New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Correct.
Yeah. Now I saw. I think there were multiple abuse cases against the IP. There seems to be more to the story.
I'm curious how do you spam when port 25 blocked. Maybe via Mail relay , but isnt that mail relay fault not the server.
Doubt this was a case with a relay
Port 25 isn't the only port used for email outgoing. In fact port 25 should be avoided for sending emails:
https://serversmtp.com/port-outgoing-mail-server/
Complaint mentions 25/tcp and IP address explicitly, given that complaint allegedly comes from Spamhaus and mentions tcp connection details, helo and stuff I believe it has to do with open 25/tcp, which contradicts with what OP said.
some should start new domain: https:// let.drama/provider-name
Only 1 storage is 1 source of failure. 3-2-1 backup policy is a thing.
Did the host reply regarding this? Is port 25 really blocked?
Local backup, offsite backup and a backup in a different country with a very reliable provider?
We don't know how your server was protected? Was it just a root id and a password? Maybe some bots gained access through ssh or some other way and installed their spyware
My dude have two different abuse reports.
My dude ignore them because
My dude talks about spamhause when report is about iCloud.
My dude talks about "those are not my domains" when (in theory) it's his service connecting to those.
You have no idea what you are doing, just stop.
Yeah this isn’t anything like CH. OP messed up in two ways:
Whether the email spam report is valid or not may be in dispute but keeping backups would have allowed you to have thrown a middle finger at the provider and quickly redeploy elsewhere.
Hard lessons learned.
You've missed one detail - there are actually at least two different reports, one allegedly from iCloud, another one allegedly from Spamhaus (allegedly because we haven't heard CloudCone and don't know if they are not spoofed)
I did? What the first sentence of my post says? :-D
I mean the fact that he showed up only one - iCloud (yes, whatever the fuck is that) one and then talked about spamhause here, without showing it at all. He has no idea what he is talking about or he is so worked up that ignore all the things and just goes on the rant.
Yes you did, one report from Spamhaus and another from iCloud, see this:
Confused. What does 1 + 1 sums to?
Please read your own message first attentively.
Yes, this is exactly what it should said. Read the OP first post. Only first post. The only "abuse" report he showed there is iCloud and talks about spamhause. The spamhause one showed up ~10 posts later.
Yet you mention two abuses, I don't get your logic
My logic is very simple: He has no idea what he is doing, he has no idea what reports are there, he is confused af and should just stop posting, calmly re-read all the things and decide if his post was a correct way to approach that.
Agreed.
3 copy, on 2 different media, with 1 offsite. Op already got the production copy on cloudcone, so thats 1 copy of out the way. Just need to have other 2 copy. Maybe 1 locally and 1 remotely on s3 or something. Both are already offsite since its away from production copy. Alas, lesson learned the hard way.
Wrong thread
wrong discussion or what
FML, yeah
Even when he didn't keep backup, he got 7 days to make a backup or copy his files.
It's not as if abuse report came and server went offline.
He ignored till the last moment, and then came the surprised face, WHAT THE HELL HAPPENED!
I am sure OP still hasn't realised why his server was terminated.
he just seems confused, op hire an admin next time
Seems like you have no idea, what you are talking about. Nowhere it was said, that these domains were connected to your server in any way. In the list the domain names are the "HELO value" and if you do not understand what that means you definitely should NOT bark at the provider about it.
Your server seems to be improperly managed (by you) and highly likely has been compromised. Just as said in the report it seems some open proxy has been run on it which then was abused to send that spam.
Of course you did not install it, you probably were fully unware that your server was breached. On top you did not do anything about it after receiving the first abuse report. Instead of taking it as a red flag and start investigating immediately whats possibly going on, you only started attacking the host after they shut your messed up box down.
No monitoring, no backup no clue what's going on.
Backup? What's that?
Provider raid
So m good