Update: Spamhaus contact us to let us know that they removed amazon from the blacklist and are investigating the issue.
SPAMHAUS has various blacklists and one of them is the XBL:
“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”
Well, this morning I got this notification from Sucuri Internet Monitor:
< OK: Host www.amazon.com clean.
> WARN: http://www.spamhaus.org/query/bl?ip=18.104.22.168
> WARN: Host www.amazon.com blacklisted.
First I thought that something was wrong, but then I double checked:
$ host www.amazon.com
www.amazon.com has address 22.214.171.124
And if I visit I see that it is still blacklisted: http://www.spamhaus.org/query/bl?ip=126.96.36.199
I assume it is a false positive… Anyone know more information?
It's incredibly rare that Spamhaus XBL would have a false positive, so assume there is some problem with 188.8.131.52 bad enough for it to get listed in the CBL (which is part of the XBL).
184.108.40.206 is just one amazon IP and has no rDNS, while http://www.amazon.com is actually balanced depending on where one looks from…
http://www.amazon.com IN A 220.127.116.11
Yes, but that's not the minimize the issue:
$ dig @18.104.22.168 amazon.com
> DiG 9.4.2-P2.1 <
> @22.214.171.124 amazon.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30904
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;amazon.com. IN A
;; ANSWER SECTION:
amazon.com. 15 IN A 126.96.36.199
amazon.com. 15 IN A 188.8.131.52
amazon.com. 15 IN A 184.108.40.206
They have three IP addresses and one is reporting in the blacklist… Not good..
SpamHaus are idiots and cause nothing but trouble for legitimate server owners because of their draconian principles. They make a massive profit in causing problems for many others, when simple steps taken would fix the problem.
Comments are closed.