Results 1 to 13 of 13
  1. #1

    IP Blacklist Removal

    An IP address of one of our servers was blacklisted due to the wrong activities of one of my customers. His WordPress site got hacked due to his use of the nulled plugin. After that, the hacker used our server to send hundreds of thousands of spam emails. As a result, our IP address was blacklisted by Spamhaus. Due to this incident, we removed the entire website at the customer's request and temporarily removed the hosting account related to the domain name. After that, even though we have whitelisted the IP address several times, it is repeatedly blacklisted by Spamhus. What is the reason for this? Is there any other alternative solution for this? The other thing I want to know is whether there is a limited number of times we can whitelist in Spamhaus. ?
    Managed Dedicated & Shared Hosting Provider| www.irexta.com
    NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
    Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia

  2. #2
    Join Date
    Feb 2004
    Location
    Toronto
    Posts
    2,308
    NEVER whitelist anything, you are not fixing anything.

    Setup a smarthost on your server so all your outbound emails are filtered.
    VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
    20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)

  3. #3
    If you're still having trouble, look into MXToolbox.

  4. #4
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,991
    It means it is not fixed and spam is still being sent out.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  5. #5
    Quote Originally Posted by net View Post
    It means it is not fixed and spam is still being sent out.
    Although we have fixed all the issues, it seems that the sent emails are still being reported. I guess this could be the reason.
    Managed Dedicated & Shared Hosting Provider| www.irexta.com
    NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
    Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia

  6. #6
    Quote Originally Posted by OpenInternet-Vince View Post
    NEVER whitelist anything, you are not fixing anything.

    Setup a smarthost on your server so all your outbound emails are filtered.
    Although I have resolved the issue, it can be assumed that the previous emails are being reported and will be blacklisted again and again.
    Managed Dedicated & Shared Hosting Provider| www.irexta.com
    NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
    Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia

  7. #7
    Quote Originally Posted by TLDN View Post
    If you're still having trouble, look into MXToolbox.
    Sure. Thank you.
    Managed Dedicated & Shared Hosting Provider| www.irexta.com
    NVMe SSD | Enterprise Level Hardware | Advanced DDoS protection - 24x7 Support
    Multiple Data Centers | US | Europe | South America | Asia | South Africa | Australia

  8. #8
    Join Date
    Feb 2004
    Location
    Toronto
    Posts
    2,308
    Quote Originally Posted by irexta View Post
    Although I have resolved the issue, it can be assumed that the previous emails are being reported and will be blacklisted again and again.
    But you didn't fix the issue.

    Another site could get infected and your server will be sending out spam again...

    That's the part you are not getting.
    Last edited by OpenInternet-Vince; 03-21-2023 at 09:59 AM.
    VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
    20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)

  9. #9
    Join Date
    Aug 2009
    Location
    US/UK/MY
    Posts
    3,042
    Quote Originally Posted by irexta View Post
    Although I have resolved the issue, it can be assumed that the previous emails are being reported and will be blacklisted again and again.
    With the amount of spam emails you said were sent, it will take some time for all those mail providers that received the spam to submit abuse complaints, so requesting Spamhaus to whitelist the IP this soon is pointless because for each new complaint they receive, they're just going to blacklist the IP again and again.

    On a side note, your clients should not have been able to send that much mail to begin with, so that needs to be resolved more than anything at this point.
    SimpleSonic - We Make Fast... Easy!
    US/UK/MY - 100% Uptime - Shared - Reseller - cPanel - DirectAdmin - WHMCS Included!
    Blazing Fast NVMe SSD - CloudLinux - Imunify360 - LiteSpeed - MailChannels - JetBackup

  10. #10
    Join Date
    Dec 2011
    Posts
    1,460
    Quote Originally Posted by irexta View Post
    After that, even though we have whitelisted the IP address several times, it is repeatedly blacklisted by Spamhus.
    You are repeatedly getting blacklisted because it's still sending spam.

    You need to do some more due diligence and find the culprit. That may not have been the only site compromised. Alternatively the intruder may have started up processes that are still running in the background that permit them to use your server as a proxy/relay. You may have cron jobs firing up that are doing it etc etc.

    In short - you have not fixed the problem. Do that, and the re-listings by spamhaus will stop.
    Quote Originally Posted by irexta
    it can be assumed that the previous emails are being reported and will be blacklisted again and again.
    That's not how it works. Spamhaus lists IPs in direct response to spam emails they receive at their traps, not in response to user reports - but in response to actual spam emails they get.

    If your IP gets listed, that IP is sending spam. Not a day or a week ago, but right now.
    Last edited by SneakySysadmin; 03-21-2023 at 03:02 PM.
    "I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."

  11. #11
    You're welcome. In addition, look into agencies that specialize in email outreach. Your sender reputation needs to be built back up again.

    One good strategy that I know is to reduce the frequency of each email to 1-4 weeks, but any of these emails should prompt the email receiver to interact with your email in some way. In the meantime, you should increase engagement rate with the emails that don't go to spam.

    Another way, if you have a good relationship with these companies, explain the situation by phone, and have them unmark the spam, reply to your emails, star the emails, etc.

  12. #12
    The probability is that the hackers installed a backdoor to the site--perhaps even the server. At minimum, all site passwords need to be changed, ie, control panel, database, and WordPress dashboard. The site should then be backed up & reinstalled from scratch/reprovisioned. The site database(s) should also be examined for signs of a compromise.

    It wouldn't hurt also to do a malware scan on your server. WordFence also has a facility, which, if enabled, can check for files outside WordPress that might be compromised. Ensure also that those files in the wp-content directory, w/particular emphasis on the uploads directory, do not contain any harmful code.

    sitecheck.sucuri.net can check for unsafe sites, as can searching the site like:
    site:example.com
    on Google, but these should not be considered definitive.

    Spamboss does have increasingly lengthening times to clear a blacklist when IP's are blacklisted more than once, so you really need to take these steps to fix the problem. Hire a professional at fixing compromised sites, if required.
    Last edited by abletec; 03-22-2023 at 01:21 PM. Reason: error

  13. #13
    Join Date
    Mar 2019
    Location
    Kyiv, Ukraine
    Posts
    85
    If you are blacklisted every time, you may consider moving to another standalone system because repeated blacklists can escalate and delay the next time.
    Virtual SystemsUA Anonymous Website Hosting Since 2009
    Dedicated Hosting | VPS Hosting | Shared Hosting | Exclusive Adult-Friendly Servers & VPS from Amsterdam
    Visit our website: https://vsys.host | Email us: info@vsys.host

Similar Threads

  1. LEASEWEB [IP blacklist issue]
    By cabn12 in forum Dedicated Server
    Replies: 14
    Last Post: 02-23-2012, 10:02 PM
  2. [ask] how to make ip blacklist in vps
    By CustomerSupport in forum VPS Hosting
    Replies: 12
    Last Post: 07-19-2010, 12:59 PM
  3. Free Upgrade! - Free WHMCS,ClientExec,Flash Tutorials,SSL,Dedi IP, Branding Removal
    By Dan - Purely Website in forum Reseller Hosting Offers
    Replies: 1
    Last Post: 04-13-2009, 07:54 AM
  4. IP BlackList Lookup
    By EvilMan in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 07-12-2007, 05:17 PM
  5. Is my host on an IP blacklist
    By Tanuk in forum Web Hosting
    Replies: 11
    Last Post: 04-25-2004, 07:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •