blacklisted

Removal Instructions:

Too many removals this week, we recommend you read and implement our suggestions, and try again later.

212.60.70.174
modou bojangAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
Hi modou,

Scanning the network is not the entirety of this solution. Your IP is a repeated offender for a very specific reason. Based on what the report is stating I don't believe this is spam related at all but rather a network compromise/infection.

This IP address was detected and listed 13 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Thu Feb 22 10:55:00 2018 UTC +/- 5 minutes

This IP address was self-removed 2 times in the past week.

Repeat offenders are treated differently than one-time offenders. As the offense repeats so does the severity of the punishment increase.

Your ISP detected this malicious connection by observing your IP through the use of botnets was attempting to make contact to a C&C (Command & Control) server, with contents unique to C&C command protocols.

This was detected by a TCP connection from "212.60.70.174" on port "n/a" going to IP address "184.105.192.2" (the sinkhole) on port "80".

The botnet command and control domain for this connection was "184.105.192.2".
REF: https://www.abuseat.org/lookup.cgi?212.60.70.174 --read all of this thoroughly.

Also, if you simply use another IP address as mentioned above that IP address will also become blacklisted - you must source the root of the problem or prove that it is a red-herring.

Read the list under the FAQ: How do I contact the folks behind the CBL? https://www.abuseat.org/faq.html
Don't repeatedly ask us to remove an IP without doing anything to fix the problem that caused the listing. We notice people doing this and will refuse to delist the IP if it continues.
Do NOT contact them to delist until you have found the infection/compromise & remediated it or have proof that the claim is false...you have repeatedly offended and they will not delist if it continues! It may be an open proxy or some other sort of security compromise, or some sort of unusual misconfiguration which is causing your IP to be relisted.

Let me know if you have any other questions!
4
 
Dr. KlahnPrincipal Software EngineerCommented:
Can you be more specific as to what your question is, and what result you desire?
0
 
Hello ThereSystem AdministratorCommented:
We need more info.

But... There is a limit for this operation in Chrome, so you just need to wait.

Anyway I gues you are reffering to this. Please, check this out.
https://www.voog.com/blog/how-to-remove-your-website-or-web-page-from-google
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
modou bojangAuthor Commented:
my local email server is been blacklisted by CBL and I can 't removed it its almost 48hrs now .
 212.60.70.174 is the ip address.
0
 
modou bojangAuthor Commented:
yes you right
1
 
Dr. KlahnPrincipal Software EngineerCommented:
If the CBL says "Too many removals this week, we recommend you read and implement our suggestions, and try again later," then there's nothing you can do but that.  They're very strict.  Carefully read and follow their suggestions.  Clean up the server, find out if it's open for unauthenticated use/abuse, stop sending any email through it and read the logs to see if there's still email going out.

If the email abuse they detected continues -- however they detected it, and they don't tell that -- then you won't get off that blacklist until the problem is cleaned up.  If the problem continues for any amount of time and you keep trying to unban it without solving the problem, then they'll ban that IP permanently and you certainly don't want that.

If you don't have administrative control of that email server, then obviously you can't clean it up.  In that case you'd have to try routing your email out through a third party SMTP forwarder such as SMTP2Go.  For small numbers of emails it's free; for larger numbers there is a charge.   Do note, however, that if you're sending unsolicited commercial email SMTP2Go will catch it and cut you off almost immediately, as they have a reputation to preserve and they don't want their outgoing servers banned.

https://www.smtp2go.com/
1
 
modou bojangAuthor Commented:
I have scan all the computers and I have check all the sitting on the firewall,  but they still do not unblock me .
0
 
Dr. KlahnPrincipal Software EngineerCommented:
See my previous comment above.  They won't allow unblocking until they are satisfied that the problem no longer exists.  This might take a few days, but I've heard of it going as long as a month before allowing unbanning if they deem the situation to be severe.
0
 
kenfcampCommented:
By the sounds of the report the IP has been flagged as being infected or providing NATting for a machine infected with a botnet

Somebody's got some work ahead of them before that block goes away :\
1
 
modou bojangAuthor Commented:
so there is nothing I can do about this right ?
0
 
Hello ThereSystem AdministratorCommented:
Call your ISP provider now. Explain the situation. The next move is on him.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
On the contrary.  You must take all the steps that the CBL recommended, disconnect the machine from the internet, inspect all access to the machine, read through the logs, stop all outgoing use of that email server, sweep it for viruses using at least two different antiviruses, run Malwarebytes on it at the highest sensitivity, run Spybot - Search and Destroy on it at the highest sensitivity, change all account names and passwords, reset the encryption keys, and that's just a good start.  Figure at least three 8-hour days of work ahead of you trying to figure out what the problem is.

Of course, we don't have the entire picture here and we don't know why the ban occurred.  Possibly you or somebody at your site was deliberately sending unsolicited commercial email through that server.  If that's the case then nothing is going to get it unbanned because as soon as it gets unbanned it'll get banned again, and after a couple of times the ban will become permanent.
3
 
modou bojangAuthor Commented:
okay if they can change the ip address right.
0
 
kenfcampCommented:
okay if they can change the ip address right.

That's not fixing the problem... The new IP will eventually get blocked too if the matter is not resolved
2
 
modou bojangAuthor Commented:
I have done a full scanning on my network which I think if they unblock me they will not block me again
0
 
arnoldCommented:
do you allow user devices to connect to your network? The issue might be related to other things.

Block outgoing port 25 connections on your firewall with exclusion allowing your mail server only.
If you have multiple public IPs, breaking it in a way that the mailserver is using its own public ip deals with if you have users who click on things or potentially access and relay message that gets caught ..
CBO also adds IPs based in bot activity.
0
 
arnoldCommented:
They are seeing that a system internal to you connected as a web browser to a honeypot address.

This was detected by a TCP connection from "212.60.70.174" on port "n/a" going to IP address "184.105.192.2" (the sinkhole) on port "80".

It is more difficult to determine whether you have a system with a browser plug-in ........
Or the use of a reference that is pointing to that ip.
0
 
Jian An LimSolutions ArchitectCommented:
to make sure Exchange to become operating, I will immediately use a cloud based security so your business email will continue operate.

you can sign up mimecast, symantec cloud, mailguard or any cloud based application and configure outbound to them. They will at least take care of spam email (if it generated from Exchange). that give you some idea whether is your Exchange server get compromised.

then you can keep looking around like others but i reckon it could be sending from exchange server.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
No further input from requester.  Question is worth keeping for archival purposes.  Most experts weighed in with apposite comments addressing the situation.  Points assigned according to perceived magnitude of the contributions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.