Spamhaus listing us for being listed and will not remove listings now?
- Thread starter coreyman
- Start date
I've seen e-mail threads.
Munzy
Active Member
The thing is, so what if fail2ban blocks them initially. In the long run it makes by far more sense to have. That way you aren't having to spend time cleaning up a compromised vm, reporting to authorities, dealing with spamhaus, etc. It just makes sense. The other great thing about fail2ban is it isn't idiotic. A simple reboot will generally clear the listing, and it would protect at least a little from initial weak password combos.
AuroraZero
Active Member
This may be a stupid question but did these ips happen to belong to someone else before they were swiped to you? If that is the case they may have been listed more times then you know of, and this may be the problem.
https://www.serverping.net/clients/cart.php?a=confproduct&i=1 intergrates with WHMCS and WHM with csf installed so clients can unban themselves
DomainBop
Dormant VPSB Pathogen
12 reports, including 2 escalations on that one /24 in the past 4 months is quite a bit, and even if Spamhaus removes that SBL a large percentage of your customer's emails are still going to be blocked in many places because the reputation of most of the IPs on that /24 is absolute shit at SenderBase: http://www.senderbase.org/lookup/?search_string=104.255.96.0 . Looking at another of your blocks 104.255.98.x , I'd be shocked if the 50+ IPs used for *.whiterteeth.com subdomains aren't being used for either email spam or comment spamming.Quote said:
In the past two months there have been 4 reports total on that 96.x range. Of course the reputation is going to be absolute sht, we are listed in the SBL!!
IF you haven't noticed, most of those reports are for TINBA BOTNET controllers. These do not emit email spam.
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
Spamhaus tends to take a longer term view of IP SBL reports for an IP block or network operator than just the past 2 months ,so when they decide to escalate they'll usually look back at the cumulative SBL history over the past 6-12 months.
So after spamhaus finally decides to send over all the tinba botnet controller reports all on the same day, then they escalate you for botnet hosting right after, and then you get listed ~ 3-4 months later it's an automatic range blacklist time with no redemption? Seems legit.
Last edited by a moderator:
yep that whiterteeth.com home page looks real legit. Placeholder type of page with 50 sub-domains..
To be on a SBL that 54% increase in email volume is interesting. Add in the 5 + average for the past month. My they're busy little typers aren't they.
I wonder what viber-marketing.info is?
To be on a SBL that 54% increase in email volume is interesting. Add in the 5 + average for the past month. My they're busy little typers aren't they.
I wonder what viber-marketing.info is?
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
To get yourself back in their good graces the next time you contact them you should tell them what you've done to prevent it from happening again, i.e. "We implemented xyz monitoring to detect/prevent botnets...", "We implemented xyz during registration to reduce the number of abusive clients signing up...", etc. Spamhaus is also like google and expects you to kiss their ass in all communications (even when it is entirely their fault) so don't lose your temper when communicating with them...
----------------------
Semi off-topic, Spamhaus (finally) went after a lot of the crap on AWS today (AWS has been a huge source of crap over the years: email and comment SPAM, bots..especially SEO bots) , lots of Amazon SBL's issued today and Amazon now has 185 SBL's and is sitting in the #2 spot on the Spamhaus worst ISP list. +1 for whacking Bezos & Co.
Last edited by a moderator:
Look at the key points on the SBL pages: "Can't trust this IP space at the moment."
At the moment. I would suggest leaving that /24 IP idling for 1 ~ 3 months. Explain to the VPS customer your circumstance and the need for an IP change (I'm aware and admit that this is actually sounds easier than doing it). After that, you can contact them again to remove the listing. State that the IP has been cleaned from the abusers and not being used for some months already (in a non-aggressive way). Then ask them politely if there's any additional steps or information needed in order to remove that listing. They might go on defensive mode again if your tone is deemed a bit aggressive by them.
The goal here is to get the IP delisted. Questioning and making a problem of their decision, even if you're in the right, might not yield a good results.
If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info
At the moment. I would suggest leaving that /24 IP idling for 1 ~ 3 months. Explain to the VPS customer your circumstance and the need for an IP change (I'm aware and admit that this is actually sounds easier than doing it). After that, you can contact them again to remove the listing. State that the IP has been cleaned from the abusers and not being used for some months already (in a non-aggressive way). Then ask them politely if there's any additional steps or information needed in order to remove that listing. They might go on defensive mode again if your tone is deemed a bit aggressive by them.
The goal here is to get the IP delisted. Questioning and making a problem of their decision, even if you're in the right, might not yield a good results.
If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info
Last edited by a moderator: