• GoDaddy Community
  • GoCentral | Website Builder
  • GoCentral | Website Builder

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 
    New

    CBL listing from GoDaddy IP Address

    CBL keeps listing my website's IP (GoDaddy's IP) due to spam/virus/troja, etc. coming from other domains hosted in the same IP address...

     

    This is the latest one:

     

    IP Address 45.40.144.200 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

     

    It was last detected at 2016-10-03 14:00 GMT (+/- 30 minutes), approximately 2 hours ago.

     

    The infected host name is "**************", and this link has an example of the malicious redirect: "http://*************************************" Depending on the infection type, there may be dozens more malicious redirection pages under ******************.

     

    5 REPLIES 5
    Moderator
    Moderator

    Re: CBL listing from GoDaddy IP Address

    Hey @munera,

     

    Welcome to the community! Smiley Happy

     

    Sorry for the delay getting back to you on this matter. Generally, if you encounter your site IP address hosted with us being reported on a CBL, you'll want to reach out to our live support so our hosting and security teams can help investigate into this.

     

    I had to hide some of the details in your post for security reasons, but our teams did get a chance to look at this and submitted a request to the CBL to delist the IP. The following is the confirmation they received from the request:

    "Removal of the IP address 45.40.144.200 from the CBL is now pending.

    This means that your removal request has been accepted and your IP address WILL be delisted as soon as possible.

    The CBL lookup page will already show that the IP address has been removed, but it takes a little longer for mail servers to notice the removal.
    It should take no more than an hour or two before all servers that use the CBL notice the removal. Do not contact us to try to speed up removal - it's not possible to speed it up any more than it already is. Please be patient."

     

    If you run into similar issues again, please don't hesitate to get in touch with our support so they can look into this much more quickly for you. 

     

    CG - GoDaddy | Community Moderator
    24/7 support available at x.co/247support

    CBL Listing for Go daddy IP

    50.62.89.138 has been added to the CBL blacklist. Can you please get this removed?

     

    Thanks,

     

    Re: CBL listing from GoDaddy IP Address

    I see you've merged my post with this one. 

     

    I've called technical support and reported this blacklist. They said there is nothing they can do.

     

    So what can be done to address this blacklist? It's already been 5 days. Can you confirm that the security team is working on this?

     

    I understand that this will occur occasionally since our domain is shared with 5700 other ones, but what is the process for getting this cleared up? How long is acceptable to be blacklisted?

    CBL Listing From GoDaddy IP Address

    MY Go daddy IP Address 184.168.221.6 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

    It was last detected at 2017-03-08 06:00 GMT (+/- 30 minutes), approximately 3 hours ago.

     

    I phoned Support but they have said that my emails are working. I think the problem is still not resolved because  but my IP address is still blocked and it says it is infected.

    The infected host name is "www.votemarylouise.org", and this link has an example of the malicious redirect: "http://www.votemarylouise.org/wp-content/uploads/6d6d6169d5.html" Depending on the infection type, there may be dozens more malicious redirection pages under www.votemarylouise.org.

     

    My url is www.mariaperes.com and this is linked to to https://www.sendoutcards.com/mariacperes/ which has no issues. I can type in www.mariaperes.com and get to my the above page. 

     

    If I out in the ip address 184.168.221.6 it says "This website is temporarily unavailable, please try again later". When I tried to look up reverse ip address it shows the ip address as go daddy

    http://whois.domaintools.com/184.168.221.6

     

    How do I go about clearing this???? I am not internet savvy and please need this resolved. I do not spam anyone and only send emails after I have contacted someone and send them mail they are expecting. 

     

    Please help

     

    Maria

    Re: CBL listing from GoDaddy IP Address

    @GC, it appears that you failed to understand understand what @munera posted and this seems to be a general problem with GoDaddy support. In @munera's post, he clearly states that his issue is with the website IP Address however the mail team was involved. It is possible that the mail team took some action and perhaps GoDaddy is running SMTP and POP/IMAP server on the webserver, although I pray that is not the case. This is a web hosting issue, not a mail issue. There are several actions that GoDaddy needs to take when a site is infected or else CBL will not remove the IP Address or it will get blacklisted shortly after being removed. If this happens after a certain number of times, I believe it is three times, CBL will permanently blacklist the IP Address so any further requests to remove the IP Address will be denied. The steps that GoDaddy needs to take to resolve this issue are as follows.

    1. Contact the owner of the site and request that they clean their site within 24 hours. (The amount of time needs to be defined and in the user level agreement.)

    2. If the user cleaned their site, then GoDaddy should verify that the site has been cleared of malware. If the site has not been cleaned then the site needs to be stopped/removed from the server.

    3. Once the site has been validated as cleaned or removed, contact CBL to request that the IP Address is removed from the blacklist.

     

    Of course, GoDaddy should have malware scanners running on all servers and automatically contact owners when malware is found. CBL and other blacklisting services are not a good defense. It is too late when these services detect an issue. The damage has been done. There is also a potential that a piece of malware could infect more than just one server so GoDaddy should take this very seriously. This is no way to run an IT shop. At my 9 to 5 job, we would never operate this way. If we did, we would be terminated or worse see jail time. I cannot understand why these incidents are not taken more seriously. Hopefully the sites being co-hosted are not handling financial, PII, or PHI information so the impact is not as critical as some of the systems at my 9 to 5 job but they still should be taken seriously.