i see the error:
Banned Temporary K-line 1440 min. - Trojan infected client - see http://rbl.efnet.org/?i=213.140.22.72 (2008/4/5 13.36)
the site says:
213.140.22.72 was found in the database with a timestamp of Saturday 05th of April 2008 07:36:07 AM
This host was added as a virus infected host for the following reason:
drone: nick Laura29; hostmask ~TTKwQXoR@213.140.22.72gecos "LindaTTK0Q"; extra "8 *" [DK]
For further information, please contact a site administrator.
Please perform a full scan with TheCleaner (directions) before requesting removal.
You may request removal here
i dont have trojan/virus/malware! i have check wit a lot of programm (inlcuse thecleaner).
i have try to talk with some admin in #mirc and he have tell me not my problem but i cant enter in efnet server
i have try to send a removal request but nothing results
if someone can help me please contact me with PM or in my email
thanx
Banned Temporary K-line 1440 min. - Trojan infected client -
Moderators: Website/Forum Admins, EFnet/Help Moderators
-
- Posts: 2
- Joined: Sun Apr 06, 2008 7:30 am
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
You're using FastWeb, which likes to stick a bunch of users behind one IP address. This means if one of your neighbors is infected with a virus, you get banned as well.
From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.
From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.
In God we trust,
Everyone else must have an X.509 certificate.
Everyone else must have an X.509 certificate.
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
-irc.rizon.no- *** Banned Temporary K-line 180 min. - [network-bopm] Blacklisted Proxy found. Visit http://rbl.efnet.org/?network=Rizon&i=xxx.xxx.xx.xxx for removal info. (2008/4/11 16.36)
this is what i read when i try connecting rizon. i ask rizon, and they tell me to ask Efnet, and here i am.
i'm italian too, and fastweb user too.
ban times are so looooong, do you know a shell account to use or any other way?
this is what i read when i try connecting rizon. i ask rizon, and they tell me to ask Efnet, and here i am.
i'm italian too, and fastweb user too.
you got the exact point. there's always some idiot guy who has worms/malaware with my same IP. how can i do to not always have such annoying things?munky wrote:You're using FastWeb, which likes to stick a bunch of users behind one IP address. This means if one of your neighbors is infected with a virus, you get banned as well.
From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.
ban times are so looooong, do you know a shell account to use or any other way?
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
try searching http://www.egghelp.org/shells.htm
In God we trust,
Everyone else must have an X.509 certificate.
Everyone else must have an X.509 certificate.
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
everytime i make my IP unban, it's always rebanned soon after. can you ban those drone folks only instead of me too?
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
that's the downfall of using a shared IP, we can't tell the difference between you and the infected user on the IP with you.
In God we trust,
Everyone else must have an X.509 certificate.
Everyone else must have an X.509 certificate.
-
- Posts: 2
- Joined: Sun Apr 06, 2008 7:30 am
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
213.140.*.* is always banned!!! is possible remove this ban? we have make nothing in efnet server!
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
The static non-private IP service offered by FastWeb cost more than a brand new Ferrari. It simply is not a feasible option.munky wrote:From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.
I'm too a FastWeb user victim of your ban. Today's removal info says:
85.18.xx.xxx was found in the database with a timestamp of Friday 16th of May 2008 05:17:51 AM
This host was added as a virus infected host for the following reason:
drone: nick Rita23; hostmask ~wMceOtpw@85.18.14.6; gecos "SharonwMc3O"; extra "8 *" [irc.efnet.nl]
Now I understand the reasoning behind that, one of your guys was also so kind to privately e-mail me about it yesterday night, but can't you contact FastWeb and tell them that one of their shared IPs is compromised?
I checked other 2 FastWeb IPs reported as banned on this very board in 2008, and they're still banned even MONTHS after their help threads were opened. I argue that once a FastWeb IP is listed as compromised there is basically no turning back ever, unless a human person does something about it.
That's why I'm trying to understand how the ban happened in order to contact FastWeb customer care myself and explain the whats and whys.
So, what caused the ban? It's a bit unusual to see FastWeb users spamming foreign servers like Efnet or Rizon, and to do so daily. Is it possible that those IPs are not just used by FastWeb?
Btw, how many dynamic visible-to-the-external IPs are used by FastWeb? I was under the impression they were not a huge number; rather a very limited number. But then, I'm just an average subscriber, not a network engineer.
Lastly, any technical way for a server to work around the ban on a nick basis? I mean, the automated K-line doesn't happen if the compromised IP belongs to registed nick "I'm-not-that-lame-drone" and stuff.
Re: Banned Temporary K-line 1440 min. - Trojan infected client -
There are hundreds of BNC providers that can sell you a bouncer for a few dollars a month that will be much cheaper.kamandi wrote: The static non-private IP service offered by FastWeb cost more than a brand new Ferrari. It simply is not a feasible option.
we have thousands of virus infected hosts listed in the blacklist. most network administrators don't care for automated emails telling them one of their thousands of users is infected with a virus with very little information on how to track the virus infected user down. being a customer of fastweb, they would more likely respond to you reporting the issue.kamandi wrote: I checked other 2 FastWeb IPs reported as banned on this very board in 2008, and they're still banned even MONTHS after their help threads were opened. I argue that once a FastWeb IP is listed as compromised there is basically no turning back ever, unless a human person does something about it.
That's why I'm trying to understand how the ban happened in order to contact FastWeb customer care myself and explain the whats and whys.
the cause of the ban is a virus connecting to EFnet. when it is detected, it is banned and the IP blacklisted.kamandi wrote: So, what caused the ban? It's a bit unusual to see FastWeb users spamming foreign servers like Efnet or Rizon, and to do so daily. Is it possible that those IPs are not just used by FastWeb?
they have several IP blocks, but I do not have an accurate count.kamandi wrote: Btw, how many dynamic visible-to-the-external IPs are used by FastWeb? I was under the impression they were not a huge number; rather a very limited number. But then, I'm just an average subscriber, not a network engineer.
blacklisting is done by IP, it is feasible to include any nick/ident information in this (especially since the viruses often use random nicknames). furthermore, EFnet does not have nick registration services, so this is not even technically possible on this network without drastically changing the way the network works.kamandi wrote: Lastly, any technical way for a server to work around the ban on a nick basis? I mean, the automated K-line doesn't happen if the compromised IP belongs to registed nick "I'm-not-that-lame-drone" and stuff.
In God we trust,
Everyone else must have an X.509 certificate.
Everyone else must have an X.509 certificate.
Who is online
Users browsing this forum: No registered users and 2 guests