SIte Blacklisted

  • Resolved eon123

    (@eon123)


    7 years, 8 months ago

    My site was recently blacklisted and my A2 hosting service provided the following CBL message “This IP address was detected and listed 245 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Thu Aug 2 15:05:00 2018 UTC +/- 5 minutes”. and “this was detected by a TCP connection from “68.66.216.38” on port “54250” going to IP address “192.42.116.41” (the sinkhole) on port “80”. ” They have removed the CBL block but are still monitoring the issue.

    I believe I had the correct Wordfence blocking parameters set (shows Firewall option for Brute Force Prootection set to 100%) however can you please advise which parameter/s I should concentrate on reading again to ensure I fully understand I am setting?

    I am of the belief I should create a blocking rule for the 192.42.116.41 IP. What do you think?

    Thanks, Len

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfalaa

    (@wfalaa)

    7 years, 7 months ago

    Hi Len,

    Blocking the IP itself from accessing your site won’t be necessary, because it’s the outgoing requests from your server to that IP address that needs to be addressed, however, blocking such outgoing requests will need specific software to be installed on the server side and even if you block them it will be like a symptomatic treatment, because you still have the root cause on your server for such connections, which is the vulnerability that allows initiating such malicious requests. I recommend going through these steps to clean your site, although you might need to hire an expert security analyst to clean the infection if it’s server side related.

    Thanks.

    Thread Starter eon123

    (@eon123)

    7 years, 7 months ago

    Thank you for the feedback. I will checkout the steps you suggest. Kind Regards, Len

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘SIte Blacklisted’ is closed to new replies.