Shamil Salakhetdinov
shamil at users.mns.ru
Mon May 30 12:33:29 CDT 2005
Thank you, Bryan! Yes, I have these messages headers - here are the two of them - all coming from 195.167.69.130: 1. >From Service at mns.ru Thu May 26 12:10:30 2005 Received: from babylon5.mns.ru ([80.70.224.25]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by batman.mns.ru with esmtp; Thu, 26 May 2005 12:10:30 +0400 id 000104E8.42958476.00000419 Received: from mns.ru ([195.167.69.130]) by babylon5.mns.ru with esmtp; Thu, 26 May 2005 12:10:20 +0400 id 000182EF.4295846C.00005A64 From: Service at mns.ru To: shamil-users at mns.ru Subject: *IMPORTANT* Your Account Has Been Locked Date: Thu, 26 May 2005 11:11:48 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0011_2DB2B65A.C74339E8" X-Priority: 3 X-MSMail-Priority: Normal Message-ID: <courier.42958476.00000419 at batman.mns.ru> X-Spam-Status: Yes, hits=9.0 tagged_above=3.0 required=8.0 tests=MICROSOFT_EXECUTABLE, MISSING_MIMEOLE, NO_REAL_NAME, PRIORITY_NO_NAME X-Spam-Level: ********* X-Spam-Flag: YES 2. >From Service at mns.ru Thu May 26 14:43:37 2005 Received: from babylon5.mns.ru ([80.70.224.25]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by batman.mns.ru with esmtp; Thu, 26 May 2005 14:43:36 +0400 id 00004FF9.4295A858.00005A00 Received: from mns.ru ([195.167.69.130]) by babylon5.mns.ru with esmtp; Thu, 26 May 2005 14:43:34 +0400 id 0001C22B.4295A856.0000234A From: Service at mns.ru To: shamil-users at mns.ru Subject: Your Email Account is Suspended For Security Reasons Date: Thu, 26 May 2005 13:45:02 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_C8178C57.146A5279" X-Priority: 3 X-MSMail-Priority: Normal Message-ID: <courier.4295A858.00005A00 at batman.mns.ru> X-Spam-Status: No, hits=4.1 tagged_above=3.0 required=8.0 tests=HTML_00_10, MISSING_MIMEOLE, NO_REAL_NAME, PRIORITY_NO_NAME, UPPERCASE_25_50 X-Spam-Level: **** I will try to inform noc at otenet.gr, abuse at otenet.gr, hostmaster at otenet.gr. postmaster at otennet.gr about the problem... Shamil ----- Original Message ----- From: "Bryan Carbonnell" <carbonnb at gmail.com> To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com> Sent: Monday, May 30, 2005 8:36 PM Subject: Re: [dba-Tech] Viruses coming for several days from 195.167.69.130.... > On 5/30/05, Shamil Salakhetdinov <shamil at users.mns.ru> wrote: > > Hi All, > > > > I'm getting W32.Mydoom.BT at mm viruses for several days from 195.167.69.130. > > > > The virus sender's e-mail address is simulating my provider's "services": > > admin at mns.ru, service at mns.ru etc. > > > > What are the most effective ways to stop these viruses sending? > > If you can filter it at the server level, then that's the best way. > > Failing that, contact you ISP, and send them the received header lines > from a couple of the virii, and ask them to block the IP. > > Also, send an e-mail to: > noc at otenet.gr, abuse at otenet.gr, hostmaster at otenet.gr. postmaster at otennet.gr > with a few of the received headers as well and ask them to contact > thier client and inform them that they are sending out virii. Also ask > them if they could block this person until they have cleaned the virri > from their PC. > > I have done this before and it has worked. Just make sure that you > send the recieved headers so they can trace it back to their system > and you are polite and non-confrontational. > > -- > Bryan Carbonnell - carbonnb at gmail.com > Life's journey is not to arrive at the grave safely in a well > preserved body, but rather to skid in sideways, totally worn out, > shouting "What a great ride!" > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com