Is your IP at DigitalOcean one of the thousands that have been blacklisted?

August 31, 2017 5.1k views
Server Optimization

Seems like a whole block of IP addresses at Digital Ocean have been blacklisted at Spamhaus:

https://www.spamhaus.org/sbl/query/SBL368922

A cut and paste of the Removal Procedure is below:

To have record SBL368922 (192.81.208.0/20) removed from the SBL, the Abuse/Security representative of digitalocean.com needs to contact the SBL Team by email to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated).

If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.

Botnet hosting going on for weeks, ignoring abuse reports and multiple reminders sent by Spamhaus and 3rd parties:

SBL #: SBL359176
Date: 2017-08-02
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: SBL Notify: IP: 192.81.212.79 added to Spamhaus Block List (SBL)

SBL #: SBL359176
Date: 2017-08-13
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]

SBL #: SBL359176
Date: 2017-08-17
To: abuse@digitalocean.com,abuse@serverstack.com
Subject: FINAL REMINDER: Heodo botnet controller at 192.81.212.79 [SBL359176]

6 Answers

Well, it's pretty much pointless posting that in the community. If you have a problem with their blacklist then you can contact digitalocean through tickets. Although I doubt much will be done, servers get abused the same like any other provider of servers. Whether they care or not is up to them, simply destroy your droplet and create a new one to obtain a new IP address.

I've been to the support page, and was directed to this community. Server Optimization seems to be the appropriate category, and I believe many subscribers at DO would like to know their IP is blacklisted as well.

I suspect a DO representative reads issues posted in this community, but then maybe they just don't give a damn. Their support ticket link doesn't work, and crashes the Chromium browser.

It makes no sense to play cat and mouse changing an IP address each time there is a problem.

I've had the same IP for years, and making a change for a blacklist is a hassle which will only require more changes.

I've referred several friends and associates to DO over the years, and given DO plenty of positive praise, but it seems now the tide may be turning for management.

Must we now begin to think more seriously about moving our business to another provider?

"Well, it's pretty much pointless posting that in the community."

Your response seems pretty pointless to me.

It seems that Digital Ocean has turned into bulletproof hosting. I report hackers using Digital Ocean VPNs. I have one hacker in particular that Digital Ocean has done absolutely nothing about. They take my reports, but the hacker comes back with a different IP address on Digital Ocean.

Probably the reason Spamhaus is blocking whole blocks of IP space is this hacker likes to dictionary search email. Digital Ocean's failured to cancel the hacker's account, and thus everyone suffers.

When you get blocked by AT&T, their removal scheme doesn't work. You need to join an AT&T forum and rant. Then someone will PM you. Contact that person, and you will be removed from the AT&T blacklist.

Note I have SPF and DKIM. It isn't like I appear to be a hacker. It is just that I and probably you get tarred with the same brush due to Digital Ocean's failure to drop this hacker as a customer.

I'm going to do a post elsewhere along the same lines and see if anyone at Digital Ocean responds.

Yes the IP I got was blacklisted on one list - although it has to be said some of these blacklists sites look like they have been abandoned at some point in the 90s and are on automatic pilot.

IP's are abused and reclaimed, and yes ipv4's have run out, although I'd like to think DO still run a blacklist checks before adding ip's to their pool - i'm sure they must.

Not sure why you would be blacklisted just for having a droplet ip in the same pool as a spammer unless it had previous history. Any spammer would be using fake identities anyway, and I don't think the background checks to fire up a droplet are in any way rigorous so I can't see how DO can stop people abusing their server space and ip pool.

As long as they react fast when they have credible information of deliberate spamming/hacking that's the main thing. If you're saying they don't well that's something else.

Anyway, the tool I use is good old: https://mxtoolbox.com/blacklists.aspx

3rd party? Lol, do you know how many percentages of email you sent will bounce with those three sites?

You either need to get that thing resolved which is very annoying but you will realize that your information also will be sold to 3rd parties during resolve period. Even mxtoolbox sell your email addresses to their country. Be ready to get spam emails right next day from Indian web designers.
mxtoolbox isn't free.

In any circumstance, you should never receive these dirty ass IPs and deal with those spam sites.
Once your IPs in there. Either your information is sold to get it fixed as it costs you.

Yeah, you deserve to have these dirty IPs from Digital Ocean that's one of the lowest part of them. Like they care?

pulling out hair and running around on the 14th floor screaming

Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

Can Digital Ocean finally do something about this???

What about creating a droplet as a IPv6? Would this make a difference?

Spamhaus is blocklisting all the ips from Digital Ocean! At least the ones that I am getting.

Have another answer? Share your knowledge.