Domain Flagged For Malware; How To Correct Blacklist
Apr 29, 2009
A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
View 3 Replies
ADVERTISEMENT
Oct 31, 2007
I have an addon domain running on my webhosting along side my primary account. I am mostly using the Thunderbird client to send e-mails. 80% of the time when I send a mail out from "name@addondomain.com" hotmail, gmail, yahoo all see it as spam!
What's ironic is I receive more darn adult e-mails in my free accounts than anything else, and yet it's thinking the occasional mass personal message is SPAM?
So these guys that flood my inbox daily must know something I don't?
Is there something I'm doing incorrectly? Or do I need to change a hosting package setting, should I use different software such as a php mailing list?
View 3 Replies
View Related
Mar 11, 2009
I'm working on a young site that will be changing its focus and its domain name to reflect the new focus. What is the correct way to change the domain name? In the past, I've simply created a new site in WHM/cPanel under the new domain name and copied the old site (and database) over, which was a great deal of work. Is there another way to do it that is less time consuming - without having to copy files? Are you not able to just change the domain name setting in WHM without having to copy the entire site over to a new directory on the server?
View 5 Replies
View Related
Jan 24, 2007
I work at a small startup. We have a database of contact information that is available on a subscription basis; people signup up and can download a limited number of contacts each month.
A core part of our signup is to send an activation email to the client. The email has a link back to our site. Clicking on the link activates the account and allows the client to log in.
Sometimes -- not always, but probably 20% of the time -- the client's email server will reject our activation email as spam. We see this alot with hotmail clients, and occasionally with others.
We're able to reproduce the problem. It appears to be an issue of the mail headers rather than the email content. I think it's related to the way we have our internal email configured: our email is hosted at Network Solutions, but we send the activation emails from our server at LiquidWeb. The activation email specifies a 'from' address that includes the domain that NS hosts.
My questions are: would this configuration cause email recipients to identify our email as spam? Short of moving our email server mgmt to our LiquidWeb server, is there anything we can do to avoid this issue from causing our email to look like spam?
View 1 Replies
View Related
Mar 30, 2007
A user in my server trying to send email, but email is flagged as "Absolute Spam" by Spamassassin. It says IP is listed in SBL/XBL.
There is an IP address in "Received-From" part of the headers. That IP is actually listed in several spam databases, but not my server's IP (Below, red and bold).
Email is sent from my server, but how come "From" IP is different from mine?
Headers of the email are below:
Quote:
Received: from [203.215.94.252] (helo=[10.0.0.7])
by server1.kanmonline-server101.net with esmtp (Exim 4.63)
(envelope-from <*********@sweetmail.org>)
id 1HQ3Yj-0007jV-6J
for ************@ezweb.ne.jp; Sun, 11 Mar 2007 00:32:37 +0900
Mime-Version: 1.0 (Apple Message framework v624)
In-Reply-To: <**********************@nm03imap01c.ezweb.ne.jp>
References: <**********************@nm03imap01c.ezweb.ne.jp>
Content-Type: text/plain; charset=ISO-2022-JP; delsp=yes; format=flowed
Message-Id: <98108bd45ea8b8bbd10cc7c35b6fad81@sweetmail.org>
Content-Transfer-Encoding: 7bit
From: =?ISO-2022-JP?B?GyRCOWI2NhsoQiAbJEIwITUqO1IbKEI=?= <**********@sweetmail.org>
Subject: Re:
Date: Sat, 10 Mar 2007 23:32:34 -0800
To: *********@ezweb.ne.jp
X-Mailer: Apple Mail (2.624)
View 1 Replies
View Related
Jun 12, 2014
In my windows event log I'm seeing the line
The Apache service named reported the following error:
>>> [Thu Jun 12 16:31:18.469814 2014] [proxy:info] [pid 3692:tid 288] AH01145: Sharing worker 'http://forum.mysite.de/phpBB3/' instead of creating new worker 'http://forum.mysite.de/phpBB3/'
Flagged as an error. Actually this isn't an error.
View 3 Replies
View Related
Jul 31, 2006
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies
View Related
May 16, 2009
in my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies
View Related
Apr 23, 2008
Can this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
View 3 Replies
View Related
Oct 31, 2009
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
View 7 Replies
View Related
Apr 8, 2009
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
View 1 Replies
View Related
Jul 24, 2009
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
View 14 Replies
View Related
Aug 21, 2006
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
View 6 Replies
View Related
Mar 24, 2007
I had a short-lived episode where one of my customers was spamming. I was able to shut it down quickly, but not quick enough to avoid getting SMTP blacklisted by RCN. The response from their mail servers is:
SMTP error from remote mail server after initial connection:
host mx.lnh.mail.rcn.net [207.172.157.50]: 554 mx05.lnh.mail.rcn.net
No information there on what blacklist system they use, or how to get de-listed. Nothing that I can find on RCN's web site. Mail to postmaster is ignored. Mail to support is ignored. Can't get past 1st-level support over the phone. I'm stuck. Blacklisted and can't get off.
