Question
Is your IP at DigitalOcean one of the thousands that have been blacklisted?
- Posted August 31, 2017
- Server Optimization
Seems like a whole block of IP addresses at Digital Ocean have been blacklisted at Spamhaus:
https://www.spamhaus.org/sbl/query/SBL368922
A cut and paste of the Removal Procedure is below:
To have record SBL368922 (192.81.208.0/20) removed from the SBL, the Abuse/Security representative of digitalocean.com needs to contact the SBL Team by email to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated).
If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
Botnet hosting going on for weeks, ignoring abuse reports and multiple reminders sent by Spamhaus and 3rd parties:
SBL #: SBL359176 Date: 2017-08-02 To: abuse@digitalocean.com,abuse@serverstack.com Subject: SBL Notify: IP: 192.81.212.79 added to Spamhaus Block List (SBL)
SBL #: SBL359176 Date: 2017-08-13 To: abuse@digitalocean.com,abuse@serverstack.com Subject: REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]
SBL #: SBL359176 Date: 2017-08-17 To: abuse@digitalocean.com,abuse@serverstack.com Subject: FINAL REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello all,
Unfortunately, if the IP is blacklisted by CBL and Spamhaus you will likely run into issues. We are actively working to improve the reputation of IP addresses, but many of these services are slow to delist an IP once it has been blacklisted.
If you’re just attempting to send outgoing mail from the server, I strongly recommend using a service like Sendgrid or Mandrill. They both offer free tiers. If that’s not an option, you can recreate your droplet in order to pick up a new IP address. The system attempts to reserve the IP for you if you create a new droplet with the same name as the old one. So in order to ensure that you receive a new IP, create the new one before destroying the old one.
Regarding the blacklist itself, I could suggest contacting the DigitalOcean support team directly for further assistance.
https://www.digitalocean.com/support/
As a side note, here is an interesting read on why you may not want to run your own mail server but rather use an SMTP provider:
https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server
Regards, Alex
Hello all,
Unfortunately, if the IP is blacklisted by CBL and Spamhaus you will likely run into issues. We are actively working to improve the reputation of IP addresses, but many of these services are slow to delist an IP once it has been blacklisted.
If you’re just attempting to send outgoing mail from the server, I strongly recommend using a service like Sendgrid or Mandrill. They both offer free tiers. If that’s not an option, you can recreate your droplet in order to pick up a new IP address. The system attempts to reserve the IP for you if you create a new droplet with the same name as the old one. So in order to ensure that you receive a new IP, create the new one before destroying the old one.
Regards, Alex
Hello all,
In our public community, we aim to answer open questions about anything SysAdmin, DigitalOcean and beyond. However, we make every attempt to keep personal information safe and so don’t ever access personal account information here. This means we can’t provide help with any account or billing-related issues.
Please reach out to our amazing support team who will be more than happy to assist you.
https://www.digitalocean.com/support/
Hope that helps! Alex
pulling out hair and running around on the 14th floor screaming
Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
Can Digital Ocean finally do something about this???
What about creating a droplet as a IPv6? Would this make a difference?
Spamhaus is blocklisting all the ips from Digital Ocean! At least the ones that I am getting.
3rd party? Lol, do you know how many percentages of email you sent will bounce with those three sites?
You either need to get that thing resolved which is very annoying but you will realize that your information also will be sold to 3rd parties during resolve period. Even mxtoolbox sell your email addresses to their country. Be ready to get spam emails right next day from Indian web designers. mxtoolbox isn’t free.
In any circumstance, you should never receive these dirty ass IPs and deal with those spam sites. Once your IPs in there. Either your information is sold to get it fixed as it costs you.
Yeah, you deserve to have these dirty IPs from Digital Ocean that’s one of the lowest part of them. Like they care?
Yes the IP I got was blacklisted on one list - although it has to be said some of these blacklists sites look like they have been abandoned at some point in the 90s and are on automatic pilot.
IP’s are abused and reclaimed, and yes ipv4’s have run out, although I’d like to think DO still run a blacklist checks before adding ip’s to their pool - i’m sure they must.
Not sure why you would be blacklisted just for having a droplet ip in the same pool as a spammer unless it had previous history. Any spammer would be using fake identities anyway, and I don’t think the background checks to fire up a droplet are in any way rigorous so I can’t see how DO can stop people abusing their server space and ip pool.
As long as they react fast when they have credible information of deliberate spamming/hacking that’s the main thing. If you’re saying they don’t well that’s something else.
Anyway, the tool I use is good old: https://mxtoolbox.com/blacklists.aspx
It seems that Digital Ocean has turned into bulletproof hosting. I report hackers using Digital Ocean VPNs. I have one hacker in particular that Digital Ocean has done absolutely nothing about. They take my reports, but the hacker comes back with a different IP address on Digital Ocean.
Probably the reason Spamhaus is blocking whole blocks of IP space is this hacker likes to dictionary search email. Digital Ocean’s failured to cancel the hacker’s account, and thus everyone suffers.
When you get blocked by AT&T, their removal scheme doesn’t work. You need to join an AT&T forum and rant. Then someone will PM you. Contact that person, and you will be removed from the AT&T blacklist.
Note I have SPF and DKIM. It isn’t like I appear to be a hacker. It is just that I and probably you get tarred with the same brush due to Digital Ocean’s failure to drop this hacker as a customer.
I’m going to do a post elsewhere along the same lines and see if anyone at Digital Ocean responds.
I’ve been to the support page, and was directed to this community. Server Optimization seems to be the appropriate category, and I believe many subscribers at DO would like to know their IP is blacklisted as well.
I suspect a DO representative reads issues posted in this community, but then maybe they just don’t give a damn. Their support ticket link doesn’t work, and crashes the Chromium browser.
It makes no sense to play cat and mouse changing an IP address each time there is a problem.
I’ve had the same IP for years, and making a change for a blacklist is a hassle which will only require more changes.
I’ve referred several friends and associates to DO over the years, and given DO plenty of positive praise, but it seems now the tide may be turning for management.
Must we now begin to think more seriously about moving our business to another provider?
“Well, it’s pretty much pointless posting that in the community.”
Your response seems pretty pointless to me.
Well, it’s pretty much pointless posting that in the community. If you have a problem with their blacklist then you can contact digitalocean through tickets. Although I doubt much will be done, servers get abused the same like any other provider of servers. Whether they care or not is up to them, simply destroy your droplet and create a new one to obtain a new IP address.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
#SpamHaus Hi, all this is to inform you that ( spamhaus.org ) is doing a monopoly in the market. This spam house is blocking the IP and domain for making a profit which is not good for the business. it should work in a good manner. but I really don’t understand why this spam house is doing this. we all have to think about it. if small businesses don’t want to go for the paid email solution for their business that is its choice. spamhaus.org is blocking the IP and domain for no reason. why the small business has to go for the email solution for their business when they can use the own hosting email solution which means. spamhaus.org is doing the wrong thing in the market. why small businesses have to pay the amount if they can send informational emails to their customer from its hosting A/C.we all have to think about it .#Spamhaus monopoly