Jump to content

Question about my blacklisted server.


astein03

Recommended Posts

My server has been blacklisted. IP: 66.70.107.240

Link to the report: http://www.spamcop.net/w3m?action=checkblo...p=66.70.107.240

Someone was able to compromise the server and send out a bunch of fraudulent emails claming to be from Ebay, trying to get people to fill out personal information.

The support engineers at the place that hosts my server were able to determine how they got in and they were able to remedy the situation. Below is from the email they sent me.

"Turns out the www user had a valid shell which it shouldn't have. I fixed that but messages were still pouring in. I was able to get the IP of the person from the process number and port and it turns out the IP they connected on also call a sendemail.php scri_pt a number of times. I have disabled the scri_pt and blocked the IP from your server."

Now for my question: I've been checking the server regularly and I don't see those emails going out anymore. Is there any way to check to see how far along we areinto the automatic 48 hour delisting process?

Thanks!

Link to comment
Share on other sites

Actually, present conditions don't allow for that kind of data (thanks to abuse by spammers) ... the only way to possibly speed up an answer would be to drop a note to Deputies at admin.spamcop.net with your particulars, and they can take a look, give you a specific answer .. noting that it's a week-end, so not even sure how fast this note might be seen.

Of course, not looking at your specific report till after I'd posted .... has your "provider" also offered a fix for the first bad "written in RED" message:

Query bl.spamcop.net - 66.70.107.240

DNS error: 66.70.107.240 is www.advantagetel.com but www.advantagetel.com is 64.27.74.93 instead of 66.70.107.240

Link to comment
Share on other sites

My server has been blacklisted.  IP: 66.70.107.240

Link to the report: http://www.spamcop.net/w3m?action=checkblo...p=66.70.107.240

Someone was able to compromise the server and send out a bunch of fraudulent emails claming to be from Ebay, trying to get people to fill out personal information.

The support engineers at the place that hosts my server were able to determine how they got in and they were able to remedy the situation.  Below is from the email they sent me.

"Turns out the www user had a valid shell which it shouldn't have.  I fixed that but messages were still pouring in.  I was able to get the IP of the person from the process number and port and it turns out the IP they connected on also call a sendemail.php scri_pt a number of times.  I have disabled the scri_pt and blocked the IP from your server."

Now for my question:  I've been checking the server regularly and I don't see those emails going out anymore.  Is there any way to check to see how far along we areinto the automatic 48 hour delisting process?

Thanks!

If there are no further reports your IP should start into delisting in about an hour and be fully delisted in 3 hours.

Link to comment
Share on other sites

Thanks for your help. I'm resolving the DNS issue right now.

Also, is there anyway to find out if people are still complaining about my server? Or do I just have to wait and see if it gets delisted?

Edit: Just saw in your post that you can't. Thanks anyway. :)

Edit2: Looks like I'm not listed anymore. Time to celebrate!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...