SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 My other half's IP flagged as Nigerian scammer!

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
SunTzu
Hello I'm New here!


Joined: 05 Jun 2007
Posts: 19
Location: UK


PostPosted: Tue Dec 11, 2007 1:32 am Reply with quoteBack to top

He's been having trouble with his work email for a couple of days, he can receive ok but hardly any he sends get through. As, sod's law, the IT bloke is on holiday, on the off chance I put the headers from an old email and a recent one through header analysis to see if the pathways had changed at all (their server messed about with this before and it caused problems). All ok. I went ahead and checked both his IP and the server/providers IP with Next web security's location tool and according to their 419 database he's a known scammer based in Nigeria! Every other checker shows UK which is correct.
He works from home so unless there's some sort of transporter on the landing I don't know about I fail to see how they have him based in Nigeria. How on earth can they have got their location so utterly wrong? Not to mention the fact that he works in RF design and try as I might I cant see how this could be confused with 419. He doesn't even work in sales for goodness sake.
Has anyone else had something like this happen and does anyone know if this could be causing the delivery problem?

_________________
Click here to support 419Eater.com
View user's profileSend private message
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Tue Dec 11, 2007 7:30 am Reply with quoteBack to top

SunTzu wrote:
does anyone know if this could be causing the delivery problem?


A 419 database that would prevent known 419 scammers from sending email is a nice idea. Unfortunately I don't expect this feature to be implemented before 2035.

I think you should explain what "hardly any he sends get through" would mean so we can try to give you a more technical explanation. Wink

Can't he connect to the SMTP (mail out) server?
Can he send mails but get blocked by spamfilters?
Does he experience connection failures?

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Tue Dec 11, 2007 9:44 am Reply with quoteBack to top

It's possible that he's in a spam blacklist. Which IP address is showing up as Nigerian, and exactly which tool are you using that tells you that? Also try this one: http://www.mxtoolbox.com/blacklists.aspx

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
SunTzu
Hello I'm New here!


Joined: 05 Jun 2007
Posts: 19
Location: UK


PostPosted: Tue Dec 11, 2007 4:55 pm Reply with quoteBack to top

@ Don
Oops, did I give away my complete lack of techiness there? Embarassed

Hardly any get through? Well we're not sure exactly when this started but he sent some stuff to me on the 5th which didn't get delivered and by the 7th nothing was getting through.
He doesn't experience connection failures and no emails are (as far as we know) turning up in any trash/pending files (certainly not in any of mine).
He has checked the SMTP connection and there was a problem. Most emails are now being delivered but some of those to his colleagues (including self sent) are not getting through. There are no bounce messages though, they just never arrive.

@ Thud,
The IP is 81.110.242.8 and shows up as a known scammer with http://www.nextwebsecurity.com/LocationTools.asp in the first section, part of their '419 buster' service as far as I can tell. They proudly display in shiny red letters "Scammer Found" with an ID. Yesterday the ID was 2048, today it is 5964. They have his country listed as: Ahamadiya, ALagbado, Lagos, Nigeria, although in comments they have: NTL Internet (UK) (81.96.0.0 - 81.111.225.225).

I tried the link you provided (thanks for that) and it does show his IP as being on several black lists. As far as I can tell from the tech stuff it's for "miscellaneous spam" "unconfirmed" and possibly relating back to some time in 2004.

He has now tried powering down the modem to try getting a new IP (we think it's dynamic, but no change. It was only down for a few minutes if that makes any difference.

Many thanks to both of you for your help and advice. I think I'm going to join in with the mass insult bait to relieve my feelings about scammers who I blame fairly or unfairly (What are the ethics of insulting scammers when it might not be their fault Twisted Evil )

_________________
Click here to support 419Eater.com
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Tue Dec 11, 2007 5:20 pm Reply with quoteBack to top

It depends how the ISP is set-up, as to how long the IP address is persistent. You could try switching it off overnight. If it is going to work, that should do the trick.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
scansum
Wannabe Baiter


Joined: 25 Nov 2007
Posts: 82
Location: In the depths and BEYOND!


PostPosted: Wed Dec 12, 2007 4:40 am Reply with quoteBack to top

New IP "should" fix it.
It seems in 2003-2005 some bot got on some computer assigned that IP and it's still listed in the spam databases.
Each of the sites seem to have a link however for getting the IP removed.
(Some list it because it's in one of the other databases)

_________________
Phishing sites killed : United States
Mugu sites killed : United Kingdom
View user's profileSend private message
SunTzu
Hello I'm New here!


Joined: 05 Jun 2007
Posts: 19
Location: UK


PostPosted: Wed Dec 12, 2007 12:21 pm Reply with quoteBack to top

We left the modem powered down overnight but still have the same IP, probably just bad luck and got assigned the same one twice, hay ho.
I've found some instructions on changing even static IP's to try out then, if that doesn't work, it's contact the service provider and create merry hell and/or try getting the IP removed from all the various black lists (thanks for the info scansum).
I knew I was against blacklisting as a generally bad idea, I had a similar and at the time very inconvenient problem with mine a few years back but it seemed to sort itself out fortunately as I didn't know anything about IP's or blacklisting just thought it was one of those mysterious computer things and put more pins in the Bill Gates doll Wink.
I'm still slightly puzzled that Next Web Security seem to thing that Reading is in Lagos though.
Thanks again for help and advice Smile

_________________
Click here to support 419Eater.com
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Wed Dec 12, 2007 1:15 pm Reply with quoteBack to top

I'm not totally sure, but the best I can understand, in 2004 the machine with that IP address was being used as an anonymous proxy by the scammer to send email. I'm not sure whether that was because it was simply badly configured or if it was trojaned. Either way it doesn't matter to you.

Write to the blacklisters and point out that it is a dynamic IP, the listing is three years old, and they are perfectly welcome to scan your machine for the flagged security breach if they want.

That is the right way to do it, otherwise the next person to get that address is going to have the same problem. I suggest you do this even if you manage to have the address changed in the meantime (except then of course they can't scan your machine.)

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
SunTzu
Hello I'm New here!


Joined: 05 Jun 2007
Posts: 19
Location: UK


PostPosted: Wed Dec 12, 2007 5:53 pm Reply with quoteBack to top

Your absolutely right, I will get on to them right away Cool

_________________
Click here to support 419Eater.com
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT