[Hidden-tech] CBL IP block help

Stacy Kontrabecki swampdancer at comcast.net
Thu May 17 18:52:49 EDT 2012


R: google is my primary outgoing server, then swampdancer.com.  Good to 
know.

K: Will check out JED, once again.

Got a call into my host.

S

On 5/17/12 1:16 PM, B. Kimo Lee wrote:
>     ** Be sure to fill out the survey/skills inventory in the member's area.
>     ** If you did, we all thank you.
>
>
>
>
> Hi Stacy,
>
> As suggested below, visit Spamhaus.org <http://Spamhaus.org> and have 
> them remove your IP from the blocklist. It could be due to other 
> infected virtual hosts on the same IP, but you ought to have your host 
> do a malware scan on your domain files, anyway. And they ought to be 
> made aware of their IP being on the blocklist.
>
> Script kiddies probe sites for vulnerable scripts/extensions 
> constantly. I do Joomla hardening for clients, and recovery for "new" 
> clients. Search on the JED for "SQL Injection" and/or "XSS 
> vulnerabilities", or "LFI " (local file inclusion).
>
> Best,
> Kimo
>
> AZURELINK  ::  "Simply Connected!"
> -------------------------------------------------------------------------------
> Web Site Design & Scalable, Managed Web Hosting
> Joomla! Content Management System Implementation
> eCommerce Development
> -------------------------------------------------------------------------------
> 321 Main Street, Suite 4
> Amherst, MA 01002
> (413) 549-2020
> For more information, please visit: www.azurelink.com 
> <http://www.azurelink.com>
> Follow Azurelink on Twitter: http://twitter.com/azurelink
> -------------------------------------------------------------------------------
>
>
>
>
>
> On May 17, 2012, at 11:23 AM, Rich Roth wrote:
>
>>   ** Be sure to fill out the survey/skills inventory in the member's 
>> area.
>>   ** If you did, we all thank you.
>>
>>
>> Stacy,
>> you better look closer at how you send and receive email - you are 
>> not sending via gmail - you are sending via your web site (hosting 
>> service)
>>
>> 174.127.119.210 is the IP for www.swampdancer.com 
>> <http://swampdancer.com>
>>
>> host www.swampdancer.com
>> www.swampdancer.com is an alias for swampdancer.com.
>> swampdancer.com has address 174.127.119.210
>> swampdancer.com mail is handled by 0 swampdancer.com.
>>
>> Rich
>>
>> On 5/17/2012 9:01 AM, Stacy Kontrabecki wrote:
>>>
>>>
>>>
>>> My stacy at swampdancer dot com emails, which I run through my gmail 
>>> account, keep getting blocked. Outgoing server is through 
>>> smpt.googlemail.com. The latest message is below. Apparently "IP 
>>> Address 174.127.119.210*is listed*in the CBL. It appears to be 
>>> infected with a spam sending trojan or proxy." per 
>>> http://cbl.abuseat.org/lookup.cgi?ip=174.127.119.210
>>>
>>> I actually have no idea how to resolve the core problem, despite the 
>>> directions at the weblink above. Do you? I don't know who/where 
>>> 174.127.119.210 is. This is not the IP on my Mac when I look it up 
>>> in settings. Could Thuderbird be doing something? Help!
>>> Stacy Kontrabecki, MBA
>>> MA Lic. Forester #311
>>> FSC and ISO 9001 Consultant
>>> www.swampdancer.com
>>>
>>> +1 (413) 625-9203 office
>>> +1 (413) 834-3423 mobile
>>>
>>>
>>> -------- Original Message --------
>>> Subject: 	Mail delivery failed: returning message to sender
>>> Date: 	Thu, 17 May 2012 06:44:12 -0600
>>> From: 	Mail Delivery System <Mailer-Daemon at slmp-550-7.slc.westdc.net>
>>> To: 	stacy at swampdancer.com
>>>
>>>
>>>
>>> This message was created automatically by mail delivery software.
>>>
>>> A message that you sent could not be delivered to one or more of its
>>> recipients. This is a permanent error. The following address(es) failed:
>>>
>>>    e.crumley at us.fsc.org
>>>      SMTP error from remote mail server after RCPT TO:<e.crumley at us.fsc.org>:
>>>      host mail.global.frontbridge.com [213.199.180.150]:
>>>      550 5.7.1 Service unavailable; Client host [174.127.119.210] blocked using Spamhaus Blocklist, mail from IP banned; To request removal from this list seehttp://www.spamhaus.org/lookup.lasso.
>>>
>>> ------ This is a copy of the message, including all the headers. ------
>>>
>>> Return-path:<stacy at swampdancer.com>
>>> Received: from c-75-69-117-82.hsd1.ma.comcast.net ([75.69.117.82]:52141 helo=Stacy-Kontrabeckis-MacBook-Pro.local)
>>> 	by slmp-550-7.slc.westdc.net with esmtpsa (TLSv1:AES256-SHA:256)
>>> 	(Exim 4.77)
>>> 	(envelope-from<stacy at swampdancer.com>)
>>> 	id 1SV03v-002owt-1S
>>> 	fore.crumley at us.fsc.org; Thu, 17 May 2012 06:44:11 -0600
>>> Message-ID:<4FB4F299.4000609 at swampdancer.com>
>>> Date: Thu, 17 May 2012 08:44:09 -0400
>>> From: Stacy Kontrabecki<stacy at swampdancer.com>
>>> Organization: Swampdancer Resources
>>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
>>> MIME-Version: 1.0
>>> To:e.crumley at us.fsc.org
>>> Subject: Re: Q: move to credit based product group
>>> References:<4FB3E1B9.1050109 at swampdancer.com>
>>> In-Reply-To:<4FB3E1B9.1050109 at swampdancer.com>
>>> Content-Type: multipart/alternative;
>>>   boundary="------------010606080405050701050600"
>>>
>>> This is a multi-part message in MIME format.
>>> --------------010606080405050701050600
>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>> Content-Transfer-Encoding: 7bit
>>>
>>>
>>>
>>>
>>>
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com <http://www.avg.com/>
>>> Version: 2012.0.2176 / Virus Database: 2425/5004 - Release Date: 
>>> 05/16/12
>>>
>>
>>
>> -- 
>> Rich Roth
>> Webmaster/Steering Committee Member
>> Hidden-techhttp://www.hidden-tech.net
>> The Talent you need is right here,
>> Join and share your skills
>> ((Sponsored by Thrives Media))
>> _______________________________________________
>> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>> Hidden-discuss at lists.hidden-tech.net 
>> <mailto:Hidden-discuss at lists.hidden-tech.net>
>>
>> You are receiving this because you are on the Hidden-Tech Discussion 
>> list.
>> If you would like to change your list preferences, Go to the Members
>> page on the Hidden Tech Web site.
>> http://www.hidden-tech.net/members
>
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20120517/7c8a92c2/attachment.html 


Google

More information about the Hidden-discuss mailing list