Meldung, meine IP ist infiziert! Was tun?

Autor

Dienstag, 18. Mai 2010 00:00:38

Von einem mail-Provider habe ich heute folgende Mitteilung erhalten:
IP Address xxxxxxxxxxxxx (meine IP)

currently listed in the CBL. It appears to be infected with a spam sending trojan or proxy.

It was last detected at 2010-05-14 13:00 GMT (+/- 30 minutes), approximately 3 days, 9 hours ago.

This IP is infected (or NATting for a computer that is infected) with the rustock spambot.
How to resolve future problems

Is this IP address is a NAT gateway/firewall/router? In other words, is this IP address shared with other computers? See NAT for further information about NATs and how to secure them.

If this IP address is shared with other computers, only the administrator of this IP address can prevent this happening again by following the instructions in NAT to secure the NAT against future infections. In this way, no matter how badly infected the network behind the NAT is, the network can't spam the Internet. The administrator can also refer to Advanced BOT detection for hints and tips on how to find the infected computer behind a NAT.

What affect is this listing having on you?

The CBL is intended to be used only on inbound email from the Internet.

If you are being blocked from IRC, Chat, web sites, web email interfaces (eg: you're using Internet Explorer or Firefox to send email) or anything other than basic email with a mail reader like Exchange, Thunderbird etc, the provider of this service is using the CBL against our recommendations. Contact the provider and refer them to http://cbl.abuseat.org/tandc.html and refer them to item 2 and 7.

If you are an end user: If you get an immediate popup indicating your email was blocked when you attempt to send email, this means one of two things:
# You aren't using your provider's preferred configuration for sending email. This is most frequent with roaming users (eg: you're using an Internet Cafe, and are using your home provider to send email). A provider will normally give you instructions on how your mail reader should authenticate to their mail servers, perhaps on a different port (usually 587). Make sure that you comply with the provider's instructions on mail reader configuration where it refers to "SMTP relay server", "SMTP authentication" etc.
# If you are complying with your provider's instructions, your provider is violating the CBL Terms and Conditions and blocking their own users. Contact your provider and refer them to http://cbl.abuseat.org/tandc.html and refer them to item 6 and 7.

If you get the blocking email message by return email (instead of by immediate popup), your provider is listed in the CBL, not you. Contact your provider and tell them that their IP address is listed by the CBL.

Note that the CBL is not responsible for how providers misuse the CBL. This is their problem, not ours.

If your IP address changes periodically (such as with reconnecting to your provider, connecting through an Internet Cafe etc), this is usually a dynamic (DHCP) IP address, meaning that it's most likely not you that is infected. As above, make sure that your mail reader is configured correctly as per your provider. In this case, delisting the IP address will probably not do anything useful.

If this listing is of an unshared IP address, and the affected access is email, then, the computer corresponding to this IP address at time of detection (see above) is infected with a spambot, or, if it's a mail server, in some rare cases this can be a severe misconfiguration or bug.

The first step is to run at least one (preferably more) reputable anti-spam/spyware tools on your computer. If you're lucky, one of them will find and remove the infection.

If you are unable to find it using anti-virus tools, you may want to take a close look at the discussions of netstat or tcpview in the "Per-machine methods" section of Finding BOTs in a LAN.

If the above does not help, you may have to resort to taking your computer to a computer dealer/service company and have them clean it.

If all else fails, you may need to have your machine's software re-installed from scratch.
WARNING: If you continually delist xxxxxxxxxxx without fixing the problem, the CBL will eventually stop allowing the delisting of xxxxxxxxxxxx.

Request delisting of xxxxxxxxxxxxx (meine IP)

