Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spam Listings and Information about Listings
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spam Listings and Information about Listings

randvegetarandvegeta Member, Host Rep
edited February 2021 in Help

I'm guessing a number of providers here must have heard of http://www.uceprotect.net/ by now.

It's a hard line anti-spam service.

As it happens, our ASN has found it's way onto their black list, affecting all our IPs for anyone who uses their services to filter out spam.

Unfortunately, unlike Spamhaus, they do not seem to publish which IPs are responsible for the listing. Worse still, they charge for 'express' delisting.

I'm certainly not going to pay them for such a 'service'. But still, if our network is being abused, I'm keen to take care of it.

Does anything know of a good service out there that scans all the blacklistings out there under a given ASN so it can be reviewed and resolved 1 by 1. The only info I'm getting on UCE protect is which subnet. I have a /24 that has been listed for an infringement from a single IP, but I don't know which IP. I don't much fancy wasting my time checking IPs 1 by 1.

So if anyone knows a good way to quickly check all IPs, that would be great.

Thanks.

Comments

  • vpsGODvpsGOD Member, Host Rep
    edited February 2021

    check with below to find ip reputation and email volume
    https://talosintelligence.com/reputation_center
    you can trackdown the ip by email volume

    and
    blchecktool.com to find any ip in common blacklist

    also make use of hetrixtool for extensive list checking after finding bad ips

    edit : i faced server powered down when listed on ucprotect by online.net. they take it serious may be they avoiding full block listing by taking server down untill delisting done

  • WebProjectWebProject Host Rep, Veteran
    edited February 2021

    @randvegeta said: I'm guessing a number of providers here must have heard of http://www.uceprotect.net/ by now.

    the more profitable than any others as they do premium removal for extra $$$$ and nothing to do with anti-spam service as they do blacklist a whole subnet even your IP is nothing do to with SPAM!

  • This is a scam, don't pay the ransom. You're not alone with this problem.

  • Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

  • HostSlickHostSlick Member, Patron Provider

    Yes. Most corrupt listing service i ever heard of.

  • jackbjackb Member, Host Rep

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    Not that they're perfect or anything - but Spamhaus tell you exactly which IP address is responsible for the problem, are responsive and generally reasonable via email and don't charge for delisting.

    I'd pick Spamhaus over uceprotect in a heartbeat.

  • vpsGODvpsGOD Member, Host Rep

    dnsbl-3.uceprotect.net if so maybe affected by multiple level 1listing

    http://www.uceprotect.net/en/index.php?m=3&s=5

    to findout which /24 made the issue.
    check one ip from every block with ucprotect . it will show if the /24 listed

  • Uceprotectl3 automatically delists entries after a certain period of no spam, but indeed, your best bet for quickly determining which exact IP address(es) is (are) the culprit(s) is probably via another list (other lists).

  • Cockbox owner Vincent Canfield (@gexcolo) was ranting about them on twitter.

  • jarjar Patron Provider, Top Host, Veteran

    @jackb said:

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    Not that they're perfect or anything - but Spamhaus tell you exactly which IP address is responsible for the problem, are responsive and generally reasonable via email and don't charge for delisting.

    I'd pick Spamhaus over uceprotect in a heartbeat.

    Same. If you actively fight spam on your IP space, spamhaus becomes an ally. Obviously that's easier for me to say than a VPS provider, having root to everything using my IPs and all.

  • YmpkerYmpker Member
    edited February 2021

    @randvegeta sorry to be OT, but it is nice to see you again! Hope you are doing fine :)

    Thanked by 1randvegeta
  • They seem to have recently gone through and added whole bunch of IPs. I am wondering if the sudden surge is related to the recent vulnerability in SolusVM Debian 10 template.

  • estnocestnoc Member, Patron Provider

    @LTniger said:
    Am I wrong by saying that uce lists whole subnet only if there is repetitive and frequent listing? They are better than spamhaus.

    they not only do listing on certain subnet,but they like to do uce protect level3 for entire ASN and this will cause all ip subnets under that ASN to be blacklisted. that uce crap is entirely another level shite compared to spamhaus :smile:

  • @estnoc said: that uce crap is entirely another level shite

    At least spamhaus dont offer this kind of immature asshole payment scheme

    image

  • @Jio said:

    @estnoc said: that uce crap is entirely another level shite

    At least spamhaus dont offer this kind of immature asshole payment scheme

    image

    This sounds like they're operated by 12 year olds. "Don't talk bad about us or else we'll hold your IP reputation as ransom!!"

