astein03 Posted March 28, 2004 Share Posted March 28, 2004 My server has been blacklisted. IP: 66.70.107.240 Link to the report: http://www.spamcop.net/w3m?action=checkblo...p=66.70.107.240 Someone was able to compromise the server and send out a bunch of fraudulent emails claming to be from Ebay, trying to get people to fill out personal information. The support engineers at the place that hosts my server were able to determine how they got in and they were able to remedy the situation. Below is from the email they sent me. "Turns out the www user had a valid shell which it shouldn't have. I fixed that but messages were still pouring in. I was able to get the IP of the person from the process number and port and it turns out the IP they connected on also call a sendemail.php scri_pt a number of times. I have disabled the scri_pt and blocked the IP from your server." Now for my question: I've been checking the server regularly and I don't see those emails going out anymore. Is there any way to check to see how far along we areinto the automatic 48 hour delisting process? Thanks! Link to comment Share on other sites More sharing options...
Wazoo Posted March 28, 2004 Share Posted March 28, 2004 Actually, present conditions don't allow for that kind of data (thanks to abuse by spammers) ... the only way to possibly speed up an answer would be to drop a note to Deputies at admin.spamcop.net with your particulars, and they can take a look, give you a specific answer .. noting that it's a week-end, so not even sure how fast this note might be seen. Of course, not looking at your specific report till after I'd posted .... has your "provider" also offered a fix for the first bad "written in RED" message: Query bl.spamcop.net - 66.70.107.240 DNS error: 66.70.107.240 is www.advantagetel.com but www.advantagetel.com is 64.27.74.93 instead of 66.70.107.240 Link to comment Share on other sites More sharing options...
Ellen Posted March 28, 2004 Share Posted March 28, 2004 My server has been blacklisted. IP: 66.70.107.240 Link to the report: http://www.spamcop.net/w3m?action=checkblo...p=66.70.107.240 Someone was able to compromise the server and send out a bunch of fraudulent emails claming to be from Ebay, trying to get people to fill out personal information. The support engineers at the place that hosts my server were able to determine how they got in and they were able to remedy the situation. Below is from the email they sent me. "Turns out the www user had a valid shell which it shouldn't have. I fixed that but messages were still pouring in. I was able to get the IP of the person from the process number and port and it turns out the IP they connected on also call a sendemail.php scri_pt a number of times. I have disabled the scri_pt and blocked the IP from your server." Now for my question: I've been checking the server regularly and I don't see those emails going out anymore. Is there any way to check to see how far along we areinto the automatic 48 hour delisting process? Thanks! If there are no further reports your IP should start into delisting in about an hour and be fully delisted in 3 hours. Link to comment Share on other sites More sharing options...
astein03 Posted March 28, 2004 Author Share Posted March 28, 2004 Thanks for your help. I'm resolving the DNS issue right now. Also, is there anyway to find out if people are still complaining about my server? Or do I just have to wait and see if it gets delisted? Edit: Just saw in your post that you can't. Thanks anyway. Edit2: Looks like I'm not listed anymore. Time to celebrate! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.