[Resolved] My ISP 83.245.95.30 (www.euro1net.com) blocked

[Carolyn]

Hi all,

To my suprise when sending an email from my main ISP euro1net to one of my secondary email accounts (hosted by uk2.net) I go a message that the euro1net smtp server was being block. I have sent an email to them but I was wondering why and if it was anything I had done.

I had one email returned due to an out of date address and as a member of a number of yahoo groups did receive a number of virused emails when they were attacked recently. But I do have a firewall (zonealarm) and antivirus (bitdefender) so I should have been safe.

Is it usual for a ISP's to be blocked. I have always found euro1net to be very reliable and have never had this happen before and I have been with them for 1.5 years.

Thanks

Carolyn

[Telarin]

Senderbase Stats for 83.245.95.30

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.7 2155%

Last 30 days 3.7 168%

Average 3.3

We're showing a 20 fold increase in email from this IP address in the last day, so I would say something is definitely amiss.

Further, spamcop is indicating hits on spamtraps, which means something has definitely been coming out of that server that shouldn't be.

Since spamcop is not showing any "manual reports" at this time, you, or better yet, your ISP, should contact deputies[at]admin.spamcop.net to find out what kind of traffic has been hitting the spamtraps and see if they can put a stop to it.

[StevenUnderwood]

Is it usual for a ISP's to be blocked. I have always found euro1net to be very reliable and have never had this happen before and I have been with them for 1.5 years.

83.245.95.30 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 15 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.7 2155%

Last 30 days 3.7 168%

Average 3.3

Something is up with them. Only spamtrap reports but a 2000% increase in sent messages is something to be investigating. Call them and ask if they know they have been listed on SpamCop.

[Merlyn]

Looks like it was removed once and re-added to another blocklist (PSBL) for pill spamming and hitting spamtraps. It also looks like it has been hitting spamcop spamtraps also.

The payoff site or spamvertised site ditcheyelahs.com supposedly belongs to Yambo Financials RE: http://www.spamhaus.org/rokso/listing.lass...bo%20Financials

Huge spamhaus tied into distribution and billing for child, animal, and incest-porn, pirated software, and pharmaceuticals. Run their own merchant services (credit-card "collection" sites) set up as a fake "bank."

[Carolyn]

Looks like it was removed once and re-added to another blocklist (PSBL) for pill spamming and hitting spamtraps. It also looks like it has been hitting spamcop spamtraps also.

The payoff site or spamvertised site ditcheyelahs.com supposedly belongs to Yambo Financials RE: http://www.spamhaus.org/rokso/listing.lass...bo%20Financials

Huge spamhaus tied into distribution and billing for child, animal, and incest-porn, pirated software, and pharmaceuticals. Run their own merchant services (credit-card "collection" sites) set up as a fake "bank."

I am sorry but I dont quite understand this, are you saying that a nasty site has signed up to my ISP and that is causing the problem?

Carolyn

[Miss Betsy]

I don't understand it either, but from my experience, the increase in the number of emails being sent means that a computer on your ISP has been infected. The spammers are using it to send spam unbeknownst to the computer owner.

If I were you, I would try and contact my ISP again. They would not have received any reports from spamcop because the hits were all on spam traps. If it is an infected computer, they would probably be glad to know. If they don't know how to find it, advise them to post to this thread. Perhaps someone here can help them.

The infected computer is not necessarily you, by the way. It could be any one of your ISPs customers. You have protection so it is probably someone else.

Until your ISP gets this fixed, you can use a hotmail account (or some other web based email service) to communicate by email to those who are blocking the spam spewing from the same mail server you are using.

Miss Betsy

[Wazoo]

Is it usual for a ISP's to be blocked.

The SpamCopDNSBL does not deal with "Domain" names, or e-mail addresses. It is a listing of IP addresses that have sent sufficient "bad" e-mail to get noticed and picked up so that others may use that data in controlling / handling their incoming e-mail / spam-spew. The SpamCop FAQ (links at the top of the page) lists pointers and links to details about what it is, how it works ....

I am sorry but I dont quite understand this, are you saying that a nasty site has signed up to my ISP and that is causing the problem?

No one is "saying" anything .. only reporting facts as found. For sure, mo one but you said anything about "a site signing up" .. the data presented thus far has only dealt with the e-mail traffic seen from the IP address you offered up. Web-sites are one thing, e-mail servers are another .....

[Miss Betsy]

the data presented thus far has only dealt with the e-mail traffic seen from the IP address you offered up. Web-sites are one thing, e-mail servers are another .....

Wazoo, who pays attention to the details, points to another area of confusion. The email server - the computer that actually sends the email to someplace on the internet - has an IP address. That is the address that is listed.

Web sites also have IP addresses, but do not send email. Even if the web site is reported as being referenced in the spam, the IP address is not listed on the spamcop list of addresses that have sent spam from mail servers.

Since we haven't heard back from you, let's hope that your ISP responded to you and has fixed the problem.

Miss Betsy

[Derek T]

I am sorry but I dont quite understand this, are you saying that a nasty site has signed up to my ISP and that is causing the problem?

Carolyn

No, he's saying that nasty sites are being advertised in spam coming from that server. Spammers almost never 'sign-up' to an ISP - they rely on hacking into servers illegally OR rely on various 'features' of the Micro$oft operating system / Outlook Express to take over end-user machines with a fast connection and send their filth out from them.

Looking at your ISP's list of servers in Senderbase it appears that they are not very proactive at pulling the plug on infected customers.

