Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Spam Listings and Information about Listings
New on LowEndTalk? Please Register and read our Community Rules.

Spam Listings and Information about Listings

randvegetarandvegeta Member, Provider
edited February 14 in Help

I'm guessing a number of providers here must have heard of http://www.uceprotect.net/ by now.

It's a hard line anti-spam service.

As it happens, our ASN has found it's way onto their black list, affecting all our IPs for anyone who uses their services to filter out spam.

Unfortunately, unlike Spamhaus, they do not seem to publish which IPs are responsible for the listing. Worse still, they charge for 'express' delisting.

I'm certainly not going to pay them for such a 'service'. But still, if our network is being abused, I'm keen to take care of it.

Does anything know of a good service out there that scans all the blacklistings out there under a given ASN so it can be reviewed and resolved 1 by 1. The only info I'm getting on UCE protect is which subnet. I have a /24 that has been listed for an infringement from a single IP, but I don't know which IP. I don't much fancy wasting my time checking IPs 1 by 1.

So if anyone knows a good way to quickly check all IPs, that would be great.

Thanks.

Comments

  • vpsGODvpsGOD Member, Provider
    edited February 14

    check with below to find ip reputation and email volume
    https://talosintelligence.com/reputation_center
    you can trackdown the ip by email volume

    and
    blchecktool.com to find any ip in common blacklist

    also make use of hetrixtool for extensive list checking after finding bad ips

    edit : i faced server powered down when listed on ucprotect by online.net. they take it serious may be they avoiding full block listing by taking server down untill delisting done

    vpsgod.com : Shared | Reseller | VPS | RDP | Dedi | VPS Reseller

    $16/yr VPS- ovz7 NL| 256MB RAM

  • WebProjectWebProject Member, Provider
    edited February 14

    @randvegeta said: I'm guessing a number of providers here must have heard of http://www.uceprotect.net/ by now.

    the more profitable than any others as they do premium removal for extra $$$$ and nothing to do with anti-spam service as they do blacklist a whole subnet even your IP is nothing do to with SPAM!

    VPS Price Match Guarantee on: All our range of DDOS protected VPS Plans
    Are you looking for best price for self-managed VPS? See WebProVPS website for more details.
  • This is a scam, don't pay the ransom. You're not alone with this problem.



  • Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    #!/Bashblog.net | Free Wordpress Hosting | If you can't idle, what's the point?

  • HostSlickHostSlick Member, Provider

    Yes. Most corrupt listing service i ever heard of.

  • jackbjackb Member, Provider

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    Not that they're perfect or anything - but Spamhaus tell you exactly which IP address is responsible for the problem, are responsive and generally reasonable via email and don't charge for delisting.

    I'd pick Spamhaus over uceprotect in a heartbeat.

    Afterburst - Awesome OpenVZ&KVM VPS in US+EU

  • vpsGODvpsGOD Member, Provider

    dnsbl-3.uceprotect.net if so maybe affected by multiple level 1listing

    http://www.uceprotect.net/en/index.php?m=3&s=5

    to findout which /24 made the issue.
    check one ip from every block with ucprotect . it will show if the /24 listed

    vpsgod.com : Shared | Reseller | VPS | RDP | Dedi | VPS Reseller

    $16/yr VPS- ovz7 NL| 256MB RAM

  • Uceprotectl3 automatically delists entries after a certain period of no spam, but indeed, your best bet for quickly determining which exact IP address(es) is (are) the culprit(s) is probably via another list (other lists).

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • Cockbox owner Vincent Canfield (@gexcolo) was ranting about them on twitter.

  • jarjar Provider

    @jackb said:

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    Not that they're perfect or anything - but Spamhaus tell you exactly which IP address is responsible for the problem, are responsive and generally reasonable via email and don't charge for delisting.

    I'd pick Spamhaus over uceprotect in a heartbeat.

    Same. If you actively fight spam on your IP space, spamhaus becomes an ally. Obviously that's easier for me to say than a VPS provider, having root to everything using my IPs and all.

  • YmpkerYmpker Member
    edited February 14

    @randvegeta sorry to be OT, but it is nice to see you again! Hope you are doing fine :)

    Thanked by 1randvegeta
  • They seem to have recently gone through and added whole bunch of IPs. I am wondering if the sudden surge is related to the recent vulnerability in SolusVM Debian 10 template.

  • estnocestnoc Member, Provider

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    they not only do listing on certain subnet,but they like to do uce protect level3 for entire ASN and this will cause all ip subnets under that ASN to be blacklisted. that uce crap is entirely another level shite compared to spamhaus :smile:

    EstNOC.ee - Hosting and DataCentre services in 35 EU/ASIA/USA locations.

  • JioJio Member

    @estnoc said: that uce crap is entirely another level shite

    At least spamhaus dont offer this kind of immature asshole payment scheme

    image

  • @Jio said:

    @estnoc said: that uce crap is entirely another level shite

    At least spamhaus dont offer this kind of immature asshole payment scheme

    image

    This sounds like they're operated by 12 year olds. "Don't talk bad about us or else we'll hold your IP reputation as ransom!!"

    Thanked by 2lentro randvegeta
  • SpeedBusSpeedBus Member, Provider

    Head over to http://www.uceprotect.net/en/rblcheck.php

    Enter the ASN in the box & Select "ASN" from the dropdown

    Then scroll down all the way to the bottom and click on
    "Details about IP's involved and dates of impacts can be found here."

    That then opens up a pop-up thing with the IPs listed + the number of "hits" each IP got.

    Thanked by 1angstrom

    CrownCloud - Internet Services | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands

  • RIYADRIYAD Member, Provider
    Thanked by 1randvegeta

    DeployNode - 1GB Ram , 20GB Storage , 1xCPU , 1TB BW ,Price :$1/month !
    Host4Fun KVM VPS in : SG,NYC,SEA,LA,UK,NL,PHX,ASH,ATL,NY,NC,DAL,MIA,CHI,OR,RS,DE,FR,PL,RO,CA (21+ Locations!).

  • randvegetarandvegeta Member, Provider

    Disgusting. I certainly will not pay.

    @SpeedBus said:
    Head over to http://www.uceprotect.net/en/rblcheck.php

    Enter the ASN in the box & Select "ASN" from the dropdown

    Then scroll down all the way to the bottom and click on
    "Details about IP's involved and dates of impacts can be found here."

    That then opens up a pop-up thing with the IPs listed + the number of "hits" each IP got.

    Unfortunately it's not specific as to which IP is the problem. It shows me the subnets, but the IP. I'd need to check IPs 1 by 1 if I really want to check.> @Ympker said:

    @randvegeta sorry to be OT, but it is nice to see you again! Hope you are doing fine :)

    Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    Thanked by 1Ympker
  • SGrafSGraf Member, Provider
    edited February 15

    Whilst not getting a /24 listed on that particular list, i'm currently having a situation invloving a historic listing (prior owner) of a /24 on spamrats as a "worst offender".

    Its just plain annoying and even after sending the information that they requested, we are at the stage where they will de-list single ip's but not remove the misleading and clearly wrong information (by this point knowingly as i have brought it to their attention).

    I have meeting scheduled with my legal council about that next week.

    @randvegeta said:
    Who has time to deal with this shit eh?

    All part of playing the game :smiley:

    MyRoot.PW ★ Dedicated Servers ★ LIR-Services ★
    Vienna/Austria - [email protected]

  • @SCAM_DONT_BUY said: This is a scam, don't pay the ransom. You're not alone with this problem.

    The end is nigh.

    When you're afraid, close your eyes and count to five. Sometimes it works for me.

  • @randvegeta said: Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    If taken care of, programmers, sysadmins and other person that is capable of removing this RBL from their system/software. But their is no guarantee that another RBL from this Uce won't come and programmers & sysadmins won't start trusting it.

    When you're afraid, close your eyes and count to five. Sometimes it works for me.

  • don't be fear. this is best time to unity and all provider do most activity to blacklist all IP there.

  • randvegetarandvegeta Member, Provider

    This is so dodgy.

    http://monitoring.uceprotect.net/

    Basically if you get listed, they don't tell you why you get listed. Only tell you that you are. If you want to get unlisted for free, you need 0 cases for 7+ days for their automatic delisting. Otherwise, you need to pay 80 EUR + for a delisting request to be handled more quickly. HOWEVER, you still don't know which IP is responsible for the listing in the first place, so paying to delist is silly since if you dont resolve the problem, it will just come back quickly and you wasted money on the delist fee.

    But dont worry! UCEPROTECT have a monitoring 'service'. You can pay them >400/yr to get notifications and reports on your IPs that are allegedly being abused.

    This is such a ridiculous and sketchy business model.

    I hope nobody here is paying these guys. If you are, fuck you!

    Thanked by 2daffy estnoc
  • https://prnt.sc/zm8ykq

    Although this is just assurance I think everyone should report to responsible persons like RBL monitor, sysadmins, ISPs, mail providers so they will eventually remove this crook and RBL like this will become useless over time.

    Thanked by 2randvegeta estnoc

    When you're afraid, close your eyes and count to five. Sometimes it works for me.

  • @randvegeta said:

    Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    I hear you mate :/ Hope this gets solved :S Glad to hear you are alright.

    Thanked by 1randvegeta
  • Looking into them further, http://www.uceprotect.org/:

    WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!

    I find that people who engage in veiled threats are also likely to engage in blackmail and extortion. This sounds like something a gang member would say...

    Thanked by 1randvegeta
  • jarjar Provider

    @ehhthing said:
    Looking into them further, http://www.uceprotect.org/:

    WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!

    I find that people who engage in veiled threats are also likely to engage in blackmail and extortion. This sounds like something a gang member would say...

    I don't know who they really are but maybe it's time we found out.

    Thanked by 1randvegeta
Sign In or Register to comment.