Hosting provider needing help!

[websdotcom]

Hello. I run a small web hosting business. Recently, one of our clients website was comprised through a form they had on their website.

This form allowed a hacker to get in and send tons of spam out through our mail server.

My Network Administrator monitored the situation, because at first we couldn't pin point where all the spam was coming from, then found the problem.

We turned the CGI scri_pt off of this particular client to test if that was the problem. It appeared to be. We turned it back on and sure enough, that was the issue.

But, in the meantime our server sent out 6298% more spam then the norm. This is now a big problem. Some of our clients email are bouncing when then send to the big email providers like, MSN, Hotmail, Yahoo, AOL.

As of yesterday, our score card was back down to -100%. You can view our card at:

http://www.senderbase.org/search?searchString=70.140.248.33

We are on no blacklists either. Our business doesn't tolerate spam. We have policies for that. We have never had this issue before.

What is protocol from this? When will the clients be able to send again to those ISP's? And, do I need to do anything to expedite the process.

Your help is much appreciated!

Thank you,

Chandra

[turetzsr]

Hi, Chandra, welcome to the SpamCop Forums!

...First, some administrivia: you posted to a forum (SpamCop Email System & Accounts) described as

A forum for questions and discussion about the SpamCop Email System and spamcop.net email accounts. <snip>

Since your post has to do with something else entirely, I shall move it to what I think is a more appropriate forum.

<snip>

My Network Administrator monitored the situation, because at first we couldn't pin point where all the spam was coming from, then found the problem.

<snip>

...Great work by you and your NA! Thank you!!

<snip>

But, in the meantime our server sent out 6298% more spam then the norm. This is now a big problem. Some of our clients email are bouncing when then send to the big email providers like, MSN, Hotmail, Yahoo, AOL.

As of yesterday, our score card was back down to -100%. You can view our card at:

http://www.senderbase.org/search?searchString=70.140.248.33

We are on no blacklists either.

<snip>

What is protocol from this? When will the clients be able to send again to those ISP's? And, do I need to do anything to expedite the process.

Your help is much appreciated!

Thank you,

Chandra

...If you are not on the SpamCop blacklist, I'm afraid we here will not be able to provide much help to you. I'd suggest you contact MSN/Hotmail (both Microsoft), Yahoo and AOL to pose your question.

...Good luck!

[Farelf]

... I'd suggest you contact MSN/Hotmail (both Microsoft), Yahoo and AOL to pose your question. ...

Yes, I understand some or all of those organizations run their own blacklists based on their user complaints. If you contact them, detailing your actions (and the fact that you're on no "public" blocklists) you should be able to get a probationary clearance. No doubt some or all have specifics in their security pages.

Thanks for your efforts Chandra - you deserve a medal.

[Merlyn]

70.140.248.33 looks like a dynamic IP (adsl-70-140-248-33.dsl.covlil.sbcglobal.net)

We block any mail from adsl IP's on all of our servers and I believe many other do the same.

Are you running a hosting company on one machine connected to a dynamic IP?

[Farelf]

70.140.248.33 looks like a dynamic IP (adsl-70-140-248-33.dsl.covlil.sbcglobal.net)

We block any mail from adsl IP's on all of our servers and I believe many other do the same.

Are you running a hosting company on one machine connected to a dynamic IP?

The reply will interest me. When the OP claimed no BL listings naturally I checked (dnsstuff - refreshed once to get near complete cover) and have just done so again. No listings with SORBS or NJABL (or anyone else). Not conclusive on dynamic IP address of course but ... And sbcglobal seem to be renowned themselves for rejecting messages from dynamic addresses (finding now an unsubstantiated comment from about a year ago)

...They have a static table compiled of all the ISP's dynamic IP blocks, and they refuse relay and (for some domains) deny final delivery based on the dynamic IP status of the sending MTA. ...

... but then (now that you mention it) ...

...They don't offer standard SMTP relays to any of their customers now. They've changed from true static IPs to "sticky static" IPs (PPPoE with a never changing address) for all new static IP customers. ...

... and thus ...

...This is so stupid I laughed. They're denying delivery of an email from their own customer, based on the dynamic IP "status" of his MTA host, even though that dynamic IP is part of THEIR network. ...

And then there's the adsl thing...

[websdotcom]

Yes, I understand some or all of those organizations run their own blacklists based on their user complaints. If you contact them, detailing your actions (and the fact that you're on no "public" blocklists) you should be able to get a probationary clearance. No doubt some or all have specifics in their security pages.

Thanks for your efforts Chandra - you deserve a medal.

Well, thanks. I feel like I deserve a kick instead of a medal!

I have been trying to find a way to contact these virtual giants, like MSN, HOTMAIL, and AOL. They are impossible to find a way to contact them. I definitely have not found a phone number. I am working on a way to at least email. This is frustrating.

What is funny is they won't let our clients send to them, but we accept there email. Not fair.

70.140.248.33 looks like a dynamic IP (adsl-70-140-248-33.dsl.covlil.sbcglobal.net)

We block any mail from adsl IP's on all of our servers and I believe many other do the same.

Are you running a hosting company on one machine connected to a dynamic IP?

We use SBC as our ip address provider. We have several ip addresses though. Each serve different purposes.

[websdotcom]

I have been trying to find a way to contact these virtual giants, like MSN, HOTMAIL, and AOL. They are impossible to find a way to contact them. I definitely have not found a phone number. I am working on a way to at least email. This is frustrating.

What is funny is they won't let our clients send to them, but we accept there email. Not fair.

We use SBC as our ip address provider. We have several ip addresses though. Each serve different purposes.

Reading through all the posts, I decided to call ATT (sbcglobal.net) She was wonderful in helping... I should have called sooner.

For all who want to know phone numbers, here they are:

Yahoo: 866-562-7219

Hotmail/MSN: 650-964-7200

AOL: 800-827-3338

If you ever have problems, call them! I plan on spending the next several hours on the phone with them. I will let you know what comes of this.

[StevenUnderwood]

What is funny is they won't let our clients send to them, but we accept there email. Not fair.

That is your decision. You could easily block their messages as well. In most instances I would not reccommend it, however.

[Farelf]

Well, thanks. I feel like I deserve a kick instead of a medal!

Chandra, no way! You are doing all you can. The dynamic IP thing is certainly unfair - generally nothing to do with you, just others misusing the system or allowing their systems to be misused. It's hard sometimes to recall the way things were, so much changes (for instance when print magazines started accepting emailed "letters to the editor" they used to publish the email addresses of their correspondents - right up to 1999/2000 - for instance New Scientist - can you imagine it now?)

Glad you are getting some mileage out of AT&T support - premium rates, you certainly should get premium service. Look forward to hearing how it all turns out, reported experiences with those "virtual giants" are generally not good but then we usually only hear the worst of it.