Skip to content

need some help, got a warning from my VPS

I tested all my proxies (sharedproxies.org) and they work fine in Google.  I'm using an auto approve global list...but for some time I did not have that activated...is that what caused this?

Hello Abuse-Team,
>
> your Server/Customer with the IP: *BLOCKED* has attacked one of our
> servers/partners.
> The attackers used the method/service: *regbot*  on: *Fri, 06 Dec 2013 19:40:45
> +0100*.
> The time listed is from the server-time of the Blocklist-user who submitted the
> report.
> The attack was reported to the Blocklist.de-System on: *Fri, 06 Dec 2013 19:45:32
> +0100*
>
> The IP has been automatically blocked for a period of time. For an IP to be
> blocked, it needs
> to have made several failed logins (ssh, imap....), tried to log in for an
> "invalid user", or have
> triggered several 5xx-Error-Codes (eg. Blacklist on email...), all during a short
> period of time.
> The Server-Owner configures the number of failed attempts, and the time period
> they have
> to occur in, in order to trigger a ban and report. Blocklist has no control over
> these settings.
> He has registered automatically on a honeypot Wiki/Forum/Blog-System....
> At the site there is a notice that all postings and registrations will be
> reported.
> He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who
> is abused:
http://blog.blocklist.de/2011/03/14/erlauterung-der-einzelnen-dienste-badbots-apacheddos-postfix/#regbots
>
> If the IP is a Tor-Server: http://blog.blocklist.de/tor-server-owner/
>
> Please check the machine behind the IP BLOCKED
> (ip-192-223-241-80.static.contabo.net) and fix the problem.
> This is the 11 Attack (reported: 6) from this IP; see:
http://www.blocklist.de/en/view.html?ip=80.241.223.192
>
> If you need the logs in another format (rather than an attachment), please let us
> know.
> You can see the Logfiles online again:

>
>
> You can parse this abuse report mail with X-ARF-Tools from
http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
> You can find more information about X-Arf V0.2 at
http://www.x-arf.org/specification.html
>
> This message will be sent again in one day if more attacks are reported to
> Blocklist.
> In the attachment of this message you can find the original logs from the attacked
> system.
>
> To pause this message for one week, you can use our "Stop Reports" feature on
> Blocklist.de to submit
> the IP you want to stop recieving emails about, and the email you want to stop
> receiving them on.
> If more attacks from your network are recognized after the seven day grace period,
> the reports will start
> being sent again.
>
> To pause these reports for one week:
http://www.blocklist.de/en/insert.html?ip=80.241.223.192&email=abuse@contabo.de
>
>
> We found this abuse email address  in the Whois-Data from the IP under the
> SearchString "abuse-c (Ripe AbuseFinder)"
> Reply to this message to let us know if you want us to send future reports to a
> different email. (e.g. to abuse-quiet or a special address)
>
>
> ------------------------------
blocklist.de Abuse-Team
> This message was sent automatically. For questions please use our Contact-Form
> (autogenerated@ is not monitored!):
https://www.blocklist.de/en/contact.html?RID=430455919
> Logfiles: https://www.blocklist.de/en/logs.html?rid=430455919&ip=80.241.223.192
Sign In or Register to comment.