    Thanked by 2lentro randvegeta
  • SpeedBusSpeedBus Member, Host Rep

    Head over to http://www.uceprotect.net/en/rblcheck.php

    Enter the ASN in the box & Select "ASN" from the dropdown

    Then scroll down all the way to the bottom and click on
    "Details about IP's involved and dates of impacts can be found here."

    That then opens up a pop-up thing with the IPs listed + the number of "hits" each IP got.

    Thanked by 1angstrom
  • RIYADRIYAD Member, Patron Provider
  • randvegetarandvegeta Member, Host Rep

    Disgusting. I certainly will not pay.

    @SpeedBus said:
    Head over to http://www.uceprotect.net/en/rblcheck.php

    Enter the ASN in the box & Select "ASN" from the dropdown

    Then scroll down all the way to the bottom and click on
    "Details about IP's involved and dates of impacts can be found here."

    That then opens up a pop-up thing with the IPs listed + the number of "hits" each IP got.

    Unfortunately it's not specific as to which IP is the problem. It shows me the subnets, but the IP. I'd need to check IPs 1 by 1 if I really want to check.> @Ympker said:

    @randvegeta sorry to be OT, but it is nice to see you again! Hope you are doing fine :)

    Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    Thanked by 1Ympker
  • SGrafSGraf Member, Patron Provider
    edited February 2021

    Whilst not getting a /24 listed on that particular list, i'm currently having a situation invloving a historic listing (prior owner) of a /24 on spamrats as a "worst offender".

    Its just plain annoying and even after sending the information that they requested, we are at the stage where they will de-list single ip's but not remove the misleading and clearly wrong information (by this point knowingly as i have brought it to their attention).

    I have meeting scheduled with my legal council about that next week.

    @randvegeta said:
    Who has time to deal with this shit eh?

    All part of playing the game :smiley:

  • @SCAM_DONT_BUY said: This is a scam, don't pay the ransom. You're not alone with this problem.

    The end is nigh.

  • @randvegeta said: Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    If taken care of, programmers, sysadmins and other person that is capable of removing this RBL from their system/software. But their is no guarantee that another RBL from this Uce won't come and programmers & sysadmins won't start trusting it.

  • don't be fear. this is best time to unity and all provider do most activity to blacklist all IP there.

  • randvegetarandvegeta Member, Host Rep

    This is so dodgy.

    http://monitoring.uceprotect.net/

    Basically if you get listed, they don't tell you why you get listed. Only tell you that you are. If you want to get unlisted for free, you need 0 cases for 7+ days for their automatic delisting. Otherwise, you need to pay 80 EUR + for a delisting request to be handled more quickly. HOWEVER, you still don't know which IP is responsible for the listing in the first place, so paying to delist is silly since if you dont resolve the problem, it will just come back quickly and you wasted money on the delist fee.

    But dont worry! UCEPROTECT have a monitoring 'service'. You can pay them >400/yr to get notifications and reports on your IPs that are allegedly being abused.

    This is such a ridiculous and sketchy business model.

    I hope nobody here is paying these guys. If you are, fuck you!

    Thanked by 2daffy estnoc
  • https://prnt.sc/zm8ykq

    Although this is just assurance I think everyone should report to responsible persons like RBL monitor, sysadmins, ISPs, mail providers so they will eventually remove this crook and RBL like this will become useless over time.

    Thanked by 2randvegeta estnoc
  • @randvegeta said:

    Thanks. Doing ok.. Though I'm getting sick of this biz if I'm honest. Who has time to deal with this shit eh?

    I hear you mate :/ Hope this gets solved :S Glad to hear you are alright.

    Thanked by 1randvegeta
  • Looking into them further, http://www.uceprotect.org/:

    WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!

    I find that people who engage in veiled threats are also likely to engage in blackmail and extortion. This sounds like something a gang member would say...

    Thanked by 1randvegeta
  • jarjar Patron Provider, Top Host, Veteran

    @ehhthing said:
    Looking into them further, http://www.uceprotect.org/:

    WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!

    I find that people who engage in veiled threats are also likely to engage in blackmail and extortion. This sounds like something a gang member would say...

    I don't know who they really are but maybe it's time we found out.

    Thanked by 1randvegeta
Sign In or Register to comment.