Recently I had a problem with one of my special project websites getting attacked, notably the “send to a friend” tool. argh… Likely attempted spammers. I wish spammers a long and slow death.
We noticed some pages getting a lot of traffic that shouldn’t be getting a lot of traffic, which raised an immediate red flag. On top of that, there was no referrer, i.e., whomever or whatever was hitting those pages was doing so directly, without going through our website or another. second red flag! We looked at the IP addresses, and they were fairly random throughout the world, and on Windows98 machines. Thanks Microsoft! (can you guys remotely disable all these machines for the good of the rest of the world? Pretty please?!) Any, it had all the signs of machines taken over as part of a botnet attack.
We’ve increased the number of security layers on such pages, an over due task, and are ready to go again. It wouldn’t be prudent of me to say what we did, but trust me, we did. 
After Steffen, my technical partner in these ventures, patched up the weak spots, I had to go about assessing the damage. Lucky, there was none that we could see (so far), in terms of using our website to spam others (or spam our site). Here’s a couple quick things you can do to check to see if your website was used for nefarious emailing activities, and got you blacklisted. If your mail server has been blacklisted, some email you send may not be delivered.
You will want to get the IP address of your server, which you can get by pinging your domain, or if that’s greek to you, just try looking it up on one of hundreds of websites that will do so. For the lazy folks out there, just use this site.
A) mxtoolbox has a few good tools, and their blacklist checker is good in the sense that it checks a lot of sources, cutting down on your legwork. per the site: “The following test will check a mail server IP address against 147 DNS based email blacklists. Commonly called Realtime blacklist, DNSBL or RBL. ”
http://www.mxtoolbox.com/blacklists.aspx
B) SpamCop is a fairly reputable site. per the site: “The SpamCop Blocking List (SCBL) lists IP addresses which have transmitted reported email to SpamCop users. SpamCop, service providers and individual users then use the SCBL to block and filter unwanted email. The SCBL is a fast and automatic list of sites sending reported mail, fueled by a number of sources, including automated reports and SpamCop user submissions. The SCBL is time-based, resulting in quick and automatic delisting of these sites when reports stop.”
http://www.spamcop.net/bl.shtml
There’s a lot of sites out there, and I’m not writing this in specific support of any. If you know of a good site, let me know, and I’ll add it to the list!
2 responses so far ↓
1 Adrian // Nov 20, 2008 at 1:54 pm
This one is very good for blacklisted IP check
http://www.myiptest.com/staticpages/index.php/check-Blacklisted-IP-DNSBL
They also have a tool to check URL Blacklisted status http://www.myiptest.com/staticpages/index.php/check-blacklisted-domain-URIBL
2 Dave // Nov 21, 2008 at 2:26 am
Thanks Adrian, for adding to the list!
Leave a Comment