Bus Conversions dot Com Bulletin Board
July 29, 2014, 08:04:39 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: If you had an E-Mag Subscription: It takes up much less space in your bus.
   Home   Help Forum Rules Search Calendar Login Register BCM Home Page Contact BCM  
Pages: [1]   Go Down
  Print  
Author Topic: Off topic but I am frustrated by something - Bad Guy out there sending viruses..  (Read 1169 times)
Hartley
Hero Member
*****
Offline Offline

Posts: 1217





Ignore
« on: October 18, 2006, 08:49:32 PM »

Does anyone recognize this IP address?  66.74.224.194

It is from RoadRunner in Southern California.

I have been getting email viruses from this IP address for over 9 months now, I have complained to RR.COM
and yet this one IP address keeps popping up sending me a Malware/Trojan virus.

This always tracks back to the same IP address, So it is a residential IP on a computer that stays on all
the time it appears. It Pings and responds but port scans don't show anything.

cpe(66.74.224.194)-res-socal.rr.com .. anyone have any ideas who this could be?

I know all about spoofing and that stuff. I was just hoping that someone recognized the address???

Dave....
Logged

Never take a knife to a gunfight!
ceieio
MCI 7 DD 8V71, HT740
Full Member
***
Offline Offline

Posts: 114


1973 MCI 7




Ignore
« Reply #1 on: October 18, 2006, 09:07:04 PM »

Dave - cut the header out of the email (more on this in a minute) and paste it into the text box on http://www.spamcop.com/ .  Hit the interrogate button and you should get the abuse address for this server.  I have to say that I think RR is terrible about responding to abuse posts... I have been getting a joe job spam attack from RR for a while and they don't seem to want to lock it down.  At any rate, give it a try and maybe you will get results.

Craig - MC7 Oregon
Logged

Craig MC7 - Oregon USA
Clarke Echols
Full Member
***
Offline Offline

Posts: 116




Ignore
« Reply #2 on: October 20, 2006, 09:52:08 PM »


Are you acting as your own ISP or do you have a commercial ISP?

I use Front Range Internet, a local ISP operating north of Denver and they have MailAmory which
scans all incoming emails for trojans, worms, and viruses and captures them.  In 7 years I have
NEVER been damaged by a virus of any kind.  Back in 1999-2000 or so, I got viruses but was
using Netscape 4.x as a mail reader and most of the worms exploited problems in Microsoft
Outlook or Outlook express which I avoid using for that reason.  Netscape didn't recognize the
security hole they were trying to exploit.

Mail Armory is available for other service providers.  See http://www.mailarmory.com for details.

Clarke
Logged
Hartley
Hero Member
*****
Offline Offline

Posts: 1217





Ignore
« Reply #3 on: October 20, 2006, 10:10:33 PM »

I have my own servers and are bulk hosted by Rackspace in Dallas TX, We have some pretty tough screens
and stuff doesn't get through. But the notifications of actions taken are reported.

There were some changes made yesterday to the antispam system and it's really working overtime now. Maybe that
will take care of that problem. I am sure that IP has been listed in SpamCop and other RBL systems by now.

Thanks for the Reply....

Dave.....
Logged

Never take a knife to a gunfight!
HighTechRedneck
Global Moderator
Hero Member
*****
Offline Offline

Posts: 2925


BCM Editor


WWW
« Reply #4 on: October 21, 2006, 09:28:24 AM »


 I am sure that IP has been listed in SpamCop and other RBL systems by now.


I just checked and it isn't currently listed in any commonly used lists (spamcop, sorbs, etc) or even in the outrageous blarsbl or spews lists. 

http://www.dnsstuff.com/tools/ip4r.ch?ip=66.74.224.194

It is showing in lists that report all dynamic IP's, something that has very limited value for most applications because it would block a lot of legitimate emails. But that has nothing to do with being reported for spam.

So if you still have the emails and their headers, I would definitely report them to spamcop and sorbs.  In general, one report won't get an IP listed.  But if several people report it then they will.  Once in those lists, most others will pick them up.
Logged
Hartley
Hero Member
*****
Offline Offline

Posts: 1217





Ignore
« Reply #5 on: October 21, 2006, 04:38:17 PM »

Well,

If it was easy to block I wouldn't have asked if anyone else was seeing the same IP. Our filters dont always
catch an IP source and have the ability to block that IP. It actually reports back as an IP in Huntington Beach California.

Whatever software is causing the problem it is directly doing a (HELO) to my server with no intermediate servers shown in the headers, Just the IP source and resolved source. I am beginning to worry that there is a backdoor hole in Qmail that is allowing this malicious software to channel in through an SMTP port somehow.

I am going to leave it to the engineers at Rackspace to worry over since they are getting the big bucks now for
server support and bulk hosting.

Thanks Anyway....

Dave....
Logged

Never take a knife to a gunfight!
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!