[Manal]

I logged into my VPS 1 panel today and before I would use it, I tried to check the IP for any old records. Unfortunately, I found that the IP assigned to me has been reported three times for hacking attempts like web app scanning, port scanning and hacking. The details can be found below. I would request administrators to please reassign me the VPS1 with a  new IP.

https://www.abuseipdb.com/check/188.165.45.120

[rudra]

last report is almost one year old. only three reports in total. that should not be a cause for concern I think.
I would be very concerned if it had a history like this..
https://www.abuseipdb.com/check/182.48.194.102

[Mashiro]

I have to ask: why even trust that IP abuse checking site in you case? The first and second report are basically jokes. Port scanning with the comment "w00tw00t" from anonymous. How trustworthy... Useless report. The second one is a joke because an attempt to access a part of a page is hacking or a web application attack? What. Without proof that the accessed web page was accessed and really hacked or somethow attacked this report is absolutely not trustworthy and also useless. The third report... uhm. Where is the proof? Not even a comment that explains what exactly happened.

What I'm trying to say is that everyone can leave a report and say this IP did this or that... So your AbuseIPDB gets abused to abuse IP addresses. What a useless service.

You better check some real blacklist sites and old reports are nothing when there was/is no repeating of the incidents.

[Manal]

I'm not sure but I heard that emails being delievered from flagged IPs from AbuseDB are delivered in "spam" box. Am I right or wrong?

[Mashiro]

If that is the case you should contact AbuseIPDB and ask for a delisting/deletion of all reports. The same applies for reports or entries on other blacklists.

MXToolbox peforms an advanced blacklist check: https://mxtoolbox.com/SuperTool.aspx?act...n=toolpage

Or: https://www.ultratools.com/tools/spamDBLookup and https://hetrixtools.com/blacklist-check/188.165.45.120


To get e-mails into the inbox a clean IP address is not enough. You have to setup your e-mail server correctly with SPF and etc.

[rudra]

Also why is it illegal to scan random ports at random ips. that's how a lot of service backends work. also it is an essential part of Internet service discovery, mapping and research.
I see loads of reports from a guy running honeypot. that's weird.

is it really illegal to access random port ip combination...?

[Mashiro]

@rudra you might want to take a look at https://nmap.org/book/legal-issues.html

It explains how/why port scanning is a little problem and illegal in many countries.

[deanhills]

@Manal These are the places where I usually check blacklisting as I trust them.   Otherwise there's just so many false positives out there.  
https://www.whatismyip.com/blacklist-check/

Doesn't look as though your IP is blacklisted.

I also always check Spamhouse as I trust them.  If they say an IP is blacklisted then it really is - if not, it isn't.

https://www.spamhaus.org/query/ip/188.165.45.120

188.165.45.120 is not listed in the SBL

188.165.45.120 is not listed in the PBL

188.165.45.120 is not listed in the XBL

What is SBL?

The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.

What is PBL?

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

What is XBL?

The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

[Mashiro]

I would also like to add additional but important information regarding all of this. Your IP address might be clean in all of these blacklists and checking services but major e-mail providers such as Google, Microsoft and other big players have their own internal blacklists! There is no public lookup for this lists and removal is not that easy. If it happens that your IP address is clean everywhere else and your mail server is setup correctly but your mails still go to spam there is a chance your server IP or domain is in the internal blacklist of the e-mail provider. I know that somewhere, for example, Microsoft has some kind of webmaster panel and such with a support section or e-mail address that can be connected to lookup the IP address and possibly request a removal of it from their blacklist. That's just an example. Google might have something similar or might not bother to deal with such things at all. Other providers could be baking their own different cake.

[Manal]

Your IP address might be clean in all of these blacklists and checking services but major e-mail providers such as Google, Microsoft and other big players have their own internal blacklists!

This might be the case. Maybe some old customer has did some fishy stuff on the VPS? Alright then, I will try to install CWP and make an email and send it to do a test. I don't know if it is gonna end up in spam or what but I'll do it for test before I migrate my whole project to this VPS.