Results 1 to 9 of 9

Thread: IP Blacklist

  1. #1
    Join Date
    Aug 2006
    Posts
    717
    Rep Power
    0

    Default IP Blacklist

    I think i may have suffered from a botnet/spam attack as well as possible incorrect settings in Outlook. Whatever it is, my ip address is now blacklisted. Need some help in solving the issue, so far i have requested delisting from most but SORBS-spam and SORBS-Web, still have me listed, how can i get off ?
    Shhhh!I see dead people!

  2. #2
    Join Date
    Apr 2003
    Posts
    13,269
    Rep Power
    34

    Default

    Being removed from those lists usually take a few days.
    Also, if it's not just your ip address, but a range of ip's, then your ISP will need to send in the request to be de-listed.
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

  3. #3
    Join Date
    Aug 2006
    Posts
    717
    Rep Power
    0

    Default

    Quote Originally Posted by Arch_Angel View Post
    Being removed from those lists usually take a few days.
    Also, if it's not just your ip address, but a range of ip's, then your ISP will need to send in the request to be de-listed.
    It's my own static ip, but based on my checks there still seems to be spam going out based on www.mxtoolbox.com.
    Shhhh!I see dead people!

  4. #4
    Join Date
    Apr 2003
    Posts
    13,269
    Rep Power
    34

    Default

    Are you running a mail server on your static address?
    They usually have instructions on how to prevent your ip address from being used as a relay for spam.
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

  5. #5
    Join Date
    Aug 2006
    Posts
    717
    Rep Power
    0

    Default

    Quote Originally Posted by Arch_Angel View Post
    Are you running a mail server on your static address?
    They usually have instructions on how to prevent your ip address from being used as a relay for spam.
    Negative, our mail server sits offsite and is controlled by a third party. We do however, have outlook clients.
    Shhhh!I see dead people!

  6. #6
    Join Date
    Aug 2002
    Posts
    3,959
    Rep Power
    25

    Default

    It is likely that one of your computers has been infected. Some virus infections will send out spam emails from the infected machines.

    I would recommend the following:

    Check all your computers with anti virus software and anti malware software such as Spybot. The first one may not detect the infection so you may have to try a few.

    No one is going to take you off the blacklist until your machines stop sending out spam. It is pointless to make requests until you have fixed this issue.

    Many people configure their perimeter firewall to stop unwanted packets from coming into the lan. The perimeter firewall is the one that sits between the internet and your network. To prevent this from happening in the future, you should also configure your perimeter firewall to restrict the traffic that leaves your network.

    For example, you can configure the firewall to restrict outgoing email traffic to your external mail server and a few others like Hotmail, Yahoo, etc.

    You could also implement a mail server on your lan. Outgoing mail would go to this server first and it would forward them to the external mail server. With this configuration, you could configure the firewall to restrict outgoing mail traffic to the i.p. address of your internal mail server.

  7. #7
    Join Date
    Aug 2006
    Posts
    717
    Rep Power
    0

    Default

    Noted Jamrock, I did run Malwarebytes on computers using outlook and it found some detections and quarantined/deleted. I'm thinking if running the scan again though, this time with spybot. Next step is to configure a firewall to block from my network to the internet.
    One thing i noticed on mxtoolbox.com is that on weekends when there are less users on the network the spam report shows considerably less.
    Shhhh!I see dead people!

  8. #8
    Join Date
    Aug 2002
    Posts
    3,959
    Rep Power
    25

    Default

    I wouldn't limit the scans to machines running Outlook. It wouldn't be too hard for the virus to send out mail using other means.

    Smoothwall (www.smoothwall.org) and Pfsense (www.pfsense.org) are good, industrial strength, open source firewalls. Once you have the basic firewall working, you can take a look at the Snort module.

    Please let us know how things turn out.

  9. #9
    Join Date
    Aug 2003
    Posts
    4,629
    Rep Power
    0

    Default

    Not sure if your firewall is capable of it, but my company ran into issues like this before and our firewalls can actually monitor traffic down to the MAC address of the offending PC, unfortunately there was no "easy" way to track down the system when you have about 200+, but what we did was block the IP...result....one upset user who couldn't get on the net for a few minutes, and the computer found to have a bunch of rootkits installed.

    This user was in the communications department and they constantly get infected because they visit social network sites, ad the usual story "i dont know what happened" comes into play.... ooo the joys of IT

    We use SonicWalls btw
    CompTIA A+ Certified
    MCTS - Microsoft Certified Technical Specialist - Server Virtualization
    MCSA - Microsoft Certified System Administrator - Messaging

    It wasn't me!...........okay it was but you have no right to assume!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •