All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Spam Listings and Information about Listings
I'm guessing a number of providers here must have heard of http://www.uceprotect.net/ by now.
It's a hard line anti-spam service.
As it happens, our ASN has found it's way onto their black list, affecting all our IPs for anyone who uses their services to filter out spam.
Unfortunately, unlike Spamhaus, they do not seem to publish which IPs are responsible for the listing. Worse still, they charge for 'express' delisting.
I'm certainly not going to pay them for such a 'service'. But still, if our network is being abused, I'm keen to take care of it.
Does anything know of a good service out there that scans all the blacklistings out there under a given ASN so it can be reviewed and resolved 1 by 1. The only info I'm getting on UCE protect is which subnet. I have a /24 that has been listed for an infringement from a single IP, but I don't know which IP. I don't much fancy wasting my time checking IPs 1 by 1.
So if anyone knows a good way to quickly check all IPs, that would be great.
Thanks.
Comments
check with below to find ip reputation and email volume
https://talosintelligence.com/reputation_center
you can trackdown the ip by email volume
and
blchecktool.com to find any ip in common blacklist
also make use of hetrixtool for extensive list checking after finding bad ips
edit : i faced server powered down when listed on ucprotect by online.net. they take it serious may be they avoiding full block listing by taking server down untill delisting done
the more profitable than any others as they do premium removal for extra $$$$ and nothing to do with anti-spam service as they do blacklist a whole subnet even your IP is nothing do to with SPAM!
This is a scam, don't pay the ransom. You're not alone with this problem.
Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.
Yes. Most corrupt listing service i ever heard of.
Not that they're perfect or anything - but Spamhaus tell you exactly which IP address is responsible for the problem, are responsive and generally reasonable via email and don't charge for delisting.
I'd pick Spamhaus over uceprotect in a heartbeat.
dnsbl-3.uceprotect.net if so maybe affected by multiple level 1listing
http://www.uceprotect.net/en/index.php?m=3&s=5
to findout which /24 made the issue.
check one ip from every block with ucprotect . it will show if the /24 listed
Uceprotectl3 automatically delists entries after a certain period of no spam, but indeed, your best bet for quickly determining which exact IP address(es) is (are) the culprit(s) is probably via another list (other lists).
Cockbox owner Vincent Canfield (@gexcolo) was ranting about them on twitter.
Same. If you actively fight spam on your IP space, spamhaus becomes an ally. Obviously that's easier for me to say than a VPS provider, having root to everything using my IPs and all.
@randvegeta sorry to be OT, but it is nice to see you again! Hope you are doing fine
They seem to have recently gone through and added whole bunch of IPs. I am wondering if the sudden surge is related to the recent vulnerability in SolusVM Debian 10 template.
they not only do listing on certain subnet,but they like to do uce protect level3 for entire ASN and this will cause all ip subnets under that ASN to be blacklisted. that uce crap is entirely another level shite compared to spamhaus
At least spamhaus dont offer this kind of immature asshole payment scheme
This sounds like they're operated by 12 year olds. "Don't talk bad about us or else we'll hold your IP reputation as ransom!!"
Head over to http://www.uceprotect.net/en/rblcheck.php
Enter the ASN in the box & Select "ASN" from the dropdown
Then scroll down all the way to the bottom and click on
"Details about IP's involved and dates of impacts can be found here."
That then opens up a pop-up thing with the IPs listed + the number of "hits" each IP got.
Was interesting to read this : https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html
Disgusting. I certainly will not pay.
Unfortunately it's not specific as to which IP is the problem. It shows me the subnets, but the IP. I'd need to check IPs 1 by 1 if I really want to check.> @Ympker said:
Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?
Whilst not getting a /24 listed on that particular list, i'm currently having a situation invloving a historic listing (prior owner) of a /24 on spamrats as a "worst offender".
Its just plain annoying and even after sending the information that they requested, we are at the stage where they will de-list single ip's but not remove the misleading and clearly wrong information (by this point knowingly as i have brought it to their attention).
I have meeting scheduled with my legal council about that next week.
All part of playing the game
The end is nigh.
If taken care of, programmers, sysadmins and other person that is capable of removing this RBL from their system/software. But their is no guarantee that another RBL from this Uce won't come and programmers & sysadmins won't start trusting it.
don't be fear. this is best time to unity and all provider do most activity to blacklist all IP there.
This is so dodgy.
http://monitoring.uceprotect.net/
Basically if you get listed, they don't tell you why you get listed. Only tell you that you are. If you want to get unlisted for free, you need 0 cases for 7+ days for their automatic delisting. Otherwise, you need to pay 80 EUR + for a delisting request to be handled more quickly. HOWEVER, you still don't know which IP is responsible for the listing in the first place, so paying to delist is silly since if you dont resolve the problem, it will just come back quickly and you wasted money on the delist fee.
But dont worry! UCEPROTECT have a monitoring 'service'. You can pay them >400/yr to get notifications and reports on your IPs that are allegedly being abused.
This is such a ridiculous and sketchy business model.
I hope nobody here is paying these guys. If you are, fuck you!
https://prnt.sc/zm8ykq
Although this is just assurance I think everyone should report to responsible persons like RBL monitor, sysadmins, ISPs, mail providers so they will eventually remove this crook and RBL like this will become useless over time.
I hear you mate Hope this gets solved :S Glad to hear you are alright.
Looking into them further, http://www.uceprotect.org/:
WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!
I find that people who engage in veiled threats are also likely to engage in blackmail and extortion. This sounds like something a gang member would say...
I don't know who they really are but maybe it's time we found out.