blacklisted by SpamHaus XBL

Update: Spamhaus contact us to let us know that they removed amazon from the blacklist and are investigating the issue.

SPAMHAUS has various blacklists and one of them is the XBL:

“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”

Well, this morning I got this notification from Sucuri Internet Monitor:

< OK: Host clean.

> WARN: Host blacklisted.

First I thought that something was wrong, but then I double checked:

$ host has address

And if I visit I see that it is still blacklisted:
I assume it is a false positive… Anyone know more information?

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • Phishy

    It's incredibly rare that Spamhaus XBL would have a false positive, so assume there is some problem with bad enough for it to get listed in the CBL (which is part of the XBL). is just one amazon IP and has no rDNS, while is actually balanced depending on where one looks from… IN A


    Yes, but that's not the minimize the issue:

    $ dig @

    ; <
    > DiG 9.4.2-P2.1 <
    > @
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 30904
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

    ; IN A

    ;; ANSWER SECTION: 15 IN A 15 IN A 15 IN A

    They have three IP addresses and one is reporting in the blacklist… Not good..

  • Anonymous

    SpamHaus are idiots and cause nothing but trouble for legitimate server owners because of their draconian principles. They make a massive profit in causing problems for many others, when simple steps taken would fix the problem.

Share This