Question

Entire DO subnet was marked as blacklisted!!

Posted November 2, 2019 1.2k views
Security

Hello Support Team, everyone,

Recently, I’ve noticed that my ip address got rejected by a couple of websites, and therefore performed a sanity check on several ‘ip blacklist’ services. Turns out that my IP appeared in one of them, and after I contacted them, here’s the answer I got:

Dear Mr. [...],

thank you very much for your message. Your IP is not blacklisted because
you performed certain actions but because it is part of a network of
DigitalOcean, from where we encounter multiple thousand attacks per 
hour.
DigitalOcean does not care about those attacks not they react on any of
our abuse reports. Instead is seems to be their business strategy to
provide [.. removed because of possible legal issues..].

We cannot accept this behavior and cannot let our customers be a 
permanent
victim of those actions. Thats why we blacklisted the whole network 
until
DigitalOcean starts handling abuse reports. We are very sorry for any
connection problems you or your customers encounter and can only advice
you, to chose another provider / IP address for your systems.

Kind regards,

[...]
Darklist.de

Can DO support provide some sort of follow-up? If a significant portion of websites I browse using my droplet as a VPN become unreachable, that will become a problem very quickly.

Has anyone noticed ip blacklist problems recently?

thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
3 answers

Hello,

As a bit of caution, this is our Community portal that typical gathers responses from everyone who comprises that community. Issues particular to an IP address or potential connectivity troubles might be best directed to a proper support ticket so you can have a direct dialog. Support tickets can be created by clicking the buoy in the top-right corner of your Cloud control panel or by going to the following address and entering in your query:

https://www.digitalocean.com/company/contact/

First, I want to say that we seriously review each and every abuse report, taking action where needed. In fact, we have quite a reputation for being tough on those who violate Terms of Service (available here: https://www.digitalocean.com/legal/terms-of-service-agreement/). As a result, it’s hard to speak to exactly what they’re attempting to convey unless there was an issue with their delivery of abuse reports. Unfortunately, I’m unfamiliar with this blacklist, so I cannot provide much insight on that end.

In any case, we’d certainly be happy to dig into this a bit more although we would require some additional details that I don’t feel comfortable asking you to share via our Community forums. Could you create a ticket with us, referencing this particular Community post and sharing your Droplet’s IP address? That would allow us to review this a bit more in depth and raise it with our Security team as well.

Swimmingly,
Garrett Jansen
Developer Support Engineer
DigitalOcean

  • The DO network is still sending out spam to the world. Please track this down. My IP is being blocked at this blacklist but its not my server doing it.

    http://www.uceprotect.net/en/rblcheck.php?ipr=138.68.10.41

    • I’m in exactly the same blacklist! I see you are in the level3 list. I’m in level2: http://www.uceprotect.net/en/rblcheck.php?ipr=143.110.158.249

      • Me too. Pls fix this. This affect my seo and email deliverability

        • I don’t think they will do anything. This is the response I got when opening a support ticket:

          *DigitalOcean is not a dedicated email host and does not have a postmaster to maintain our IP reputation. As a result, some DigitalOcean IP ranges are blacklisted. We do not recommend sending mail from our platform directly and we will not request delisting. We will not prevent you from sending mail, but you will be at the mercy of the IP reputation if you choose to do so. Here are some possible workarounds if you choose this route:

          Request delisting from the blacklist provider when possible. If you are receiving bouncebacks due to the blacklist, the error message usually includes a link that shows you where you can submit a delist request.

          Snapshot and create a new Droplet for a new IP address. Note that this does not guarantee you won’t run into the same issues due to the reasons previously discussed. *

ok, will do.

  • Digital Ocean needs to police its IP block for abuse. This is definitely a terms of service violation by some of their clients. Most of the time its the client servers getting hacked. Most likely the email abuse is not even wanted by the clients anyway. They SHOULD be alerted.

    This is not hard to track down. Simply check the blacklists for their own ips and contact those clients and tell them to take care of it.

    Digital Ocean does not have to do any more than that. If they are recommending that we do not use their servers to send email then we should all abandon this platform as Digital Ocean is ok with illegal activities on their network.

This is still a problem!
http://www.uceprotect.net/en/rblcheck.php?ipr=138.197.165.199
The solution suggested by DO is to use a different mail provider. This doesn’t work for me because the main reason I run a droplet is for personal email. So maybe I go somewhere else? That would be unfortunate because except for this report DO service is solid.
Thanks