MWEB IPs used by Spammers and Hackers
Checking an IP record for 188.8.131.52 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)
MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.
MWEB and Spam
Today I received a mail from a client of MWEB regarding blocking of e-mail incorrectly identified as spam. Respecting the complainant’s request to remain anonymous, all names and any other identifying terms have been edited or deleted. The complainant found an article on this blog referring to this service provider and e-mail blocking.
Quoting the e-mail received
“This is not an inquiry but I thought it may be of interest after reading the comments on your site regarding Mweb and spam. I ended up on this site after Googling to see if anyone else has experienced my problem which is basically that for the past few weeks, except intermittently, I have been unable to contact my largest and most important supplier in Germany. The reason given is:
“Service unavailable; Client host [184.108.40.206] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by mx.selfip.biz (NiX Spam) as spamming at Fri, 16 Dec 2011 14:20:53 +0100. Your admin should visit www.dnsbl.manitu.net/lookup.php?value=220.127.116.11
A mail from my supplier’s IT department goes further:
“The problem is, you are using the mail server relay08 which frequently is sending viruses, spam and other malware.
At 14:45 this mail server was blocked by the biggest German malware protection blacklist which we are using.
So the mail to Mrs. P was blocked.
Between 14:45 and 16:06 this mail server was removed from the blacklist.
The reason for this was, that the server stopped sending viruses, spam and other malware.
So your Mail to Mrs. K got through.
If this server starts again to send viruses, spam and other malware he will be blocked again.
You should have this problem with many contacts which are using such blacklists.
To solve the problem you could switch to a mail relay service which is checking the outgoing mails for viruses, spam and other malware too. Or you can use an own secured mail server.”
I sent all of this to MWEB expressing my disgust at using a service accused of being a spammer, and received the following reply from MWEB:
Is MWEB blocking Gmail accounts?
Judging by ongoing problems experienced by some of my customers, and various posts on http://mybroadband.co.za and other internet forums, this would appear to be the case.
Starting some 3 months back, there have been numerous complaints from users of Gmail e-mail services that they are unable to send e-mail to recipients with a @wmeb e-mail address, or to forward e-mails they receive from a gmail account to a MWEB account.
At the time, there were claims supposedly made by MWEB that they were blocking all Gmail accounts as this free e-mail service was being used by spammers. (I was unable to find the original notification today).