Compupaq
join:2006-08-02
Muskegon, MI
| Comcast Suspend Service for "Security Reasons"
Last week, my hsi connection wasn't working. I got a phone message from them saying that they temporarily disabled my service due to security reasons. They think that my computer has malware or spyware and that it set off alarms on their network. They told me to call 856-317-7272 and leave a message and to make sure that my computer is free from malware and viruses. I called them like 5 days ago and they said that they will get back to me in about one business day. I think they shut down my service because I have web servers on my connection and they see me using most of my upload constantly (which is what trojans or worms would do). Has anyone else experienced this? |
|
SolarPup
IT Geek-Dawg
Premium
join:2002-03-07
The Pound
clubs:
 ·Comcast
 ·AT&T CallVantage
 ·Osiris Communicati..
| It's stated in the TOS, no servers allowed, so they're within reason to shut you off, especially if you're putting undue stress on the network from your servers. There's not much you can do if you're going against the TOS and they've nailed you for it, except to stop using your servers.
--
...I don't have a 8mb speedy connection, I fly through the net at low altitudes! |
|
StillLearn
Premium
join:2002-03-21
Streamwood, IL | reply to Compupaq
I suggest you check your computer for worms/viruses. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to Compupaq
said by Compupaq  :Last week, my hsi connection wasn't working. I got a phone message from them saying that they temporarily disabled my service due to security reasons. They think that my computer has malware or spyware and that it set off alarms on their network. I see a lot of Comcast residential IP addresses attempting to connect directly to my MX server. Given that the Comcast TOS prohibits running mail servers, I shouldn't be seeing this (and I wouldn't, if Comcast would only block outbound port 25):
T 20060802 050219 44cf8055 Connection from 67.180.206.222
T 20060802 050219 44cf8055 HELO mail.com {S/B: c-67-180-206-222.hsd1.ca.comcast.net}
T 20060802 050219 44cf8055 RSET
T 20060802 050219 44cf8055 MAIL FROM:<service@cambridge.edu>
E 20060802 050222 44cf8055 Host 67.180.206.222 blocked by TQMCube - message tagged.
T 20060802 050222 44cf8055 RCPT TO:<#.#@blackhole.aosake.net>
E 20060802 050222 44cf8055 554 Recipient address rejected: User not allowed in recipient maps table (in reply to RCPT TO command)
T 20060802 050222 44cf8055 Connection closed with 67.180.206.222, 3 sec. elapsed.
T 20060802 185423 44cf80d7 Connection from 24.20.99.29
T 20060802 185423 44cf80d7 HELO 43EB9498 {S/B: c-24-20-99-29.hsd1.wa.comcast.net}
T 20060802 185423 44cf80d7 MAIL FROM: <fawniaabdel-aziz@ubi.com>
E 20060802 185423 44cf80d7 Host 24.20.99.29 blocked by Spamhaus - message rejected.
T 20060802 185424 44cf80d7 QUIT
T 20060802 185424 44cf80d7 Connection closed with 24.20.99.29, 1 sec. elapsed.
»www.spamcop.net/sc?id=z100913859···97df4a5z
You should check your computer to ensure that you are not among the ranks of the Comcast spam spewing zombies.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Morty
Premium
join:2004-09-18
| reply to Compupaq
If you don't have anti virus, try running Stinger...
»vil.nai.com/vil/stinger/
Also, Comcast provides free McAfee if required just head to Comcast.net and download it.
Most likely this is due to a virus sending mass amounts of outbound e-mail (Zombie), although it could also be due to your servers. Best bet is to wait for CSA to get back in contact with you. |
|
Compupaq
join:2006-08-02
Muskegon, MI
| reply to Compupaq
Well, it finally came back on. Well, if they shut it off for the reason that they have servers, why didn't they just say that they have been monitoring a lot of upload bandwidth going through port 80. They probably have tools that monitor traffic going through ports.
I also like their one business day call back. It only took them over a week to call me back. Maybe they only work like 2 days a week, lol. |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
| reply to Compupaq
I find it odd that they'd do that. In the past, people were simply told that their suspension could be attributed to "bandwidth abuse."
That's pretty subversive now to blame that on some malware infection, although it's at the same time less accusatory. I would scan anyways with all the usual: Spybot S&D, Adaware, Windows Defender, and Panda Activescan.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB. |
|
Hangmn
Don't Fight It...It's Inevitable
Premium
join:2000-04-08
Philadelphia, PA
| reply to Compupaq
said by Compupaq :Well, it finally came back on. Well, if they shut it off for the reason that they have servers, why didn't they just say that they have been monitoring a lot of upload bandwidth going through port 80. They probably have tools that monitor traffic going through ports. I also like their one business day call back. It only took them over a week to call me back. Maybe they only work like 2 days a week, lol. Maybe you willingly BROKE the TOS and Comcast gifted you by turning you back up...
Sheesh talk about looking a gift horse in the mouth
--
»davescustompc.com |
|
st7860
join:2004-05-13
San Francisco, CA
| reply to Compupaq
here in Vancouver BC, SHAW CABLE www.shaw.ca
has a bandwidth police department that calls you if you use more than about 50g/mo on their standard "$40/mo" connection, and they also call you if you have virus and/or shut you off
HOWEVER, when you call them, they will instantly forward you to the Abuse Queue, and after waiting a few minutes, then you talk to someone who will(if its your first time) ALWAYS reconnect you within minutes. |
|
china crisis
join:2003-05-28
| said by st7860 :...they also call you if you have virus and/or shut you off. Guess you dont need an anti-virus program  |
|
st7860
join:2004-05-13
San Francisco, CA
| said by china crisis :said by st7860 :...they also call you if you have virus and/or shut you off. Guess you dont need an anti-virus program shaw does provide firewall and virus scanning, i think they rebraned fprot or fsecure or whatever its called
what i meant is that they cut people off for abuse or trojans too, but their abuse department will usually respond with a reconnection within MINUTES of a request, that is, if its the 'first' offense. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to Compupaq
said by Compupaq :Well, it finally came back on. Well, if they shut it off for the reason that they have servers, why didn't they just say that they have been monitoring a lot of upload bandwidth going through port 80. They probably have tools that monitor traffic going through ports. Without running a packet sniffer, they likely are only seeing unusual levels of TCP/IP traffic. They won't be able to tell, without packet analysis, what it is. They might guess a spamming proxy, if they have abuse complaints in hand, along with the high levels of traffic.
If you know for certain that it is just web server traffic, you might want to apply some kind of packet throttle on your server to keep the upload traffic at a low level.
If you really think the problem is only due to your web server, which is in violation of the Comcast AUP/TOS, you need to either do a better job of limiting your upload bandwidth access, drop the server, or find a residential service which allows you to run a web server.
Personally, even though I could run a web server on my residential connection, I also know that I really don't have the upload bandwidth to serve the public. I'd just find hosting with a provider which could better handle the traffic.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
