Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

About Spamming Report

About Spamming Report

I got abuse request

Good afternoon,

Your Ip address (x.x.x.x) is actually listed on UCEPROTECT

You can check it with the form available on their website : http://www.uceprotect.net/en/rblcheck.php

Thank you to take the necessary action to stop all the spam sending as soon as possible.

Feel free to contact Online.net technical assistance for more information

Online.net Abuse service

But I did not install any mail server or application that send email on my server. Was anyone in same situation? Any help are appreciated.

Comments

  • jarlandjarland Administrator
    edited December 6

    Lol every IP is on that extortion racket. Major fail, online.net

    Maybe they just don't want you as a customer anymore?

    Thanked by 1Francisco
  • edited December 6

    @jarland my experience has been UCE level 1 listing generally is a leading indicator of spammers on our network and most times we'll pickup a primary RBL listing days to a week later. I've yet to see a false positive. Their portal tells you the exact date of the incident. If it's a UCE level 2 it's likely someone on your subnet triggered enough level 1 alerts to light up the entire subnet.

    @tneilvn i would carefully check your process list for anything you don't intend to be running. Keep in mind you don't need an MTA daemon to send mail.

    You can setup an iptables rule to catch smtp outgoing (check all three ports) and have it count connections. You can also check lsof/netstat in realtime for connections.

    Thanked by 1doughmanes
  • jarlandjarland Administrator
    edited December 6

    IonSwitch_Stan said: my experience has been UCE level 1 listing generally is a leading indicator of spammers on our network

    I'll concede to that, but Level 3 is such an extortion racket that I throw the baby out with the bathwater. I simply don't trust them because of that. No abuse complaints, no evidence provided, attempted shakedown for cash.

    Thanked by 1dedicados
  • Yeah, some years ago whole UPC ranges and romtelecom were listed in Romania because dynamic ranges were infected with various trojans and the provider ended up on level 3. They changed the methods a bit since then and things got much better.
    Level 1 is real spammer, I have yet to find a false positive too.
    For OP, check if you have a webserver with wordpress or similar, those get infected and are used as proxy to send spam.

    Truthfully i bid thee, thee shouldst not lendeth thy ear to these lacking valor w'rds, those shouldst beest unspoken and p'rish from the tongue of true believ'rs, for they art unclean!

  • UCEPROTECT detects real spam no doubt about that, the issue and scam is when you want to delist from them.

  • jarlandjarland Administrator
    edited December 7

    @zafouhar said: UCEPROTECT detects real spam no doubt about that, the issue and scam is when you want to delist from them.

    I'll believe that when I see sample emails from an IP on their level 3 list ;)

    They once wouldn't delist me as long as I had multiple A records for a hostname (PTR matched on all, I'm a rebel). Then I grew smarter and realized it didn't matter, they don't even matter lol

  • I think I'll switch to OVH

Sign In or Register to comment.