Page 1 of 1

IPs getting blacklisted because of spam attacks

Posted: April 15th, 2013, 2:45 am
by krish
Hi all,

Last week, there was a mail from one of our members that they are getting below message when trying to access the forum:
Access denied. Your IP address [xxx.xx.xx.xx] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.
When we checked with our hosting provider, we got below reply.
xxx.xxx.xx.xx is your user's personal computer's IP address, assigned to them through their internet service provider--probably xxxxxxxxxx, in this case. It looks like that IP address has been added to our local blacklist because it was part of a recent attack on our servers targeting WordPress sites. This most likely means that one of the computers using your user's IP address--i.e., using their internet connection--was hacked and used by the hackers as part of this attack. The fact that the IP address was blacklisted for spam makes it even more likely that their computer is infected, since personal IP addresses shouldn't be sending any email at all!

Please ask them to use an antivirus program to scan their computer for the virus which caused this problem. If they have no antivirus program, I would suggest Avast! Antivirus, which is available for free on Mac and Windows:

http://www.avast.com/index

In the meantime, I have added the to our local whitelist, where it will enter a "trial period" of 72 hours. If we receive any more reports of malicious behavior within those 72 hours, the IP will be automatically re-added to the blacklist. If, on the other hand, there are no reports of malicious behavior from that IP after 72 hours, it will be de-listed completely.
So, please use the anti virus to clean up the systems and also try to disconnect from network, when not using so that hackers wont exploit your resources.