou-66-98-241-124.ev1.net ok)

67.15.32.16 RTT: 49ms TTL: 49 (stelogic.co.uk ok)

Bottom line ... is the e-mail server at 82.41.221.43 yours or blueyonder's???? The tools you describe seem more like a 'personal PC" type array, rather than an e-mail server ....????

Link to comment
Share on other sites

with no clues as to what i am sending abd being blacklisted for how am i meant to resolve the blacklist ?

while i agree in principle with what spamcop are trying to achive i believe the system is in desperate need of upgrading .. i am finding spamcop almost as bad as the virus/spyware that caused this. the only difference is that i can remove the virus within seconds .. the spamcop .. 23 HOURS .. and even then it could come straight back and still not really tell me why ..

regards steve

Link to comment
Share on other sites

it is my home pc and the server is united hostings and the ip is provided by telewest.

i would notice sending 800 mails an hour .. i am unsure of all the technical info you are posting but trying to get my head round it all .. but its all so frustrating ..

any ideas of what my next step should be ?

regards & thanks

steve

Link to comment
Share on other sites

with no clues as to what i am sending abd being blacklisted for how am i meant to resolve the blacklist ?

Well, there are FAQs provided here that a number of folks spent many hours over a number of months to create to offer the background on this type of problem.

while i agree in principle with what spamcop are trying to achive i believe the system is in desperate need of upgrading

Yeah, OK ... that the various parts have been in continuous upgrade mode since it's inception so as to keep up with spammy games means nothing ...????

.. i am finding spamcop almost as bad as the virus/spyware that caused this. the only difference is that i can remove the virus within seconds .. the spamcop .. 23 HOURS .. and even then it could come straight back and still not really tell me why ..

41115[/snapback]

That the spew count is still climbing kind of suggests that the "real issue" has yet to be resolved. As you noticed, the "time" of listing is dynamic, with the critical part of the description being "after the spam stops" ..... Note the data provided in my last post that seems to show that "stopped" has yet to be accomplished.

If this is "your" system, suggestion would be to take it off line, do some homework, troubleshooting, and repair .... and only when the actual issue is resolved, then bring it back on-line ....

Link to comment
Share on other sites

i feel spamcop are punishing me for getting some spyware/virus .. i just want it all fixed .. but even when it is i still have to wait 24 hours.. while it might be great for some people to know the Magnitude Vol Change all i want to know is whats causing it .. the one thing no one can say in plain english... "from our records it looks like the whatever" virus.

and dont get me wrong i do apprecieate the fact that people have gone to trouble to write detailed explainations etc but i just want to know what exactly i am meant to have done and how to resolve it.

Link to comment
Share on other sites

i just got this from united hosting . after asking them if they can tell if i am sending 20,000+ emails per day..

Hi Steve

The problem is with your ISP internet connection and not your hosting account with us.

The IP you have from your internet provider is blacklisted:

http://www.spamcop.net/w3m?action=checkblock&ip=82.41.221.43

The server and your domain accounts are not blacklisted.

Your ISP will need to give you a fresh IP or delist the IP your currently on.

Regards,

UH Support

and im still no clearer .. i also spoke to telewest who say they can do nothing .

Link to comment
Share on other sites

it is my home pc and the server is united hostings and the ip is provided by telewest.

i would notice sending 800 mails an hour .. i am unsure of all the technical info you are posting but trying to get my head round it all .. but its all so frustrating ..

any ideas of what my next step should be ?

41116[/snapback]

Perhaps a bit more / better explanation ...???

telnet 82.41.221.43 25 doesn't reply, so is there an actual e-mail server there? If so, what software is involved?

