hopiland
By:
hopiland

Is your IP at DigitalOcean one of the thousands that have been blacklisted?

August 31, 2017 509 views
Server Optimization

Seems like a whole block of IP addresses at Digital Ocean have been blacklisted at Spamhaus:

https://www.spamhaus.org/sbl/query/SBL368922

A cut and paste of the Removal Procedure is below:

To have record SBL368922 (192.81.208.0/20) removed from the SBL, the Abuse/Security representative of digitalocean.com needs to contact the SBL Team by email to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated).

If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.

Botnet hosting going on for weeks, ignoring abuse reports and multiple reminders sent by Spamhaus and 3rd parties:

SBL #: SBL359176
Date: 2017-08-02
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: SBL Notify: IP: 192.81.212.79 added to Spamhaus Block List (SBL)

SBL #: SBL359176
Date: 2017-08-13
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]

SBL #: SBL359176
Date: 2017-08-17
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: FINAL REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]

3 Answers

Well, it's pretty much pointless posting that in the community. If you have a problem with their blacklist then you can contact digitalocean through tickets. Although I doubt much will be done, servers get abused the same like any other provider of servers. Whether they care or not is up to them, simply destroy your droplet and create a new one to obtain a new IP address.

I've been to the support page, and was directed to this community. Server Optimization seems to be the appropriate category, and I believe many subscribers at DO would like to know their IP is blacklisted as well.

I suspect a DO representative reads issues posted in this community, but then maybe they just don't give a damn. Their support ticket link doesn't work, and crashes the Chromium browser.

It makes no sense to play cat and mouse changing an IP address each time there is a problem.

I've had the same IP for years, and making a change for a blacklist is a hassle which will only require more changes.

I've referred several friends and associates to DO over the years, and given DO plenty of positive praise, but it seems now the tide may be turning for management.

Must we now begin to think more seriously about moving our business to another provider?

"Well, it's pretty much pointless posting that in the community."

Your response seems pretty pointless to me.

It seems that Digital Ocean has turned into bulletproof hosting. I report hackers using Digital Ocean VPNs. I have one hacker in particular that Digital Ocean has done absolutely nothing about. They take my reports, but the hacker comes back with a different IP address on Digital Ocean.

Probably the reason Spamhaus is blocking whole blocks of IP space is this hacker likes to dictionary search email. Digital Ocean's failured to cancel the hacker's account, and thus everyone suffers.

When you get blocked by AT&T, their removal scheme doesn't work. You need to join an AT&T forum and rant. Then someone will PM you. Contact that person, and you will be removed from the AT&T blacklist.

Note I have SPF and DKIM. It isn't like I appear to be a hacker. It is just that I and probably you get tarred with the same brush due to Digital Ocean's failure to drop this hacker as a customer.

I'm going to do a post elsewhere along the same lines and see if anyone at Digital Ocean responds.

Have another answer? Share your knowledge.