The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exploiting my server's IP?

Discussion in 'General Discussion' started by SupermanInNY, May 16, 2006.

  1. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    I have just been listed on SBL.

    http://www.spamhaus.org/SBL/sbl.lasso?query=SBL42009

    This domain has never been on my server.
    However, this domain has its' NS1 and NS2 pointed to my server!

    What can I do about this?
    How do I prevent my IP from being logged as a spammer in such a way?

    I don't know what to do against something like that.

    If you look at the link provided, you will a return path that is not of my IP (at least that is my understanding of this link). My IP is is: 212.179.58.217 and it is blacklisted now.

    I could use help on this issue.
    Would SPF do anything to prevent this?

    thanks,

    -Alon.
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Contact spamhaus and see the email headers. Unless the email originated from a source IP on your system it shouldn't matter what nameservers are used. If this is the cause then spamhaus is flawed. They should only be paying attention to the source IP.

    Found the headers lol

    Received: from media.com (server-69-15.netgrup.ro [89.36.69.15]) trusted-mx.victim.example with ESMTP;

    I think it's more of a joe job attack than anything. Try contacting them to get this removed.
     
  3. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16

    SPAMHOUSE REPSONSE:

    > I did notice that he has created DNS entries (bogus) that point to my
    > server's IP, but he has no access to my server and I have no control
    > over his declaration of DNS entries with the registrar.

    But you DO have control over your own DNS server and that server was
    functioning as an open resolver. Spammers often abuse open resolvers.

    > Please review this ticket again and check the headers and see what
    > IP has originiated the report.

    The IP that originated the report, was 212.179.58.217; that was however
    not the IP that originated the spam.

    > Please remove my IP from the SBL listing as it is reporting
    > incorrectly!

    At the time of listing, the report was correct. The domain has now been
    disabled by the registrar so we have removed the listing. You should
    consider configuring your DNS *not* to function as an open resolver, if
    you want to avoid anything like this happening again!


    I followed the instructions fo Chirpy's bottom line 'do this' link:

    http://forums.cpanel.net/showpost.php?p=217540&postcount=27

    Short.. simple.. took 20 seconds and that is it!

    DNSStuff shows me now as a clean IP :).

    Thanks for the help.
     
Loading...

Share This Page