New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DartNode - Suddenly IP Address Blacklisted Notice ?
I bought a VPS from DartDay event and got it activated 3 days ago, I just re-installed OS and installed Tailscale, done some SSH protection then leave it there
Today I received an email notice that my IP is blacklisted
Your IP address x.x..x.x has been detected on the following DNS blacklists:
zen.spamhaus.org
SMTP (outbound email on port 25) has been automatically disabled for this IP until the blacklist entries are resolved.
To resolve this, please visit each blacklist provider's website to request delisting, then contact our support team to re-enable SMTP access.
Since I never used port 25 (I even dont know they open it or not), I'm confused why I got this email.
I've already submitted a ticket to them and while waiting for their reply, I just want to know anyone else got this email, too?
Comments
If you lookup the IP address on Spamhaus, then it's probably just the whole /24 subnet. My guess is the same listing from April that the rest of us have gotten emails about as well.
Probably someone before you or the entire /24 got flagged.
What's weird about is that over in the Dartnode thread someone contacted support over what was highly likely the same type of (automated?) message and got this:
He sadly didn't post his original message but from context it seems save to assume that it's the same thing. Now the message would very much suggest it concerns the specific IP though and not like support makes it out to be some kind of platform wide thing. Confusing...
Going by https://nerd.cesnet.cz/nerd/ips/?subnet=166.0.193.0/24&hostname=&asn=&source_op=or&cat_op=or&bl_op=or&tag_op=or&tc_category_op=or&tc_subcategory_key=&tc_subcategory_value=&tc_confidence=0.5&sortby=rep&limit=20 Dartnode's IP reputation seems to be improving a little (was worse like 1-2 days ago) but the IPs listed on Spamhaus CSS are still just that and (at least for the 166.0.193.0/24 subnet) it doesn't seem to affect the whole block etiher - just a bunch of weirdly consecutive looking IPs.
Yes, it correctly stated my IP address instead of a subnet, that made me confused, too
Sadly Spamhaus has no way (that i'd know of at least) to look at incident logs, so it's not really possible to tell what happened when. At this point i feel like it either has to be some kind of automation running amok or there's some serious holes when it comes isolating VMs though.
I am getting those emails daily, opened a ticket. First, was told I should contact spamhaus. Had to send the the link where it says spamhaus will only accept communication from providers. They escalated it somewhere and said just wait, no need to ask them again. Emails are still incoming daily
My guess is just an automated system and the whole subnet is flagged. Bad part is when the system runs its check. It sees the "new" ip as active again and flags it as bad.
That is my reply from support and I had contacted them because of the exact same email as op
Same to me. They selling blacklisted vps.
Well, i don't know what's being checked there but at least it isn't (only) Spamhaus if that's the case:
https://www.spamhaus.org/ip-reputation?ip=166.0.193.80
https://www.spamhaus.org/ip-reputation?ip=166.0.193.85
They just list specific IPs while the range itself seems OK.
Confirmed. I'm blacklisted too. If you go black, you're never delisted back, with Dartnode.