Re: [Declude.JunkMail] Spam attack
on 7/19/05 12:50 PM, Richard Farris wrote: I got hit again with these two [69.60.97.208] 209.97.209.0/24 Is there anyone out there that runs an ISP that is seeing the same thing..and if so other than blacklisting the IP, how do you stop it...this is twice in a few days I have been hammered Deny them access to your network at your main router. ie. deny tcp 209.97.209.0 0.0.0.255 any Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam attack
I got hit again with these two [69.60.97.208] 209.97.209.0/24 Is there anyone out there that runs an ISP that is seeing the same thing..and if so other than blacklisting the IP, how do you stop it...this is twice in a few days I have been hammered Is there not a program out there that will delay the mail for a specific amount of time so it can register what is coming into the server and if a lot of mail comes from one IP or address it holds it for further review..that might stop a lot of this junk...as much as I have for spam to go thru, I am still getting hammered at timesthere has got to be a reason...I have taken everyone out of the whitelist on the TO and that has helped but not good enoughany suggestions would be appreciated.. Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet" - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Saturday, July 16, 2005 1:27 PM Subject: [Declude.JunkMail] Spam attack FYI, I got slammed by these two IPs last nite..207.32.221.0/24216.14.20.0/24 Did anyone else see this Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet
Re: [Declude.JunkMail] Spam attack
Hi Richard, Richard Farris wrote: I got hit again with these two [69.60.97.208] 209.97.209.0/24 other than blacklisting the IP, how do you stop it... What I do is lookup the IP on senderbase. puts its ip addresses that send mail in an ip_hosts.txt file and score that file one fourth my delete weight. I then look up the network owner. From that I add associated names to my bodydomains.txt file that I score the same. I also take more ip addresses of hosts and add them to the ip_hosts text file. I also do an Arin lookup of the ip space to get more info adding info to an ip_networks,txt file as need be. This is somewhat time consuming however you will be amazed in a short time how the efforts pay off. any suggestions would be appreciated.. Need to see your config and an explanation of how you score to give more info. Feel free to email me off list if you prefer - -Nick Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Saturday, July 16, 2005 1:27 PM Subject: [Declude.JunkMail] Spam attack FYI, I got slammed by these two IPs last nite..207.32.221.0/24 216.14.20.0/24 Did anyone else see this Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet
Re: [Declude.JunkMail] Spam attack
Yep...The first one got me a couple ago. Interesting too. It has no entry in Arin's database. - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Saturday, July 16, 2005 1:27 PM Subject: [Declude.JunkMail] Spam attack FYI, I got slammed by these two IPs last nite..207.32.221.0/24216.14.20.0/24 Did anyone else see this Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet
Re: [Declude.JunkMail] Spam attack
The first one is in Jacksonville Fla. Second one in Dallas Tx. Robert - Original Message - From: J Porter To: Declude.JunkMail@declude.com Sent: Sunday, July 17, 2005 3:34 AM Subject: Re: [Declude.JunkMail] Spam attack Yep...The first one got me a couple ago. Interesting too. It has no entry in Arin's database. - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Saturday, July 16, 2005 1:27 PM Subject: [Declude.JunkMail] Spam attack FYI, I got slammed by these two IPs last nite..207.32.221.0/24216.14.20.0/24 Did anyone else see this Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet
Re: [Declude.JunkMail] Spam attack
The second one also says NY NY Hum... Two locations for the same Net Block? - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Saturday, July 16, 2005 2:27 PM Subject: [Declude.JunkMail] Spam attack FYI, I got slammed by these two IPs last nite..207.32.221.0/24216.14.20.0/24 Did anyone else see this Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet
RE: [Declude.JunkMail] Spam Attack
While I haven't seen this particular type of attack, I do have one client that is seeing something very similar. He is getting mail-bombed from numerous spam sites/IP's.. he is rejecting over 300 an hour, and this is for a site with only a 512k connection and 50 users... It's been happening for over 3 months now. Karl Drugge, Systems Network Engineer -Original Message- From: Adrian Hauri [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:51 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Spam Attack These IP addresses are blacklisted as an open relay in ORDB etc. Check http://www.dnsstuff.com/tools/ip4r.ch?ip=217.16.118.12 Cheers Adrian - - Original Message - From: Jeff Kratka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:43 PM Subject: RE: [Declude.JunkMail] Spam Attack I first thought that but there are different messages, just bad jokes each message. There were also some viruses atteched which were caught. Jeff -- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 9 Jul 2003 17:39:39 -0700 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, July 09, 2003 5:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Attack Just to let everyone know so others don't get hit with it, I just had a Spam attack/Bomb from one particular location. As soon as I found out I blocked everything possible and things are working. It was so bad that it killed the server. It came from: [217.16.118.12] MAIL From:[EMAIL PROTECTED] Every single e-mail was to the same address and from the same address and IP, there were a couple of thousand that attempted this. My guess is there spam software is stuck in a loop and sending the the same address over and over? Just thought some others would like to know. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- ** TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] ** -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Attack
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, July 09, 2003 5:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Attack Just to let everyone know so others don't get hit with it, I just had a Spam attack/Bomb from one particular location. As soon as I found out I blocked everything possible and things are working. It was so bad that it killed the server. It came from: [217.16.118.12] MAIL From:[EMAIL PROTECTED] Every single e-mail was to the same address and from the same address and IP, there were a couple of thousand that attempted this. My guess is there spam software is stuck in a loop and sending the the same address over and over? Just thought some others would like to know. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Attack
I first thought that but there are different messages, just bad jokes each message. There were also some viruses atteched which were caught. Jeff -- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 9 Jul 2003 17:39:39 -0700 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, July 09, 2003 5:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Attack Just to let everyone know so others don't get hit with it, I just had a Spam attack/Bomb from one particular location. As soon as I found out I blocked everything possible and things are working. It was so bad that it killed the server. It came from: [217.16.118.12] MAIL From:[EMAIL PROTECTED] Every single e-mail was to the same address and from the same address and IP, there were a couple of thousand that attempted this. My guess is there spam software is stuck in a loop and sending the the same address over and over? Just thought some others would like to know. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- ** TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] ** -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Attack
These IP addresses are blacklisted as an open relay in ORDB etc. Check http://www.dnsstuff.com/tools/ip4r.ch?ip=217.16.118.12 Cheers Adrian - - Original Message - From: Jeff Kratka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:43 PM Subject: RE: [Declude.JunkMail] Spam Attack I first thought that but there are different messages, just bad jokes each message. There were also some viruses atteched which were caught. Jeff -- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 9 Jul 2003 17:39:39 -0700 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, July 09, 2003 5:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Attack Just to let everyone know so others don't get hit with it, I just had a Spam attack/Bomb from one particular location. As soon as I found out I blocked everything possible and things are working. It was so bad that it killed the server. It came from: [217.16.118.12] MAIL From:[EMAIL PROTECTED] Every single e-mail was to the same address and from the same address and IP, there were a couple of thousand that attempted this. My guess is there spam software is stuck in a loop and sending the the same address over and over? Just thought some others would like to know. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- ** TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] ** -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.