Askiter Blog

It will be one of the following scenarios:

1) It’s a NAT firewall, in which case it is a NAT in front of a machine that is infected with spam sending spamware.
2) It’s directly infested with spam sending spamware.

This detection is of the DarkMailer/YellSOFT DirectMailer Spamware.

You can find out more detail on this by doing google searches for “YellSOFT DirectMailer” or “DarkMailer”, including screenshots of the control panel this software installs on your web server (the control panel in Russian).

See, for example,

http://en.wikipedia.org/wiki/Dark_Mailer

http://forums.cpanel.net/showthread.php?p=496217

Note the references to “csf SMTP_BLOCK” and “WHM’s SMTP Tweak”

This detection is that of a spammer who has broken into your web server (usually) via cracked or keylogged FTP credentials.
Once they’ve logged in via FTP, they install perl scripts that do the spamming.  CPanel and Plesk installations are the most common infectees, but others (including Apache) are also subject to this problem. Read more…

最近，我管理的几台国外虚拟主机服务器经常出现IP地址被加入垃圾邮件黑名单的情况,从而导致从这些服务器发出的邮件被其他的邮件系统拒收，因此，这里我就简单介绍一下这种情况的处理办法。 解决办法如下： 访问 http://www.mxtoolbox.com/blacklists.aspx ，输入服务器IP，点击“BlackList Check”按钮，将会在一百多个BlackList中查询输入的IP地址。一般要10秒钟左右可以得到查询结果。 如上，这个IP地址（已经被我涂掉了）已经被加入了Backscatterer.org这个黑名单，可以点击Reason部分的Detail连接了解详细情况。 Read more…