"the server is united hosting" suggests that someone else is supposed to be fixing the problem .. have you contacted them? (Although noting that this information isn't being shown elsewhere .... http://www.senderbase.org/?searchBy=ipaddr...21.43&showRBL=1 says;

Other information about this IP address

Sender Category NSP

Network Owner Telewest HSD Platform

Domain blueyonder.co.uk

Date of first message seen from this address 2006-03-07

CIDR range 82.41.0.0/16

# of domains controlled by this network owner 16

but that "Date of first message" seems at odds with the statistics ....only two days to get to this level of e-mail traffic? This doesn't quite jive with the typical use of a "home PC" ....????

Volume is still going "up"

9 Mar 2006 1804 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 13696%

Last 30 days .. 2.7 ..... 223%

Average ........ 2.2

Link to comment
Share on other sites

Perhaps a bit more / better explanation ...??? of what .. i will give you any info i can .

i use hosting for stelogic provided by united hosting .. i have outlook running all the time checking for mails every 20 mins...the date of first message was when i got the virus/spyware as i said in my first post.

i have run every spyware and virus checker i can find .. purchased licenses for recomended ones and still i find myself on this list ..

Sender Category NSP

Network Owner Telewest HSD Platform

Domain blueyonder.co.uk

Date of first message seen from this address 2006-03-07

CIDR range 82.41.0.0/16

and all that means nothing to me ..

Link to comment
Share on other sites

now i just got this email from united hosting ..

--------------------------------

If that was the case then the server IP address would be blacklisted by spamcop and

not your ISP connection.

We also checked our SMTP logs and cannot see any abnormal traffic.

---------------------------------

now i am even more confused .. UH say im not sending abnormal traffic .. spam cop says 20,000+ emails ..

confused.com

Link to comment
Share on other sites

i feel spamcop are punishing me for getting some spyware/virus .. i just want it all fixed .. but even when it is i still have to wait 24 hours.. while it might be great for some people to know the Magnitude Vol Change all i want to know is whats causing it .. the one thing no one can say in plain english... "from our records it looks like the whatever" virus.

and dont get me wrong i do apprecieate the fact that people have gone to trouble to write detailed explainations etc but i just want to know what exactly i am meant to have done and how to resolve it.

41118[/snapback]

Whatever ... the FAQs provided here include "official" contact points ... you're not talking to folks that have access to the files you are demanding to see.

My best guess at this point .. you are being 'ignored' by the blueyonder/telewest folks, as they are the ones actually running the server in question. But, I'm still in the dark as to just how you are attempting to send your e-mail.

And once again, SpamCop.net doesn't have the power to block any of your e-mail. Any "blockage" is done by the receiving ISP as part of their incoming spam controls .. and even then SpamCop.net recommends not using the SpamCopDNSBL in a "blocking" mode .... Bottom line, "you" are not targeted, it's the spew coming from the computer/system sitting at the IP address of 82.41.221.43 25 ....

Link to comment
Share on other sites

i am using outlook ... and ANY email i send to anyone at any ISP get returned with the spamcop message i posted at the start ..

im not demanding anything .. just saying that i am finding it hard to understand any of the files and info i am seeing . and that it should be made a lot simpler to find out exactly what i have done to find myself on this list.

Link to comment
Share on other sites

now i just got this email from united hosting ..

--------------------------------

If that was the case then the server IP address would be blacklisted by spamcop and

not your ISP connection.

We also checked our SMTP logs and cannot see any abnormal traffic.

---------------------------------

now i am even more confused .. UH say im not sending abnormal traffic .. spam cop says 20,000+ emails ..

41122[/snapback]

Your conversation with "united hosting" sounds more like a web-site host .. not the same as providing e-mail service ....

Again, if "you" are running an e-mail server, identify the software involved. If you are "not" running an e-mail serber, and this is your computer being discussed, your "vital" ptoblems are not solved. Remember, anti-virus tools are "reactive" so it is possible you've got one that has yet to be identified by the tools you're running .... the last similar issue was noted by someone doing an "on-line" virus check and getting ticked off in that those on-line checks came back with positive hits ....

