* * * * * Machines coughing > 1. Nov 27 * new_account@turtle (1047) Your mail password > 2. Nov 27 * webmaster@email.co (1047) Faulty_mail delivery > 3. Nov 27 * webmaster@hotmail. (1059) invalid mail > 4. Nov 27 * Error_Mail@wimborn (1051) Mail delivery_failed <6580> > 5. Nov 27 * smooth_criminal_00 (1039) Details > 6. Nov 27 * hostmaster@hotmail (1043) Confirmation > 7. Nov 27 * shaikin_fati@hotma (1041) Oh God it's > 8. Nov 27 * Auto-Mailer@valves (1053) Re: Faulty_mail delivery > > 9. Nov 27 * nasimaqsa@hotmail. (1030) Details > 10. Nov 27 * Error_Mail@winzyra (1052) Re: Mail delivery_failed > 11. Nov 27 * info@mailcity.com (1043) Mail Error > 12. Nov 27 * new_account@talk21 (1045) Re: Registration confirmation > 13. Nov 27 * Error_Mail@barking (1049) FwD: illegal signs in your mail > 14. Nov 27 * notifications@grou (1034) Oh God it's > 15. Nov 27 * info@hotmail.com (1051) Re: Mail delivery_failed <7339> > 16. Nov 27 * user_info@xtzyra.c (1046) Your Password > 17. Nov 27 * info@hotmail.com (1053) Faulty_mail delivery > 18. Nov 27 * lubsss@hotmail.com (1034) FwD: Details > Yup. Spam. Well, more like viral spam, as it's the same box, over and over, trying to deliver a virus. The IP (Internet Protocol) address it's coming from is 82.38.57.25, which belongs to blueyonder [1], an ISP (Internet Service Provider) based out of Surrey, England [2]. While I could ban the IP that would only stop perhaps 40% of it, as most of it is coming in via the backup email host for my domain and I don't have the access to block IP addresses there. I did a look up on the IP address (which is how I found out who owns it) and got this: Table: Contact info for 82.38.57.25---emphasis added inetnum: 82.38.0.0 - 82.38.255.255 netname: TELEWEST-HSD_1-BRADFORD descr: Telewest HSD Platform country: GB admin-c: TWIP3-RIPE tech-c: TWIP1-RIPE status: ASSIGNED PA mnt-by: AS5462-MNT mnt-lower: AS5462-MNT mnt-routes: AS5462-MNT notify: ripe@telewest.net notify: capacity@telewest.co.uk remarks: report abuse to abuse@blueyonder.co.uk [3] remarks: All reports via other channels will be ignored. changed: ripe-admin@blueyonder.co.uk 20030313 source: RIPE As you can see, all abuse issues need to be mailed to abuse@blueyonder.co.uk [4], which I did: > **From:** Sean Conner > **Subject:** Infected machine trying to infect my machine > **To:** abuse@blueyonder.co.uk [5] > **Date:** Thu, 25 Nov 2004 14:52:55 -0500 (EST) > > To whom it may concern: > > A machine with the IP address of 82.38.57.25 is continuously sending me > infected files, 12 alone today, and about 20 yesterday (when I first > noticed). I'm not concerned terribly much about getting infected (since I > run Linux, not Windows) but it is clogging up my email, and no telling how > many other systems it's trying to infect. Please deal with this as soon as > possible. > > Thank you. > > Sean Conner. > > [email sent to me attached] > And as you can see, that was two days ago. And they're still coming in. So much for reporting abuse issues. Today, I went to their broadband support page [6], and put in a trouble ticket. Maybe then they'll take a look into this. Update on Tuesday, November 30^th, 2004 Still going on … [7] Update on Wednesday, December 8^th, 2004 Some more updates … [8] [1] http://www.blueyonder.co.uk/ [2] http://www.surrey-online.co.uk/ [3] mailto:abuse@blueyonder.co.uk [4] mailto:abuse@blueyonder.co.uk [5] mailto:abuse@blueyonder.co.uk [6] http://www.blueyonder.co.uk/blueyonder/getContent.jspx?page=h_services_bybb [7] gopher://gopher.conman.org/0Phlog:2004/11/30.1 [8] gopher://gopher.conman.org/0Phlog:2004/12/08.2 Email Sean Conner at sean@conman.org .