<< Back to CBL homepage

Wie gehe ich denn damit um? Ist sowas bekannt?
Hans

h. kellermann

12 Antworten


Alles Ausklappen

Antworten
Er ist kein Troll, er ist ein bot.
Hans Möller (unangemeldet), Mittwoch, 19. Mai 2010 13:20:58
Ein/Ausklappen
Provider muss sich drum kümmern
GoaSkin , Dienstag, 18. Mai 2010 10:16:39
Ein/Ausklappen
-
Re: Provider muss sich drum kümmern
h. kellermann, Dienstag, 18. Mai 2010 22:34:56
Ein/Ausklappen
-
Re: Provider muss sich drum kümmern
man-draker (unangemeldet), Mittwoch, 19. Mai 2010 09:41:04
Ein/Ausklappen
Re: Provider muss sich drum kümmern
h. kellermann, Donnerstag, 20. Mai 2010 22:23:59
Ein/Ausklappen
CBL Lookup
Harald Geiger, Dienstag, 18. Mai 2010 08:28:44
Ein/Ausklappen
-
Re: CBL Lookup
h. kellermann, Dienstag, 18. Mai 2010 22:42:37
Ein/Ausklappen
Router-Passwort gesetzt??
peterf (unangemeldet), Dienstag, 18. Mai 2010 08:21:57
Ein/Ausklappen
-
Re: Router-Passwort gesetzt??
h. kellermann, Dienstag, 18. Mai 2010 22:48:26
Ein/Ausklappen
Bist du ein Troll?
antitroll (unangemeldet), Dienstag, 18. Mai 2010 00:38:32
Ein/Ausklappen
-
Re: Bist du ein Troll?
h. kellermann, Dienstag, 18. Mai 2010 22:51:17
Ein/Ausklappen
-
Re: Bist du ein Troll?
meinerseiner (unangemeldet), Mittwoch, 19. Mai 2010 10:36:44
Ein/Ausklappen

Ähnliche Artikel

Tipp der Woche

Grammatikprüfung in LibreOffice nachrüsten
Grammatikprüfung in LibreOffice nachrüsten
Tim Schürmann, 24.04.2015 19:36, 0 Kommentare

LibreOffice kommt zwar mit einer deutschen Rechtschreibprüfung und einem guten Thesaurus, eine Grammatikprüfung fehlt jedoch. In ältere 32-Bit-Versionen ...

Aktuelle Fragen

Admin Probleme mit Q4os
Thomas Weiss, 30.03.2015 20:27, 6 Antworten
Hallo Leute, ich habe zwei Fragen zu Q4os. Die Installation auf meinem Dell Latitude D600 verl...
eeepc 1005HA externer sound Ausgang geht nicht
Dieter Drewanz, 18.03.2015 15:00, 1 Antworten
Hallo LC, nach dem Update () funktioniert unter KDE der externe Soundausgang an der Klinkenbuc...
AceCad DigiMemo A 402
Dr. Ulrich Andree, 15.03.2015 17:38, 2 Antworten
Moin zusammen, ich habe mir den elektronischen Notizblock "AceCad DigiMemo A 402" zugelegt und m...
Start-Job behindert Bootvorgang, Suse 13.2, KDE,
Wimpy *, 20.02.2015 10:32, 4 Antworten
Beim Bootvorgang ist ein Timeout von 1 Min 30 Sec. weil eine Partition sdb1 gesucht und nicht gef...
Konfiguration RAID 1 mit 2 SSDs: Performance?
Markus Mertens, 16.02.2015 10:02, 6 Antworten
Hallo! Ich möchte bei einer Workstation (2x Xeon E5-2687Wv3, 256GB RAM) 2 SATA-SSDs (512GB) al...

Jetzt auf den Mailinglisten

Re: [EasyLinux-Ubuntu] Xsane und Simple Scan: Probleme bei mehrseitigen Dokumenten
Alfred Zahlten, 27.04.2015 22:21
Am 27.04.2015 um 12:43 schrieb Rainer: Hallo Rainer, > Hallo zusammen, hallo Hartmut, > > Am M...
Re: [EasyLinux-Suse] Desktop Ordner
"d.blanke@gmx.net", 27.04.2015 17:14
Matthias Müller schrieb: > Am Sonntag, 26. April 2015 schrieb d.blanke@gmx.net: >> Die Frage ist m...
Re: [EasyLinux-Ubuntu] Xsane und Simple Scan: Probleme bei mehrseitigen Dokumenten
Rainer, 27.04.2015 12:43
Hallo zusammen, hallo Hartmut, Am Mon, 27 Apr 2015 08:57:18 +0200 schrieb Hartmut Haase : > > >...
Re: [EasyLinux-Ubuntu] Xsane und Simple Scan: Probleme bei mehrseitigen Dokumenten
Hartmut Haase, 27.04.2015 08:57
Hallo Rainer, > Beim Löschen und der Neuinstallation habe ich (flüchtig) beobachtet, > dass sich hpli...
Re: [EasyLinux-Suse] Desktop Ordner
Matthias Müller, 26.04.2015 23:48
Am Sonntag, 26. April 2015 schrieb d.blanke@gmx.net: > Die Frage ist mir zwar peinlich, aber was solls :)...