Is MWEB a Spammers Haven?
MWEB IPs used by Spammers and Hackers
Checking an IP record for 41.133.8.155 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)
MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.
inetnum: 41.133.0.0 – 41.133.63.255
netname: MWEB-NET-41-133-0-0
descr: MWEB CONNECT (PROPRIETARY) LIMITED
descr: 100 Fairway close
descr: N1 City
descr: South Africa
country: ZA
org: ORG-MA20-AFRINIC
admin-c: GP4-AFRINIC
tech-c: NOC1327-AFRINIC
tech-c: EF1-AFRINIC
status: ASSIGNED PA
ADSL Clients
The IPs listed are assigned dynamically to ADSL subscribers for internet connectivity. The ISP (MWEB) will of course state their client’s are abusing the service; but what do they do about it? Last year MWEB was accused of blocking Gmail messages as there was “too much e-mail spam” being sent from Gmail accounts. Read More
Where does an ISP draw the line on multiple e-mail addresses in a single mail, or the number of mails sent in a space of time? Client’s sending a single mail to multiple recipients will quickly result in a listing in a Spam list somewhere. Even if the mails sent are only to willing subscribers, the monitoring services cannot know this. Should e-mail recipients be limited to five or ten per message? Should business clients with big mailing lists be forced to use a dedicated IP?
I think the dedicated IP is the only real answer. At least no other user of a shared dynamically assigned IP will be affected when the dedicated IP is listed in a spam database.
Dictionary Attackers:
While spam e-mail is annoying, it is often relatively harmless in most cases. Spam mail is sent mainly as advertising. Dictionary Attacks on the other hand is not harmless, and is only used by hackers. A dictionary attack is an attempt to access website administration or server admin by submitting bulk user name and password combinations trying to find a combination that will allow the hacker access to the site.
Dictionary attackers should have their accounts suspended and their activities investigated, if necessary by legal authorities.
What the Project Honeypot Status ID Means
Project Honeypot uses a system of alphabetic lettering to describe the status of an IP in the database. S means the IP has been used by Comment Spammers. D is for Dictionary Attackers. SD combines the two – Spammers and Dictionary Attackers.
Some of the reports are historical, with no bad activity seen in the past three months.
Honeypot List of MWEB IP’s
The Project Honeypot report for 41.133.8.155 includes the following list of IPs in the neighbourhood
- 41.133.7.187 | SD
- 41.133.7.188 | SD
- 41.133.7.189 | SD
- 41.133.7.191 | S
- 41.133.7.192 | SD
- 41.133.7.198 | S
- 41.133.7.202 | S
- 41.133.7.204 | S
- 41.133.7.210 | S
- 41.133.7.214 | D
- 41.133.7.215
- 41.133.7.219 | S
- 41.133.7.220 | S
- 41.133.7.227 | S
- 41.133.7.230 | S
- 41.133.7.231 | S
- 41.133.7.236 | S
- 41.133.7.237 | S
- 41.133.7.239
- 41.133.7.243 | SD
- 41.133.7.246 | S
- 41.133.7.247 | SD
- 41.133.7.252
- 41.133.8.12 | S
- 41.133.8.20 | S
- 41.133.8.24 | SD
- 41.133.8.27 | S
- 41.133.8.43
- 41.133.8.55
- 41.133.8.61 | SD
- 41.133.8.64 | S
- 41.133.8.67
- 41.133.8.92
- 41.133.8.96 | SD
- 41.133.8.103 | SD
- 41.133.8.107
- 41.133.8.109 | S
- 41.133.8.112 | S
- 41.133.8.116 | SD
- 41.133.8.117 | S
- 41.133.8.124 | SD
- 41.133.8.127 | SD
- 41.133.8.142 | S
- 41.133.8.147
- 41.133.8.156 | S
- 41.133.8.163 | S
- 41.133.8.199 | S
- 41.133.8.206
- 41.133.8.214 | S
- 41.133.8.222 | S
- 41.133.8.228
- 41.133.8.237 | S
- 41.133.8.238 | D
- 41.133.8.240
- 41.133.8.244 | D
- 41.133.8.255 | S
- 41.133.9.0 | S
- 41.133.9.1 | S
- 41.133.9.7
- 41.133.9.20 | D
- 41.133.9.30 | S
- 41.133.9.36 | S
- 41.133.9.43
- 41.133.9.58 | SD
- 41.133.9.65 | S
- 41.133.9.66
- 41.133.9.67 | SD
- 41.133.9.72 | SD
- 41.133.9.74 | SD
- 41.133.9.75
- 41.133.9.76 | S
- 41.133.9.80 | S
- 41.133.9.84 | S
- 41.133.9.86 | S
- 41.133.9.91 | S
- 41.133.9.105 | SD
- 41.133.9.106 | S
- 41.133.9.112 | D
- 41.133.9.114
Related articles
- More e-mail Problems with MWEB (graphiclineweb.wordpress.com)
Posted on August 12, 2012, in Internet and tagged Company News, e-mail, Internet, Internet Connection, IP Address, MWEB, Project Honeypot, South Africa, spam, Technology. Bookmark the permalink. Leave a comment.
Leave a comment
Comments 0