Anyone dealt with this with RCN before?
View 4 Replies
View Related
Nov 25, 2008
What do you do if your server is on a blacklist?
This just happened to my server about a week ago. Folks complaining they cannot get their signup emails etc, me not getting server notifications etc etc. Sure enough, showing up on a blacklist, one that checks the /24 block. So I am penalized for somebody else in block spamming.
I tried to setup godaddy email on the server, it works but not for internal emails FROM server (ie using php script to notify somebody or me). I added the mx records to the WHM and it does not work, I tried to add site to /etc/remotedomains and remove from the remotedomains but that does not work.
somebody mentioned using pears SMTP mail method, but then would have to change all the code, ugh.
how can I change the main servers relay so ALLLLL email will be relayed through the godaddy servers instead of the default it is using. i am running Exim.
View 7 Replies
View Related
May 8, 2009
I have an issue with o2 - some of their mailservers have blacklisted IPs and hence mail doesn't get delivered to recipients whose ISPs subscribe to the specific blacklists.
Questions:
1 If mail is not delivered, will I ALWAYS know about it?
I've had bounce notifications from one specific ISP, but I'm wondering whether in other cases the mail will just not get through and I'll not know about it.
2 I'm aware of problems with two specific o2 IPs:
82.132.130.151
82.132.130.169
View 3 Replies
View Related
May 25, 2009
I have exim mailserver (cpanel based),and when i send mails to some domains i have got the following error
550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com
How can i solve this issue ? How can i avoid my IP from listing in 88.blacklist.zap?
View 1 Replies
View Related
May 21, 2008
We've had a couple cases of fraud recently, and have blacklisted the IPs (which turned out to be proxy servers) of the perpetrators. It got me thinking... has anybody put together any kind of IP blacklist for fraudulent orders? Something like a DNSBL for spam, but focused on IPs that fraudsters use?
View 5 Replies
View Related
Jul 11, 2007
if there should be a "provider blacklist".
There are some companies whose reviews are mostly bad, and its not just one but many.
Some examples :
- SurfSpeedy
- BuyAVPS
It should steer new users from these companies as it will leave them negative impressions of an otherwise good sector of the hosting market.
Of course, these should be backed up by evidence.
View 14 Replies
View Related
May 11, 2007
When I tried the Spam DataBase Lookup on dnsstuff.com I saw in results something that:
[url]
How can I fix this issue?
My server wasn't hacked. I check logs every day and I didn't say nothing disturbing.
View 4 Replies
View Related
May 17, 2008
I can only assume that I have a virus or adware on my server but Acunett says that there is nothing. I double checked all of my email sending php scripts and all of them are secure and not sending any spam. However in my mail queue in WHM I see spam emails and my server's IP keeps getting relisted on the blacklist located at:
[url]
AM I THE ONLY PERSON IN THE WORLD WITH THIS PROBLEM? This is getting frustrating I have probably spent over 200 hours trying to get this resolved but it seems like no one knows what to do. This is hurting my business since I have tons of emails stacked in my queue and being blocked by email providers due to that blacklist. I remove my server's IP successfully and the next day it is blacklisted again. If anything how can I check my linux server for viruses?
View 6 Replies
View Related
Apr 10, 2007
Can I ask what is the website where I can check if a server IP has been blacklisted?
View 2 Replies
View Related
Nov 3, 2009
I am a reseller for SkyNetHosting.Net for about 3 months now and yes we are new in hosting business. For this pass 2 months I'm having issues with my host server firewall. Every time I get myself blacklist I have to summit a ticket asking for my IP to be whitelist. Its fine with me but I don't think my clients are happy with this as we are getting almost 90% non-renewal rate..
They keep saying its my fault.. Ok, I can take that.. But how do I explain to my clients and most importantly my client's visitors??
Is there anything on the firewall settings that they should tweak to minimize this?
I never had any problem when I was at hostgator...
My user experience with you guys so far has been excellent, especially the support department and if I were to single out your tech support employee, it has to be Nathan. Thumbs up for his fast and reliable support.
However I have one major complain.. And that is your firewall issue as I keeps getting block/blacklist even for a mere moment of connecting to Luna Server for less than 10sec. Yes, you heard me.. just 10sec after i login to the internet and browse my sites there is a high possibility of my IP getting blacklist.
