Hello,

I had a client who was a hacker/spammer

Of course we have stopped his account but one IP of our box has been null routed by our datacenter (it's ok now), our server is listed in spamcop and the very very bad think is that the main french internet provider has blacklisted our box (this client did huge spam and hack to this provider :\)

We are in touch with this provider to give to him all the info he needs but it take time to remove the blacklist. So it means that all internet users connecting from this Internet providers can't connect to our website or our clients website

Apparently it seems to come from the DNS. Because we can connect to the IP adress.

Do you think that if I change the FQDN of this box it will bypass the blacklist ?
Is there a solution ?

Thanks for your comments

Pascal

Hi Pascal.

I'm sure the Iworx staff can give you a better explanation but I've run into this before and here's what I've found.

There are a number of blacklisting methodologies such as the dnsbl.org listing service or localized blocking of the site in a host's DNS. If the server(s) are listed in one of the blacklisting databases and the other hosts are pulling from them, you have to arrange to clear the record in the database and wait for propagation to occur. If however, the server has been manually blacklisted on the individual hosts ,you're at the ISP's mercy.

In etiher case, blocking at that level is almost always done by IP address or IP address ranges. I have seen some cases where both hostname and IPs are filtered as well.

You might check the dnsbl.org site to see if your IP(s) are listed. If they are, you can submit a request to have your site(s) removed from the list.

Hope this info helps.

Phil Malmstrom
philm@diamondcomputer.com

Do you think that if I change the FQDN of this box it will bypass the blacklist ?
Is there a solution ?


Phil laid it out well Pascal and I 2nd his comment about it being on the IP level usually. It's very rare for a provider to just filter a DNS'd name as it really doesn't serve the purpose of the block since traffic can still flow given the IP.

Chris

I have been blacklisted before, well not me, but my IP range was blocked, only thing I could do then since I wasn’t the owner of the IP's was move to a new Data center, not a big deal, avoid http://vaultnetworks.com/ (http://vaultnetworks.com/), most of there IP's are blocked by AOL, MSN, and many other major ISP's.

But your lucky since you are in control of the problem that got you blocked, must of the big filtering services will work with you, now AOL, and other providers that not only use external but internal filtering solutions, I would say your going to have a hard time getting unblocked. As for the French ISP, if you can get a hold of one of there system admins by phone and follow up via email that will be best. At least that’s what I have found that works. But really your only true way to get around it without all the work is to move your server elsewhere, but this might not, work, plus its best to clear your name anyway.