Amazon.com blacklisted by SpamHaus XBL

February 2, 2010 by 3 Comments

Update: Spamhaus contact us to let us know that they removed amazon from the blacklist and are investigating the issue.

SPAMHAUS has various blacklists and one of them is the XBL:

“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”

Well, this morning I got this notification from Sucuri Internet Monitor:

29c29,30
< OK: Host www.amazon.com clean.

> WARN: http://www.spamhaus.org/query/bl?ip=72.21.207.65
> WARN: Host www.amazon.com blacklisted.

First I thought that something was wrong, but then I double checked:

$ host www.amazon.com
www.amazon.com has address 72.21.207.65

And if I visit I see that it is still blacklisted: http://www.spamhaus.org/query/bl?ip=72.21.207.65
I assume it is a false positive… Anyone know more information?

Filed Under: Uncategorized Tagged With: , ,
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.

  • http://www.blogger.com/profile/10095677644141376672 Phishy

    It's incredibly rare that Spamhaus XBL would have a false positive, so assume there is some problem with 72.21.207.65 bad enough for it to get listed in the CBL (which is part of the XBL).

    72.21.207.65 is just one amazon IP and has no rDNS, while http://www.amazon.com is actually balanced depending on where one looks from…

    http://www.amazon.com IN A 207.171.166.252

  • http://www.blogger.com/profile/14980808976404159238 http://sucuri.net

    Yes, but that's not the minimize the issue:

    $ dig @8.8.8.8 amazon.com

    ; <
    > DiG 9.4.2-P2.1 <
    > @8.8.8.8 amazon.com
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 30904
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;amazon.com. IN A

    ;; ANSWER SECTION:
    amazon.com. 15 IN A 72.21.210.250
    amazon.com. 15 IN A 72.21.207.65
    amazon.com. 15 IN A 207.171.166.252

    They have three IP addresses and one is reporting in the blacklist… Not good..

  • Anonymous

    SpamHaus are idiots and cause nothing but trouble for legitimate server owners because of their draconian principles. They make a massive profit in causing problems for many others, when simple steps taken would fix the problem.