Results 1 to 13 of 13
Thread: IP Blacklist Removal
-
03-20-2023, 08:02 AM #1Web Hosting Guru
- Join Date
- Jun 2021
- Posts
- 254
IP Blacklist Removal
An IP address of one of our servers was blacklisted due to the wrong activities of one of my customers. His WordPress site got hacked due to his use of the nulled plugin. After that, the hacker used our server to send hundreds of thousands of spam emails. As a result, our IP address was blacklisted by Spamhaus. Due to this incident, we removed the entire website at the customer's request and temporarily removed the hosting account related to the domain name. After that, even though we have whitelisted the IP address several times, it is repeatedly blacklisted by Spamhus. What is the reason for this? Is there any other alternative solution for this? The other thing I want to know is whether there is a limited number of times we can whitelist in Spamhaus. ?
█ Managed Dedicated & Shared Hosting Provider| www.irexta.com
█ NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
█ Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia
-
03-20-2023, 12:34 PM #2Web Hosting Master
- Join Date
- Feb 2004
- Location
- Toronto
- Posts
- 2,308
NEVER whitelist anything, you are not fixing anything.
Setup a smarthost on your server so all your outbound emails are filtered.VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)
-
03-20-2023, 05:25 PM #3Newbie
- Join Date
- Mar 2023
- Posts
- 8
If you're still having trouble, look into MXToolbox.
-
03-20-2023, 07:35 PM #4The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,991
It means it is not fixed and spam is still being sent out.
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
03-21-2023, 03:57 AM #5Web Hosting Guru
- Join Date
- Jun 2021
- Posts
- 254
█ Managed Dedicated & Shared Hosting Provider| www.irexta.com
█ NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
█ Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia
-
03-21-2023, 03:59 AM #6Web Hosting Guru
- Join Date
- Jun 2021
- Posts
- 254
█ Managed Dedicated & Shared Hosting Provider| www.irexta.com
█ NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
█ Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia
-
03-21-2023, 04:00 AM #7Web Hosting Guru
- Join Date
- Jun 2021
- Posts
- 254
█ Managed Dedicated & Shared Hosting Provider| www.irexta.com
█ NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
█ Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia
-
03-21-2023, 09:56 AM #8Web Hosting Master
- Join Date
- Feb 2004
- Location
- Toronto
- Posts
- 2,308
Last edited by OpenInternet-Vince; 03-21-2023 at 09:59 AM.
VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)
-
03-21-2023, 11:27 AM #9
With the amount of spam emails you said were sent, it will take some time for all those mail providers that received the spam to submit abuse complaints, so requesting Spamhaus to whitelist the IP this soon is pointless because for each new complaint they receive, they're just going to blacklist the IP again and again.
On a side note, your clients should not have been able to send that much mail to begin with, so that needs to be resolved more than anything at this point.SimpleSonic - We Make Fast... Easy!
US/UK/MY - 100% Uptime - Shared - Reseller - cPanel - DirectAdmin - WHMCS Included!
Blazing Fast NVMe SSD - CloudLinux - Imunify360 - LiteSpeed - MailChannels - JetBackup
-
03-21-2023, 02:59 PM #10Web Hosting Master
- Join Date
- Dec 2011
- Posts
- 1,460
You are repeatedly getting blacklisted because it's still sending spam.
You need to do some more due diligence and find the culprit. That may not have been the only site compromised. Alternatively the intruder may have started up processes that are still running in the background that permit them to use your server as a proxy/relay. You may have cron jobs firing up that are doing it etc etc.
In short - you have not fixed the problem. Do that, and the re-listings by spamhaus will stop.
Originally Posted by irexta
If your IP gets listed, that IP is sending spam. Not a day or a week ago, but right now.Last edited by SneakySysadmin; 03-21-2023 at 03:02 PM.
"I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."
-
03-21-2023, 07:39 PM #11Newbie
- Join Date
- Mar 2023
- Posts
- 8
You're welcome. In addition, look into agencies that specialize in email outreach. Your sender reputation needs to be built back up again.
One good strategy that I know is to reduce the frequency of each email to 1-4 weeks, but any of these emails should prompt the email receiver to interact with your email in some way. In the meantime, you should increase engagement rate with the emails that don't go to spam.
Another way, if you have a good relationship with these companies, explain the situation by phone, and have them unmark the spam, reply to your emails, star the emails, etc.
-
03-22-2023, 01:18 PM #12Newbie
- Join Date
- May 2011
- Posts
- 9
The probability is that the hackers installed a backdoor to the site--perhaps even the server. At minimum, all site passwords need to be changed, ie, control panel, database, and WordPress dashboard. The site should then be backed up & reinstalled from scratch/reprovisioned. The site database(s) should also be examined for signs of a compromise.
It wouldn't hurt also to do a malware scan on your server. WordFence also has a facility, which, if enabled, can check for files outside WordPress that might be compromised. Ensure also that those files in the wp-content directory, w/particular emphasis on the uploads directory, do not contain any harmful code.
sitecheck.sucuri.net can check for unsafe sites, as can searching the site like:
site:example.com
on Google, but these should not be considered definitive.
Spamboss does have increasingly lengthening times to clear a blacklist when IP's are blacklisted more than once, so you really need to take these steps to fix the problem. Hire a professional at fixing compromised sites, if required.Last edited by abletec; 03-22-2023 at 01:21 PM. Reason: error
-
03-29-2023, 10:12 AM #13Junior Guru Wannabe
- Join Date
- Mar 2019
- Location
- Kyiv, Ukraine
- Posts
- 85
If you are blacklisted every time, you may consider moving to another standalone system because repeated blacklists can escalate and delay the next time.
Virtual Systems ★ UA Anonymous Website Hosting Since 2009
Dedicated Hosting | VPS Hosting | Shared Hosting | Exclusive Adult-Friendly Servers & VPS from Amsterdam
Visit our website: https://vsys.host | Email us: info@vsys.host
Similar Threads
-
LEASEWEB [IP blacklist issue]
By cabn12 in forum Dedicated ServerReplies: 14Last Post: 02-23-2012, 10:02 PM -
[ask] how to make ip blacklist in vps
By CustomerSupport in forum VPS HostingReplies: 12Last Post: 07-19-2010, 12:59 PM -
Free Upgrade! - Free WHMCS,ClientExec,Flash Tutorials,SSL,Dedi IP, Branding Removal
By Dan - Purely Website in forum Reseller Hosting OffersReplies: 1Last Post: 04-13-2009, 07:54 AM -
IP BlackList Lookup
By EvilMan in forum Hosting Software and Control PanelsReplies: 0Last Post: 07-12-2007, 05:17 PM -
Is my host on an IP blacklist
By Tanuk in forum Web HostingReplies: 11Last Post: 04-25-2004, 07:18 AM