CBL keeps listing my website's IP (GoDaddy's IP) due to spam/virus/troja, etc. coming from other domains hosted in the same IP address...
This is the latest one:
IP Address 188.8.131.52 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2016-10-03 14:00 GMT (+/- 30 minutes), approximately 2 hours ago.
The infected host name is "**************", and this link has an example of the malicious redirect: "http://*************************************" Depending on the infection type, there may be dozens more malicious redirection pages under ******************.
Welcome to the community!
Sorry for the delay getting back to you on this matter. Generally, if you encounter your site IP address hosted with us being reported on a CBL, you'll want to reach out to our live support so our hosting and security teams can help investigate into this.
I had to hide some of the details in your post for security reasons, but our teams did get a chance to look at this and submitted a request to the CBL to delist the IP. The following is the confirmation they received from the request:
"Removal of the IP address 184.108.40.206 from the CBL is now pending.
This means that your removal request has been accepted and your IP address WILL be delisted as soon as possible.
The CBL lookup page will already show that the IP address has been removed, but it takes a little longer for mail servers to notice the removal.
It should take no more than an hour or two before all servers that use the CBL notice the removal. Do not contact us to try to speed up removal - it's not possible to speed it up any more than it already is. Please be patient."
If you run into similar issues again, please don't hesitate to get in touch with our support so they can look into this much more quickly for you.
I see you've merged my post with this one.
I've called technical support and reported this blacklist. They said there is nothing they can do.
So what can be done to address this blacklist? It's already been 5 days. Can you confirm that the security team is working on this?
I understand that this will occur occasionally since our domain is shared with 5700 other ones, but what is the process for getting this cleared up? How long is acceptable to be blacklisted?
@GC, it appears that you failed to understand understand what @munera posted and this seems to be a general problem with GoDaddy support. In @munera's post, he clearly states that his issue is with the website IP Address however the mail team was involved. It is possible that the mail team took some action and perhaps GoDaddy is running SMTP and POP/IMAP server on the webserver, although I pray that is not the case. This is a web hosting issue, not a mail issue. There are several actions that GoDaddy needs to take when a site is infected or else CBL will not remove the IP Address or it will get blacklisted shortly after being removed. If this happens after a certain number of times, I believe it is three times, CBL will permanently blacklist the IP Address so any further requests to remove the IP Address will be denied. The steps that GoDaddy needs to take to resolve this issue are as follows.
1. Contact the owner of the site and request that they clean their site within 24 hours. (The amount of time needs to be defined and in the user level agreement.)
2. If the user cleaned their site, then GoDaddy should verify that the site has been cleared of malware. If the site has not been cleaned then the site needs to be stopped/removed from the server.
3. Once the site has been validated as cleaned or removed, contact CBL to request that the IP Address is removed from the blacklist.
Of course, GoDaddy should have malware scanners running on all servers and automatically contact owners when malware is found. CBL and other blacklisting services are not a good defense. It is too late when these services detect an issue. The damage has been done. There is also a potential that a piece of malware could infect more than just one server so GoDaddy should take this very seriously. This is no way to run an IT shop. At my 9 to 5 job, we would never operate this way. If we did, we would be terminated or worse see jail time. I cannot understand why these incidents are not taken more seriously. Hopefully the sites being co-hosted are not handling financial, PII, or PHI information so the impact is not as critical as some of the systems at my 9 to 5 job but they still should be taken seriously.
MY Go daddy IP Address 220.127.116.11 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2017-03-08 06:00 GMT (+/- 30 minutes), approximately 3 hours ago.
I phoned Support but they have said that my emails are working. I think the problem is still not resolved because but my IP address is still blocked and it says it is infected.
The infected host name is "www.votemarylouise.org", and this link has an example of the malicious redirect: "http://www.votemarylouise.org/wp-content/uploads/6d6d6169d5.html" Depending on the infection type, there may be dozens more malicious redirection pages under www.votemarylouise.org.
If I out in the ip address 18.104.22.168 it says "This website is temporarily unavailable, please try again later". When I tried to look up reverse ip address it shows the ip address as go daddy
How do I go about clearing this???? I am not internet savvy and please need this resolved. I do not spam anyone and only send emails after I have contacted someone and send them mail they are expecting.