Discuss September 2013

discuss@lists.surbl.org

4 participants
3 discussions

Re: [SURBL-Discuss] How to figure out the virtual host, containing malware
by Michele Neylon - Blacknight 23 Sep '13

23 Sep '13

They publish feeds by AS number and you can also check blocks of IPs Sorry on mobile so I can't provide the link ------------------------ Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity > On 21 Sep 2013, at 12:11, "Neil Schwartzman" <neil(a)cauce.org> wrote: > > >> On Sep 20, 2013, at 6:47 AM, Michele Neylon - Blacknight <michele(a)blacknight.com> wrote: >> >> Roger >> >> Check the Google feeds - they specify the URL / domain that's being abused > > michelle - interesting. but which google feeds? > >> >> Regards >> >> Michele >> >> -- >> Mr Michele Neylon >> Blacknight Solutions >> Hosting & Colocation, Domains >> http://www.blacknight.co/ >> http://blog.blacknight.com/ >> http://mneylon.tel/ >> Intl. +353 (0) 59 9183072 >> Locall: 1850 929 929 >> Direct Dial: +353 (0)59 9183090 >> Fax. +353 (0) 1 4811 763 >> Twitter: http://twitter.com/mneylon >> ------------------------------- >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty >> Road,Graiguecullen,Carlow,Ireland Company No.: 370845 >> >> ________________________________________ >> From: Roger Schreiter [roger(a)planinternet.de] >> Sent: 20 September 2013 14:06 >> To: discuss(a)lists.surbl.org >> Subject: [SURBL-Discuss] How to figure out the virtual host, containing malware >> >> Hello, >> >> we are operating email servers and approx 100 virtual web servers on the >> same machine. >> >> Some email receivers do block our emails, because our server >> seems to distribute malware on a virtual webserver and is now listed >> on surbl.org. >> >> Ok, now I have to figure out, which of our 100 customers is hosting >> a malware on his virtual webserver, most like without knowledge >> and being victime of a spyware or an unsecure CMS. (The latter should >> be of course removed asap from our server.) >> >> I wonder, how can I get a hint, which customer's web space is >> affected? Is there any mean to get more details from surbl.org, >> about the malware source? Domainname or addidional even a filename would >> be very helpful. >> >> Thanks for any hints! >> Roger. >> >> -- >> Roger Schreiter >> Lutherstr. 9 >> D-71576 Burgstetten >> Tel.: +49 7191 8929678 >> >> _______________________________________________ >> Discuss mailing list >> Discuss(a)lists.surbl.org >> http://lists.surbl.org/mailman/listinfo/discuss >> >> _______________________________________________ >> Discuss mailing list >> Discuss(a)lists.surbl.org >> http://lists.surbl.org/mailman/listinfo/discuss > > > _______________________________________________ > Discuss mailing list > Discuss(a)lists.surbl.org > http://lists.surbl.org/mailman/listinfo/discuss

2 1

Re: [SURBL-Discuss] How to figure out the virtual host, containing malware
by Michele Neylon - Blacknight 21 Sep '13

21 Sep '13

Roger Check the Google feeds - they specify the URL / domain that's being abused Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ________________________________________ From: Roger Schreiter [roger(a)planinternet.de] Sent: 20 September 2013 14:06 To: discuss(a)lists.surbl.org Subject: [SURBL-Discuss] How to figure out the virtual host, containing malware Hello, we are operating email servers and approx 100 virtual web servers on the same machine. Some email receivers do block our emails, because our server seems to distribute malware on a virtual webserver and is now listed on surbl.org. Ok, now I have to figure out, which of our 100 customers is hosting a malware on his virtual webserver, most like without knowledge and being victime of a spyware or an unsecure CMS. (The latter should be of course removed asap from our server.) I wonder, how can I get a hint, which customer's web space is affected? Is there any mean to get more details from surbl.org, about the malware source? Domainname or addidional even a filename would be very helpful. Thanks for any hints! Roger. -- Roger Schreiter Lutherstr. 9 D-71576 Burgstetten Tel.: +49 7191 8929678 _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

3 2

How to figure out the virtual host, containing malware
by Roger Schreiter 20 Sep '13

20 Sep '13

Hello, we are operating email servers and approx 100 virtual web servers on the same machine. Some email receivers do block our emails, because our server seems to distribute malware on a virtual webserver and is now listed on surbl.org. Ok, now I have to figure out, which of our 100 customers is hosting a malware on his virtual webserver, most like without knowledge and being victime of a spyware or an unsecure CMS. (The latter should be of course removed asap from our server.) I wonder, how can I get a hint, which customer's web space is affected? Is there any mean to get more details from surbl.org, about the malware source? Domainname or addidional even a filename would be very helpful. Thanks for any hints! Roger. -- Roger Schreiter Lutherstr. 9 D-71576 Burgstetten Tel.: +49 7191 8929678

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss September 2013