Announcement

Collapse
No announcement yet.

Am blacklisted due to Webhosting UK hosting other blacklisted sites?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Am blacklisted due to Webhosting UK hosting other blacklisted sites?

    Hi
    I am somewhat concerned that since moving to a dedicated server with Webhosting UK my IP addresses are now beginning to be seen on blacklists;

    The site used for the check was Email Blacklist Check - See if your server is blacklisted

    I check the blacklists occasionally to ensure we are clean and late last week saw that we are black listed on 510 Software Group

    I wrote to them as the site referenced is nothing to do with us and recieved this response:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1


    > The message is “IP address 109.75.171.40 is listed here as
    > pantscup.com misc.”

    We saw indications of bulk mail from that /24, including from systems with reverse dns names in domains with web content that is list on sight here. A current scan shows:

    109.75.171.54 is listed on sbl
    109.75.171.117 server.bircicekal.net. is listed on bircicekal.net.dbl.spamhaus.org
    109.75.171.184 bossroof.com. is simple unsubscribe
    109.75.171.185 pantscup.com. is listed on pantscup.com.dbl.spamhaus.org, is simple unsubscribe 109.75.171.240 tanbottle.com. is simple unsubscribe
    109.75.171.241 cupsaddle.com. is simple unsubscribe
    109.75.171.242 hosedrum.com. is simple unsubscribe
    109.75.171.243 indigobice.com. is simple unsubscribe
    109.75.171.244 hosehat.com. is simple unsubscribe

    Those need to disappear first. webhosting.uk.com needs to address that issue, or specify the boundaries of that infestation.

    I raised a ticket with WHUK for advice and have had no response.

    Today I checked the RBL lists again and find we are now also listed on ivmSIP/24, I have been through their removal process but I am naturally worried the problem is spreading.

    Does anyone have any suggestions / experience with this issue.

    I appreaciate that if one is on a shered server ther is a risk of cross-contamination but I am somewhat dismayed to see this on a dedicated server.

    Thanks

    Christina

  • #2
    Hi Christina,

    Support are able to assist you with this issue.

    It's unfortunate when an entire /24 is blacklisted due to the selfishness of spammers alike.
    Webhosting.UK.com || cPanel VPS Hosting || Reseller Hosting

    Sales: 0808-262-0855
    Support: 0800-612-8725
    International: +44 191 303 8191

    Comment


    • #3
      Originally posted by xina_s View Post
      Hi
      I am somewhat concerned that since moving to a dedicated server with WHUK my IP addresses are now beginning to be seen on blacklists;

      The site used for the check was Email Blacklist Check - See if your server is blacklisted

      I check the blacklists occasionally to ensure we are clean and late last week saw that we are black listed on 510 Software Group

      I wrote to them as the site referenced is nothing to do with us and recieved this response:

      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1


      > The message is “IP address 109.75.171.40 is listed here as
      > pantscup.com misc.”

      We saw indications of bulk mail from that /24, including from systems with reverse dns names in domains with web content that is list on sight here. A current scan shows:

      109.75.171.54 is listed on sbl
      109.75.171.117 server.bircicekal.net. is listed on bircicekal.net.dbl.spamhaus.org
      109.75.171.184 bossroof.com. is simple unsubscribe
      109.75.171.185 pantscup.com. is listed on pantscup.com.dbl.spamhaus.org, is simple unsubscribe 109.75.171.240 tanbottle.com. is simple unsubscribe
      109.75.171.241 cupsaddle.com. is simple unsubscribe
      109.75.171.242 hosedrum.com. is simple unsubscribe
      109.75.171.243 indigobice.com. is simple unsubscribe
      109.75.171.244 hosehat.com. is simple unsubscribe

      Those need to disappear first. webhosting.uk.com needs to address that issue, or specify the boundaries of that infestation.

      I raised a ticket with WHUK for advice and have had no response.

      Today I checked the RBL lists again and find we are now also listed on ivmSIP/24, I have been through their removal process but I am naturally worried the problem is spreading.

      Does anyone have any suggestions / experience with this issue.

      I appreaciate that if one is on a shered server ther is a risk of cross-contamination but I am somewhat dismayed to see this on a dedicated server.

      Thanks

      Christina
      Hello Christina,

      I apologies for the delay in responding to your post. I have responded to your ticket Ticket #DHK-88521-284

      Regards

      Comment


      • #4
        Thanks - a solution (new set of IPs) was provided and am gradually getting sorted thanks to a lot of help from Support (Cheers Raymond)

        Christina

        Comment


        • #5
          Hi there! I'm new here and I'm a bit concerned about this information. What are the ways wherein a website will be blacklisted? Is there a way wherein we will know if our website is blacklisted without checking websites that are blacklisting?

          Comment


          • #6
            Originally posted by MisterT View Post
            Hi there! I'm new here and I'm a bit concerned about this information. What are the ways wherein a website will be blacklisted? Is there a way wherein we will know if our website is blacklisted without checking websites that are blacklisting?
            Your website may get blacklisted if there is virus / malicious content in web pages of your site and cause for network abuse.
            Other reason for blacklist is if your site has phishing content. In both the cases website can be blacklisted.

            Generally we send inform our client if we receive any abuse complaint against their site.

            Comment


            • #7
              Hi MisterT - I don't think there is any cause for alarm. I came across this as I check my IP addesses against DNS blacklists regularly: we keep a close eye on our email deliverability and if our IP ends up on a blacklist we need to find the reason and clear it. It's the IP address asscociated with the site that was found to be a blacklist rather than the site itself. We were on another list too not sure if it was the same reason... but they permitted us to remove ourselves: the attitude of the one that wouldn't seems rather extreme.

              Web Hosting have provided me with new IPs and support helped get everything sorted - a bit of disruption for sure but is all sorted.

              Hope this helps clarify.

              Christina

              Comment


              • #8
                How could this happen on a dedicated server? Was the IP hacked or spoofed or is there another way that I am unaware of. I was under the impression that if you were on a dedicated server you had an IP that isn't shared.

                Comment


                • #9
                  Originally posted by MillenniumF View Post
                  How could this happen on a dedicated server? Was the IP hacked or spoofed or is there another way that I am unaware of. I was under the impression that if you were on a dedicated server you had an IP that isn't shared.
                  Indeed. Dedicated server IP addresses aren't shared. Unfortunately sometimes an anti-spam provider can block an entire /24 range because of a selfish spam user within that range.
                  Webhosting.UK.com || cPanel VPS Hosting || Reseller Hosting

                  Sales: 0808-262-0855
                  Support: 0800-612-8725
                  International: +44 191 303 8191

                  Comment


                  • #10
                    Originally posted by Dan View Post
                    Unfortunately sometimes an anti-spam provider can block an entire /24 range because of a selfish spam user within that range.
                    Can you please explain a bit more on how this happens? How is the range made up? How does this affects the websites being registered in that range?

                    Comment


                    • #11
                      Hmmmm - not convinced

                      Seems to me that the lack of adequate firewalls and AV software in the provision is letting the customers down. Time and again my VPS has been compromised and the IPs blacklisted as there is no real proactive service protecting the systems.

                      Changing the IP is just a quick and dirty fix - I would suspect that the real cause is rogue code injections in the server...

                      Comment


                      • #12
                        Originally posted by mark146 View Post
                        Seems to me that the lack of adequate firewalls and AV software in the provision is letting the customers down. Time and again my VPS has been compromised and the IPs blacklisted as there is no real proactive service protecting the systems.

                        Changing the IP is just a quick and dirty fix - I would suspect that the real cause is rogue code injections in the server...

                        Most of the code injections & phishing attacks are done through ftp. A brute force attack is done through ftp to gain access & upload files. In such cases the firewall is also not able to stop such attacks. On cpanel server we recommend to disable the ftp access to default cpanel user & add a separate ftp user for the document root directory.
                        Regards
                        Sam
                        Asst. System Admin
                        VPS Support Team

                        Comment


                        • #13
                          There is no IDS to monitor this activity and since when do you 'recommend' that the FTP access is removed, first I've heard about it and been on system for 13 months.

                          Comment

                          Working...
                          X