We're not a pure web hosting company, we received more web design projects where by they also host their website on our server. So you see, we maintain most of our clients website and regular FTP to multiple websites are required.
Here are the list of things I would do 1st thing when I login to internet, including my employee and my business partner. So if we multiply the below by 4 .. We will get blacklist for sure, most of the times!!
1. Login WHMCS
2. Login Livezilla Chat Support
3. Login webmail to check emails
4. FTP Updates on clients sites
I hope you guys can re-look into the firewall sensitivity settings where by it reduce or better still does not effect us business wise.
My Host reply to ticket
Hello,
I recommend to change ALL your FTP/cPanel passwords at once and if you are saving them on browser, FTP clients not to do it anymore. If possible try to login from a deferent clean laptop/PC and see if you get the same problem.
Kind Regards,
Jessica S.
---------------------------------------------
Hello,
Customers who save their FTP login credentials in FTP softwares like FileZilla, Cute-FTP, WS_FTP-Pro, Dreamweaver or Frontpage are prone to malicious scripts injections from their PC's using their legit cPanel login details via FTP and the owner of the domain/account were not even aware of it. Your login credentials are leaked to the hackers once a Trojan or Virus gets installed on your Windows Machine.
The easiest way to save your login credentials would be, to save them in a text document without saving the Domain name or Login Host information in the same document. To be absolutely sure your FTP account won’t get compromised, we highly recommend you choose a strong password which contains a combination of upper and lower case letters, numbers and special characters such as $?£;: while adding a new FTP login name from your cpanel control panel. If you manage multiple websites may not like this change, but losing your data and then losing your rankings in Search Engines will create more trouble.
Few reads about this:
http://www.lexiconn.com/blog/2009/08...he-rise-again/
http://www.sitepoint.com/forums/show....php?p=4380314
http://forums.majorgeeks.com/showthread.php?t=196915
Thank you for your time.
Best Regards,
SkyNetHosting.Net Inc.
Honestly I don't think this issue can be resolve on the user end as we are currently facing a monthly non-renewal rate of 90% from our clients. If this goes on we would end up losing our reputation and most importantly our business.
Yes, I can tell them the same message that your tech support replied to me. But my clients do not understand and they would rather find a host that are less complicated "firewall sensitive". Is there somehow you can recalibrate the firewall sensitivity, so we all can have our peace?
My client on chat support
Hi Chester.
My Cpanel username is 'justin'.
This is with regards to my problem with the IP whitelist.
I need a no-nonsense answer.
I have visitors from the US complaining that they cannot view my site.
I cannot possibly be whitelisting everyone.
So, is it possible to tweak the filtering/firewall settings?
If it is not possible, I would like to exercise my money-back guarantee and close my account.
I would like a day to download my files and databases if that is possible.
I can pay a pro-rated amount.
View 0 Replies
View Related
Jan 19, 2008
I'd like to keep an IP blacklist, and have Apache enforce it. Because I want it to apply server-wide, I want to use it in httpd.conf, not .htaccess.
Rather than constantly editing httpd.conf by hand, I'd like to keep a file of IPs, and have Apache read that file and use it as the argument for a "deny from..." directive. Try as I might, I cannot find any documentation, nor any examples, of this usage. Is this something that's possible?
(It turns out that Apache doesn't honor /etc/hosts.deny, hence this question.)
View 8 Replies
View Related
Aug 13, 2008
I just lost access to my site, but wannabrowser & siteuptime, etc. all said it was up!
I ran ipconfig /flushdns and everything.
Finally, I unplugged my wireless & router and waited. Plugged it back in, everything worked (I had a new IP)
The only suggestion I can come up with is that my own security protection filtered me! How can I view the nodos blacklist to see if this is the case?
I already checked iptables -L and my IP (and range) did not show.
View 4 Replies
View Related
Dec 16, 2008
As of 12-15-08 our spam system has learned and blocked these addresses. Check attachment for your records help stop spam at the source.
View 9 Replies
View Related
Jan 26, 2007
Wondering if anyone knows of an email DNSBL that are have a real time reporting tool which directly feeds the DNSBL?
I have been using Spamcop for reporting in hopes I might be able to get some IP's listed. However so far I have not seen any IP's listed until many hours or days after they are reported (possibly going through a validation process?).
Wondering if anyone knows a more pro-active DNSBL that is fed directly by reporting and administrators?
View 2 Replies
View Related
Jul 23, 2009
Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".
I looked through the page and noticed a chunk of code added at the end of the page:
[code ...]
I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).
I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!
Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..
I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.
View 7 Replies
View Related