Per the other items I've placed "in your way" there's still all the missing daya on what software/hardware you're using, what the patched status is, etc. ... Again, from the list of tools mentioned previously, it's an easy guess that we're talking Windows, but .....As you agreed to, one would think that you'd have noticed the slowdown of this system if it was this busy cranking out e-mail.

If you don't understand the term "spamtrap" ... we also offer a Glossary/Dictionary here in addition to the FAQs.

Link to comment
Share on other sites

i do not run an email server i run a windows xp pc standard shop model with outlook (i would tell you the version but i am scared to start it incase my block goes back up to 24 hours)

united hosting are my website host .. they provide me with stelogic.co.uk which comes with an email account .. i have run my standard virus software .. pccillin along with avg and pctools antivirus and all come back clean .. i have run spydoctor , search and destroy and microsft antispyware software and everything has come back clean.

Link to comment
Share on other sites

i am using outlook ... and ANY email i send to anyone at any ISP get returned with the spamcop message i posted at the start ..

Outlook is "not" an e-mail server

im not demanding anything .. just saying that i am finding it hard to understand any of the files and info i am seeing . and that it should be made a lot simpler to find out exactly what i have done to find myself on this list.

41124[/snapback]

The "Why am I Blocked? FAQ entry was developed to attempt to give "you" an understanding of what's going on in the background ... and also give a hint as to what data would be needed in order for other "users" here to try to help ....

Yes, you are in fact posting from the same IP address that's in question .... what hasn't been descrived yet .. why would you be sending e-mail from your "home PC" as compared to using the server/e-mail service provided by your ISP? This would take us back to you using your own system as an e-mail server, but you seem to have not gotten around to definng that possibility.

The only data available here is what you say and what can be fleaned with some other tools ... and as noted in a previous post, attempting to "talk" to an e-mail server at this address failed .... either blocked by a firewall, no server actually running, of blueyonder blocking actions ...

You state that "all" e-mail is blocked, but .... you did not provide enough of the error mesage to show "who" actually blocked it ....

Link to comment
Share on other sites

i have outlook configured on a pop 3 account to use the stelogic email account provided by united hosting

outlook message (in full)

Task 'mail.stelogic.com - Sending and Receiving' reported error (0x800CCC78) : 'Unable to send the message. Please verify the e-mail address in your account properties. The server responded: 553 5.3.0 Error 601:Rejected by spam filter - bl.spamcop.net'

Link to comment
Share on other sites

i do not run an email server i run a windows xp pc standard shop model with outlook (i would tell you the version but i am scared to start it incase my block goes back up to 24 hours)

41126[/snapback]

Firing up Outlook would appear to have little to do with anything ... volume is still going up ....

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.3 .. 13704%

Last 30 days .. 2.7 ..... 223%

Average ........ 2.2

Link to comment
Share on other sites

i do not understand how it is still going up..

41130[/snapback]

http://www.senderbase.org/?searchBy=ipaddr...21.43&showRBL=1

9 Mar 2006 1903 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day........ 4.3 .. 13716%

Last 30 days .. 2.7 ..... 223%

Average ........ 2.2

If you're not noticing any slowdown, I'd say you must have one pretty powerful computer ....

Real test at this point .. turn it off (or at least disconnect from the 'net') for a half-hour or so .... to see if this number does in fact stop for a bit ....

Link to comment
Share on other sites

i am using outlook ... and ANY email i send to anyone at any ISP get returned with the spamcop message i posted at the start ..

im not demanding anything .. just saying that i am finding it hard to understand any of the files and info i am seeing . and that it should be made a lot simpler to find out exactly what i have done to find myself on this list.

41124[/snapback]

Please send me an email at the address in my signature with "Spamcop Forum Test" in the subject (so I won't report it accidentally)....since the spamcop email service does not bounce messages, I will get it and maybe we can see exactly what is being blocked and why.

The only reason this test would not work is that your ISP is using spamcop on your connection and blocking before you reach their servers to send it out.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...