Jump to content

virused hosts again!


derrick.hansen
 Share

Recommended Posts

Hello, looks like a new wave of spaming viruses is going around. We have had our mail server; 208.98.210.10 blacklisted again. While we can shut down the hosts that are using thier own mail server to spam with, trying to find out who is spamming with our mail server is a little more dificult.

Any of the spam warriors want to help us slay the virused host or hosts? We were hitting the spam traps so little info is given back.

Link to comment
Share on other sites

Hello, looks like a new wave of spaming viruses is going around. We have had our mail server; 208.98.210.10 blacklisted again. While we can shut down the hosts that are using thier own mail server to spam with, trying to find out who is spamming with our mail server is a little more dificult.

Any of the spam warriors want to help us slay the virused host or hosts? We were hitting the spam traps so little info is given back.

Well, it looks as if someone cleared the list. You say it was spamtraps. Was that all it was? Did it mention anything about misdirected bounces? Have you tried to email deputies[at]spamcop.net to get more info (if you are an administrator of that IP address)?

Viruses are not the only way for a host to get listed. In August, at least one spam message was reported.

Submitted: Tuesday, August 22, 2006 5:51:39 PM -0400:

Bachelors, Masters, MBA, PhD can be yours in 4 weeks if you qualify.

Link to comment
Share on other sites

...Paying members may be able to dredge up a bit more information. However, information about stuff hitting SpamTraps is only visible to the SpamCop Deputies (deputies[at]admin.spamcop.net). Please be sure to provide all relevant information and include evidence that you are an admin for the machine being blocked (208.98.210.10).

...Good luck!

Link to comment
Share on other sites

I am in the support dept at sun country cable which owns the blocked IP. The system administrator did find some old auto reply's that were getting hit with spam and bouncing. We killed those. Hopefully that was all.

Yes the report for 208.98.210.10 was saying that there were 2 spamtrap hits since last night.

I figured it was a virused host because I have had to shut down about 6 so far this week. most of the time they set up thier own mail server, but the odd time we get it going thru the mail server. The last time that happened the spamcop forums helped us conferm the source. I thought it may have been similar.

So yeah, hopefully it was just the old auto-reply's.

Link to comment
Share on other sites

Hi Derrick

I'm wondering if perhaps your mail server software could be configured to filter some of the more common virus distribution subject lines, as most of them only have a handful of subjects that they use. If you could then log those filtering actions, it should make tracking down the infected hosts relatively easy.

Unfortunately, until there are some manual reports on the IP, there is not much we users will be able to find for you. Your best bet is to send an email to deputies[at]admin.spamcop.net.

Do your mail servers add a received: from line to the headers for the IP address of the originating client computer? If so, you might be able to get the deputies to give you that IP and an approximate time, then you should be able to determine who it is based off your DHCP logs.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...