[Solved] Suspended: Newrepub

[gawmonster]

Username: newrepub

Server: Johnny

Domain: new-republic.org

 

Only thing on it was a package installed (and very base configured) via Softalicious ... can't remember which one. I did notice that it would not send activation emails and was getting lots (tens, from what I saw, so not an extraordinary amount) of "new user requests" from what appeared to be bots by the name/email combinations. None of those activated due to no emails being sent, so that was a blessing in disguise.

 

Not planning anything outrageous for the site ... more than a landing page but not going to be a CPU/RAM/Bandwidth hog by any stretch of the imagination ... with some (unlinked) test code pages for personal use.

Edited December 8, 2017 by newrepub

[wolstech]

You're suspended because we received an abuse report for your account. From what I can tell, your welcome emails are not welcomed by spam filters (pardon the pun). Since Yandex censors their reports, it's impossible to know which user flagged it as spam to cause this report to be generated.

 

My recommendation would be to either stop sending welcome emails to your users, or develop better emails that don't get flagged as spam. Tools like https://www.mail-tester.com/ may help with reducing the spam score on your emails.

 

Unsuspended. Please fix the issue within 24 hours.

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From fblbounces@senderscore.net  Tue Dec  5 01:32:26 2017
Return-Path: <fblbounces@senderscore.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from he.net (he.net [216.218.186.2])
        by abuse.he.net (Postfix) with ESMTPS id 1809B541058
        for <report@abuse.he.net>; Tue,  5 Dec 2017 01:32:26 -0800 (PST)
Received: from mrfbl02-den.returnpath.net ([66.45.29.177])
        by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD)
        for <abuse@he.net>; Tue, 5 Dec 2017 01:32:43 -0800
Received: from poma01.lan.returnpath.net (poma01.lan.returnpath.net [10.2.0.106])
        by mrfbl02-den.returnpath.net (Postfix) with ESMTP id 396CB4A0966
        for <abuse@he.net>; Tue,  5 Dec 2017 02:32:23 -0700 (MST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mrfbl02-den.returnpath.net 396CB4A0966
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=senderscore.net;
        s=081107; t=1512466343; i=@senderscore.net;
        bh=a0NeazqrTZzEv6QjCrfFjbEmD8KzAp5JFlRJSvJt7d0=;
        h=Date:Subject:To:From:From;
        b=xiKSoBNXNMBGj8VSf0t9iXQnBdJN+Fb14O1GKuuK9BCgUD7SNMWo7irbDMkq/Sci0
         2HhE/p2EEMhEwD05CJ5yN6uFmTzCgqU1qYpoS+jlK0m9Go6rgPc6+p23fI8LWzJohV
         JfuFiJ2YYvn1kJ4vrXr3TWGeAidG7gjepzZ0EUhQ=
Received: by poma01.lan.returnpath.net (Postfix, from userid 106706)
        id 3655560493; Tue,  5 Dec 2017 02:32:23 -0700 (MST)
Content-Type: multipart/report; boundary="_----------=_15124663432990616497"; report-type="feedback-report"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.029 (F2.84; T2.04; A2.12; B3.13; Q3.13)
Date: Tue, 5 Dec 2017 02:32:23 -0700
Subject: Yandex Abuse Report
To: abuse@he.net
From: feedbackloop@yandexfbl.senderscore.net
Message-Id: <20171205093223.3655560493@poma01.lan.returnpath.net>
Content-Transfer-Encoding: 7bit

This is a multi-part message in MIME format.

----------=_15124663432990616497
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain

This is a Yandex email abuse report for an email message received from IP 65.19.141.67 on Sun, 3 Dec 2017 16:06:48 +0000


----------=_15124663432990616497
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report

User-Agent: ReturnPathFBL/1.0
Abuse-Type: complaint
Arrival-Date: Sun, 3 Dec 2017 16:06:48 +0000
Feedback-Type: abuse
Version: 1
Source-IP: 65.19.141.67
Original-Rcpt-To: ca2b45ef141c63af66829a2f346c832b@email.xxx
Original-Mail-From: newrepub@johnny.heliohost.org
Reported-Domain: email.xxx

----------=_15124663432990616497
Content-Disposition: inline
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Received: from <ca2b45ef141c63af66829a2f346c832b> by <removed> with LMTP id
  tMPEXTSj for <<removed@email.xxx>>; Sun, 3 Dec 2017 19:06:49 +0300
Received: from johnny.heliohost.org (johnny.heliohost.org [65.19.141.67]) by
  <ca2b45ef141c63af66829a2f346c832b> (nwsmtp/Yandex) with ESMTPS id
  pO6cfydXbH-6mLK4inb; Sun, 03 Dec 2017 19:06:48 +0300 (using TLSv1.2 with
  cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not
  present)
Return-Path: newrepub@johnny.heliohost.org
Received: from newrepub by johnny.heliohost.org with local (Exim 4.88)
  (envelope-from <newrepub@johnny.heliohost.org>) id 1eLWmx-0003A2-Bm for
  <ca2b45ef141c63af66829a2f346c832b@email.xxx>; Sun, 03 Dec 2017 08:06:43
  -0800
Subject: Welcome to New Republic
Date: Sun, 3 Dec 2017 16:06:43 +0000
From: Gawmonster <admin@new-republic.org>
Reply-To: Gawmonster <admin@new-republic.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
To: ca2b45ef141c63af66829a2f346c832b@email.xxx
Content-Transfer-Encoding: quoted-printable

<body removed>

----------=_15124663432990616497--

[gawmonster]

Removed the php-fusion install (was trying out a couple different CMS and already didn't like that one much).

Interestingly, there were no "new users" from he.net domain waiting for authorization.

 

Thanks, will try to be more cognizant of the repercussions of the selected Softalicious apps (if I even end up using one)

[Krydos]

No matter how you install software if it sends out emails there is a possibility of a bot typing in someone's email address and it getting flagged as spam. The best thing to do is implement some good anti-bot measures like captcha's, or even better if you don't need users on your site just disable the account creation entirely and create accounts manually through the admin section if someone really needs an account.

[gawmonster]

I had enabled the various forms of captchas that were built into the php-fusion base install, but still noticed bots getting through with each one.

Was looking for a way to disable account creation, but then I had to travel for business, so left it for a few days (still needed admin intervention to activate, so wasn't worried).

Didn't think about the bots that put in someone else's email allowing the account to get flagged for that!

 

Thanks for the support!