My IP blocked by my hosting company

spicyayam

spicyayam

Well-Known Member
Jan 12, 2009
3,594
342
83
I was having trouble accessing one of my sites and my hosting company found that it is blocking my IP because it is listed on some spam sites. This is the report from: http://www.abuseat.org/ (I deleted my IP)

Not sure how to report this to Telkom or if they even care.

IP Address X.X.X.X is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

It was last detected at 2017-02-15 01:00 GMT (+/- 30 minutes), approximately 30 minutes ago.

This IP is infected with, or is NATting for a machine infected with s_gozi

Note: If you wish to look up this bot name via the web, remove the "s_" before you do your search.

This was detected by observing this IP attempting to make contact to a s_gozi Command and Control server, with contents unique to s_gozi C&C command protocols.

This was detected by a TCP/IP connection from "X.X.X.X" on port "18085" going to IP address "87.106.18.141" (the sinkhole) on port "80".
 
Last edited:
Markit

Markit

Well-Known Member
Sep 3, 2007
9,358
1,153
113
Karangasem, Bali
Any ideas how you might have infected yourself?

Does this affect 'only' your personal PC or do expect the servers for this forum are also infected?

If the later do you have any concerns about our machines? - clearly no one in their right minds would download anything that might be "opened" on their own machines such as .exe files.

The major problem with malware today is that the purveyors are getting smarter and smarter about spreading it and many "warnings" and "solutions" can now be seen as infection dangers too so "just download and run this small program to rid yourself of all viruses" yea sure! But, where to turn? I certainly don't know.
 
spicyayam

spicyayam

Well-Known Member
Jan 12, 2009
3,594
342
83
This is Telkom's problem. When I connect to the internet Telkom gives me an IP address. You can check your IP by going to any one of the many what is my IP address. When I put my IP into: http://www.abuseat.org/ it shows the report above. Maybe you can try your IP and see what you get.

Only one particular hosting company is blocking this IP all other sites work fine.
 
JohnnyCool

JohnnyCool

Well-Known Member
Jan 10, 2009
1,414
88
48
Sanur
This might be a bit too technical for this forum, and I doubt that Telkom would stick their hand up to fix it.

If you really do have some nasty in there, finding/removing it could be difficult. The last ditch "solution" would be to reformat the drive and reinstall Windows (ouch!).

Have you got a spare computer/laptop that you could connect to the modem? If so, it might be worth a shot just to see if the problem persists. Or, try installing the backup image of your system when it was fine (you do have one, don't you?). Perhaps changing your IP address to something like Google Public DNS or OpenDNS might help.

How about your hosting company? Does it have any suggestions?

Good luck.
 
spicyayam

spicyayam

Well-Known Member
Jan 12, 2009
3,594
342
83
Well our internet is shared between a few people. I keep my computers up to date. That domain in that report above gave me some suspicions as to who/what it might be. I think I have worked it now :)
 
Last edited:
You must log in or register to reply here.
Top Bottom