Banned Temporary K-line 1440 min. - Trojan infected client -

[mixman1981]

i see the error:

Banned Temporary K-line 1440 min. - Trojan infected client - see http://rbl.efnet.org/?i=213.140.22.72 (2008/4/5 13.36)

the site says:
213.140.22.72 was found in the database with a timestamp of Saturday 05th of April 2008 07:36:07 AM
This host was added as a virus infected host for the following reason:
drone: nick Laura29; hostmask ~TTKwQXoR@213.140.22.72gecos "LindaTTK0Q"; extra "8 *" [DK]
For further information, please contact a site administrator.
Please perform a full scan with TheCleaner (directions) before requesting removal.
You may request removal here

i dont have trojan/virus/malware! i have check wit a lot of programm (inlcuse thecleaner).
i have try to talk with some admin in #mirc and he have tell me not my problem but i cant enter in efnet server
i have try to send a removal request but nothing results

if someone can help me please contact me with PM or in my email

thanx

[munky]

You're using FastWeb, which likes to stick a bunch of users behind one IP address. This means if one of your neighbors is infected with a virus, you get banned as well.

From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.

[imarkon]

-irc.rizon.no- *** Banned Temporary K-line 180 min. - [network-bopm] Blacklisted Proxy found. Visit http://rbl.efnet.org/?network=Rizon&i=xxx.xxx.xx.xxx for removal info. (2008/4/11 16.36)

this is what i read when i try connecting rizon. i ask rizon, and they tell me to ask Efnet, and here i am.
i'm italian too, and fastweb user too.

You're using FastWeb, which likes to stick a bunch of users behind one IP address. This means if one of your neighbors is infected with a virus, you get banned as well.
From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.

you got the exact point. there's always some idiot guy who has worms/malaware with my same IP. how can i do to not always have such annoying things?
ban times are so looooong, do you know a shell account to use or any other way?

[munky]

try searching http://www.egghelp.org/shells.htm

[imarkon]

everytime i make my IP unban, it's always rebanned soon after. can you ban those drone folks only instead of me too?

[munky]

that's the downfall of using a shared IP, we can't tell the difference between you and the infected user on the IP with you.

[mixman1981]

213.140.*.* is always banned!!! is possible remove this ban? we have make nothing in efnet server!

[kamandi]

From what I am told, FastWeb does offer a unique static IP service, which would mean you don't get banned for your neighbors actions. Or you can purchase a BNC shell through one of the many providers that offer such a service.

The static non-private IP service offered by FastWeb cost more than a brand new Ferrari. It simply is not a feasible option.

I'm too a FastWeb user victim of your ban. Today's removal info says:

85.18.xx.xxx was found in the database with a timestamp of Friday 16th of May 2008 05:17:51 AM
This host was added as a virus infected host for the following reason:
drone: nick Rita23; hostmask ~wMceOtpw@85.18.14.6; gecos "SharonwMc3O"; extra "8 *" [irc.efnet.nl]

Now I understand the reasoning behind that, one of your guys was also so kind to privately e-mail me about it yesterday night, but can't you contact FastWeb and tell them that one of their shared IPs is compromised?

I checked other 2 FastWeb IPs reported as banned on this very board in 2008, and they're still banned even MONTHS after their help threads were opened. I argue that once a FastWeb IP is listed as compromised there is basically no turning back ever, unless a human person does something about it.

That's why I'm trying to understand how the ban happened in order to contact FastWeb customer care myself and explain the whats and whys.

So, what caused the ban? It's a bit unusual to see FastWeb users spamming foreign servers like Efnet or Rizon, and to do so daily. Is it possible that those IPs are not just used by FastWeb?

Btw, how many dynamic visible-to-the-external IPs are used by FastWeb? I was under the impression they were not a huge number; rather a very limited number. But then, I'm just an average subscriber, not a network engineer.

Lastly, any technical way for a server to work around the ban on a nick basis? I mean, the automated K-line doesn't happen if the compromised IP belongs to registed nick "I'm-not-that-lame-drone" and stuff.

[munky]

The static non-private IP service offered by FastWeb cost more than a brand new Ferrari. It simply is not a feasible option.

There are hundreds of BNC providers that can sell you a bouncer for a few dollars a month that will be much cheaper.

I checked other 2 FastWeb IPs reported as banned on this very board in 2008, and they're still banned even MONTHS after their help threads were opened. I argue that once a FastWeb IP is listed as compromised there is basically no turning back ever, unless a human person does something about it.

That's why I'm trying to understand how the ban happened in order to contact FastWeb customer care myself and explain the whats and whys.

we have thousands of virus infected hosts listed in the blacklist. most network administrators don't care for automated emails telling them one of their thousands of users is infected with a virus with very little information on how to track the virus infected user down. being a customer of fastweb, they would more likely respond to you reporting the issue.

So, what caused the ban? It's a bit unusual to see FastWeb users spamming foreign servers like Efnet or Rizon, and to do so daily. Is it possible that those IPs are not just used by FastWeb?

the cause of the ban is a virus connecting to EFnet. when it is detected, it is banned and the IP blacklisted.

Btw, how many dynamic visible-to-the-external IPs are used by FastWeb? I was under the impression they were not a huge number; rather a very limited number. But then, I'm just an average subscriber, not a network engineer.

they have several IP blocks, but I do not have an accurate count.

Lastly, any technical way for a server to work around the ban on a nick basis? I mean, the automated K-line doesn't happen if the compromised IP belongs to registed nick "I'm-not-that-lame-drone" and stuff.

blacklisting is done by IP, it is feasible to include any nick/ident information in this (especially since the viruses often use random nicknames). furthermore, EFnet does not have nick registration services, so this is not even technically possible on this network without drastically changing the way the network works.