Hi,

Why and I getting this Caution alert:

"Welcome to CastleCops®. In cooperation with Shadowserver Foundation, your IP address [207.69.137.29] matches our records for possible malicious activity observed on the Internet around 2008-03-22 03:34:09 UTC. Please follow our Malware Removal and Prevention procedures. Questions/Comments?"

This is not my IP address. I am on Earthlink dialup and get a different IP address every time I log on, and it always starts with 4.xxx.xxx.x(x).

My computer is clean. I just scanned it this morning with Spybot, a2, and Norton scanned last night. I also use Spywareblaster, and just did a HijackThis and nothing appears out of the ordinary there. CWShredder finds nothing.

Thanks,
Judy

see
/postlite214359-.html

but as you checked your comp, nothing to worry about

Cudni

Thanks Cudni. I did find that link earlier trying to find out what this was about. So I guess I just get an "Caution..." every time I visit the site even though its not my IP.

Thanks for your reply.

Judy

Howdy,

As you are on dial-up your IP will change quite often. The IP you used to post the previous 2 posts had come up on the list.

If you use FireFox you might want to check out the ShowMyIP ext.

Hi,

Yes, I know my IP changes on dialup, everytime I connect thru my ISP. (Instead of "logon" in my original post, I guess I should have said dialup and connect thru my ISP.) But it is never 207.xxx.xxx.xxx. It is always a 4.xxx.xxx.x(xx). I use IE6, XP Home SP2. I can see my IP just by hovering my mouse over what Earthlink calls the "Task Panel", which is part of their software. This time the "Caution...." does not show up, and it didn't on my last post. It just showed up last night when I visited, and the first time today before I posted.

So when Shadowserver detects the IP 207.xxx.xxx.xxx, it is not my computer per se. Somehow it is Earthlink's IP it is detecting. It is the 207.xxx.xxx.xxx IP in the list, and not my 4.xxx.xxx.x(xx) computer. Do I understand that correctly. Because I am 99.99% positive my computer is clean. (Even though I do not understand two IP addresses. )

Thanks for your help,
Judy

What does /modules.php?name=Reveal_IP say? Does it show the 207 IP?

It says:
Your real IP: 4.x.x.x
Your browser: MSIE
Your Operating System: Windows

It does not show and 207.

Edit: Thanks for the x's someone. I was just going to change that.

OK I see it, its a proxy. I'll try to adjust the script.

Script now modified, is the Caution alert still there?

No the Caution is not there. It was not there when I came back to the site to read Cudni's reply to me. Only last night and today durng my first post. The 207 is not showing using you IP link either. Just the 4.

OK. Thanks for the thread, I've improved the code on our end.

Thank you for your help.

Glad this helped you too.

Judy