Post your questions about DNS based blacklists, what they are, listing status, and removal help.
2 posts • Page 1 of 1
- Forum Administrator
- Posts: 2548
- Joined: Tue Mar 02, 2010 5:41 pm
- Location: 127.0.0.1 | ::1
The listing for that IP address at https://www.abuseat.org/lookup.cgi is pretty interesting...
This IP address was detected and listed 347 times in the past 28 days, and 16 times in the past 24 hours. The most recent detection was at Wed Jun 3 05:25:00 2020 UTC +/- 5 minutes
Many of these listings are caused by an app/development kit that provides "crowd-sourced VPN" services. Meaning: by using this app/kit on a device, this is using your bandwidth to provide VPN services for others, *including* potentially email spamming. This is frequently on smart phones configured to use your local wireless network, but can be found in browser plugins on end-user PCs.
This kit is so pervasive that we can't simply give you the name of a specific application to check out, it can be embedded in virtually anything. Similarly, while packet sniffing (such as wireshark) can track it down, packet sniffing in home systems and small-to-medium businesses isn't easy, and requires considerable skill (and luck).
Instead of trying to track the infection down we very strongly recommend securing your firewall to not allow any packets out on the Internet on port 25, except for an email server if you have one on your local network. Remote sending of email to servers on the Internet should still work if configured properly (port 587 SMTPAUTH or web-based). If you can get your firewall to log the source of any blocked packets, it should allow you to at least identify which device is infected.