Addresses in euro1net.com used to send email

Showing 1 - 12 out of 12

View others in euro1net.com or address block:

address hostname DNS

Verified Daily

Magnitude Monthly

Magnitude

83.245.117.188 user-188-117-245-83.euro1net.com Y 4.8 3.8

83.245.95.30 smtp.euro1net.com Y 4.6 3.7

83.245.86.128 user-83-245-86-128.euro1net.com Y 4.6 3.5

83.245.84.235 user-83-245-84-235.euro1net.com Y 3.9 3.5

83.245.90.33 user-83-245-90-33.euro1net.com Y 0.0 3.3

83.245.112.228 user-228-112-245-83.euro1net.com Y 0.0 3.2

83.245.95.35 mail.euro1net.com Y 2.9 2.5

83.245.87.2 user-83-245-87-2.euro1net.com 4.1 2.5

83.245.85.200 user-83-245-85-200.euro1net.com Y 3.1 2.4

83.245.87.131 user-83-245-87-131.euro1net.com 2.5 2.3

83.245.115.183 user-183-115-245-83.euro1net.com Y 0.0 2.2

83.245.116.84 user-84-116-245-83.euro1net.com 0.0 2.2

Those in red are infected customers of your ISP currently or recently spewing spam to the world.

You are not getting the service you are paying for. Time for a change?

Edit: Just checked their web-site and can find no link to 'terms and conditions' or 'acceptable use policy'. Also it appears that they want you to pay for 18 months' service up-front? Sheesh! I wouldn't touch them with a bargepole. Also it appears that they have no registered abuse address - what a bunch of wankers.

[Carolyn]

Thanks all for the insight I will wait and see what euro1net has to say about this. The IP is now unblocked I shall keep an eye on it.

Just checked their web-site and can find no link to 'terms and conditions' or 'acceptable use policy'. Also it appears that they want you to pay for 18 months' service up-front? Sheesh! I wouldn't touch them with a bargepole. Also it appears that they have no registered abuse address - what a bunch of wankers.

Derek,

This is my second year with them and I have been happy to pay 1 year up front for what seems to be the cheapest most reliable, good customer service, unlimited usage, and unlimited server bandwith broadband and ISP provider that I have found. I must admit that emails are not my highest priority as my main use is general internet (surfing and streeming) and server to my web site. So I had not been aware until now that there were problems in this area and I would expect that they will sort it. If they remain lax about spam abuse then I may consider changing when my contract expires.

Carolyn

[petzl]

Thanks all for the insight I will wait and see what euro1net has to say about this. The IP is now unblocked I shall keep an eye on it.

Derek,

Carolyn

Handling abuse reports is a costly exercise If they are competantly set-up SpamCop will only block your computer SpamCop tracks email headers to the very IP address of that computer which sends the spam. If not competantly set-up (you said they are cheap and incompetance is often why, good IT cost) SpamCop is forced to log upstream IP and perhaps block.

You did not say if you use a spyware detector? Spyware are not viruses but programes that allow thugs to access your computer! Admittedly some virus detectors do look for some spyware they miss most.

If your computer is the one blocked by SpamCop YOU then have a security problem aside from being used by spammers it is accessed by any thug that wants to. These thugs will know when you are home and or when you are not as well as where you live! All files and info including passwords they can see and can use for blackmail etc

Please go over my signature and keep your computer secure

[Carolyn]

You did not say if you use a spyware detector? Spyware are not viruses but programes that allow thugs to access your computer! Admittedly some virus detectors do look for some spyware they miss most.

Yes I have an active spyware blocker

If your computer is the one blocked by SpamCop YOU then have a security problem aside from being used by spammers it is accessed by any thug that wants to. These thugs will know when you are home and or when you are not as well as where you live! All files and info including passwords they can see and can use for blackmail etc

Please go over my signature and keep your computer secure

I dont believe its anything to do with my network I used your checks and the only port open is http used by my web server (Linux/Apache) and as I expected all computers on the network are clean. I currently dont have any anti-virus on the Linux box (it does have a firewall) but I am looking into that. Both routers have built in firewalls. As the problem is from my ISP mail server I would expect a less savy user is more likely to be the culprit.

I have recieved a report from euro1net that said that its servers had been the victim of a DOS attach and has been fixed.

So issue closed but I shall be monitoring closely in future.

Carolyn

[Wazoo]

I have recieved a report from euro1net that said that its servers had been the victim of a DOS attach and has been fixed.

Although they "should" know what's going on within their system, a DoS (Denial of Service) is usually noted as being placed against a web server. Some of the SenderBase numbers rather suggested that some e-mail servers had been hacked/compromised .. or one could go with a number of end-user compromised systems allowed to remain connected ... either way, something else entirely ...

DOS is typically defined as Disk Operaing System .....

[Derek T]

I have recieved a report from euro1net that said that its servers had been the victim of a DOS attach and has been fixed.

What a bunch of wankers! A DoS could not possibly be the reason for a spam spew. I suggest they get a clue.

[turetzsr]

What a bunch of wankers! A DoS could not possibly be the reason for a spam spew. I suggest they get a clue.

...But a spam spew could appear to be a DoS or even be the actual means by which the DoS is accomplished, couldn't it?

...Or maybe their Disk Operating System was attacked by a bunch of spam.... <g>

[petzl]

I have recieved a report from euro1net that said that its servers had been the victim of a DOS attach and has been fixed.

Had a look myself and IP 83.245.95.30 is their email server meaning they are not stamping the IP source again they have no clue (SpamCop will add email servers to the SCBL only after a great number of abuse reports have been made)