[Hidden-tech] CBL IP block help

[B. Kimo Lee]

Hi Stacy,

As suggested below, visit Spamhaus.org and have them remove your IP from the blocklist. It could be due to other infected virtual hosts on the same IP, but you ought to have your host do a malware scan on your domain files, anyway. And they ought to be made aware of their IP being on the blocklist.

Script kiddies probe sites for vulnerable scripts/extensions constantly. I do Joomla hardening for clients, and recovery for "new" clients. Search on the JED for "SQL Injection" and/or "XSS vulnerabilities", or "LFI " (local file inclusion).

Best,
Kimo

AZURELINK  ::  "Simply Connected!"
-------------------------------------------------------------------------------
Web Site Design & Scalable, Managed Web Hosting
Joomla! Content Management System Implementation
eCommerce Development
-------------------------------------------------------------------------------
321 Main Street, Suite 4
Amherst, MA 01002
(413) 549-2020
For more information, please visit: www.azurelink.com
Follow Azurelink on Twitter: http://twitter.com/azurelink
-------------------------------------------------------------------------------




On May 17, 2012, at 11:23 AM, Rich Roth wrote:

>   ** Be sure to fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
> 
> 
> Stacy,
> you better look closer at how you send and receive email - you are not sending via gmail - you are sending via your web site (hosting service)
> 
> 174.127.119.210 is the IP for www.swampdancer.com
> 
> host www.swampdancer.com 
> www.swampdancer.com is an alias for swampdancer.com.
> swampdancer.com has address 174.127.119.210
> swampdancer.com mail is handled by 0 swampdancer.com.
> 
> Rich
> 
> On 5/17/2012 9:01 AM, Stacy Kontrabecki wrote:
>> 
>>    
>> 
>> 
>> My stacy at swampdancer dot com emails, which I run through my gmail account, keep getting blocked. Outgoing server is through smpt.googlemail.com. The latest message is below. Apparently "IP Address 174.127.119.210 is listed in the CBL. It appears to be infected with a spam sending trojan or proxy." per http://cbl.abuseat.org/lookup.cgi?ip=174.127.119.210
>> 
>> I actually have no idea how to resolve the core problem, despite the directions at the weblink above. Do you? I don't know who/where 174.127.119.210 is. This is not the IP on my Mac when I look it up in settings. Could Thuderbird be doing something? Help!
>>  Stacy Kontrabecki, MBA
>> MA Lic. Forester #311
>> FSC and ISO 9001 Consultant
>> www.swampdancer.com
>> 
>> +1 (413) 625-9203 office
>> +1 (413) 834-3423 mobile
>> 
>> 
>> -------- Original Message --------
>> Subject:	Mail delivery failed: returning message to sender
>> Date:	Thu, 17 May 2012 06:44:12 -0600
>> From:	Mail Delivery System <Mailer-Daemon at slmp-550-7.slc.westdc.net>
>> To:	stacy at swampdancer.com
>> 
>> This message was created automatically by mail delivery software.
>> 
>> A message that you sent could not be delivered to one or more of its
>> recipients. This is a permanent error. The following address(es) failed:
>> 
>>   e.crumley at us.fsc.org
>>     SMTP error from remote mail server after RCPT TO:<e.crumley at us.fsc.org>:
>>     host mail.global.frontbridge.com [213.199.180.150]:
>>     550 5.7.1 Service unavailable; Client host [174.127.119.210] blocked using Spamhaus Blocklist, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.
>> 
>> ------ This is a copy of the message, including all the headers. ------
>> 
>> Return-path: <stacy at swampdancer.com>
>> Received: from c-75-69-117-82.hsd1.ma.comcast.net ([75.69.117.82]:52141 helo=Stacy-Kontrabeckis-MacBook-Pro.local)
>> 	by slmp-550-7.slc.westdc.net with esmtpsa (TLSv1:AES256-SHA:256)
>> 	(Exim 4.77)
>> 	(envelope-from <stacy at swampdancer.com>)
>> 	id 1SV03v-002owt-1S
>> 	for e.crumley at us.fsc.org; Thu, 17 May 2012 06:44:11 -0600
>> Message-ID: <4FB4F299.4000609 at swampdancer.com>
>> Date: Thu, 17 May 2012 08:44:09 -0400
>> From: Stacy Kontrabecki <stacy at swampdancer.com>
>> Organization: Swampdancer Resources
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
>> MIME-Version: 1.0
>> To: e.crumley at us.fsc.org
>> Subject: Re: Q: move to credit based product group
>> References: <4FB3E1B9.1050109 at swampdancer.com>
>> In-Reply-To: <4FB3E1B9.1050109 at swampdancer.com>
>> Content-Type: multipart/alternative;
>>  boundary="------------010606080405050701050600"
>> 
>> This is a multi-part message in MIME format.
>> --------------010606080405050701050600
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>> Content-Transfer-Encoding: 7bit
>> 
>> 
>> 
>> 
>> 
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.2176 / Virus Database: 2425/5004 - Release Date: 05/16/12
>> 
> 
> 
> -- 
> Rich Roth
> Webmaster/Steering Committee Member
> Hidden-tech http://www.hidden-tech.net
> The Talent you need is right here,
> Join and share your skills
> ((Sponsored by Thrives Media))
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members   
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20120517/fa5bec3c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Azurelink.vcf
Type: text/directory
Size: 611 bytes
Desc: not available
Url : http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20120517/fa5bec3c/attachment.bin 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20120517/fa5bec3c/attachment-0001.html