69.175.121.66 is being blocked for serving malware by my employer's IS team

[danward.ma16]

have there been any recent issues with the server at 69.175.121.66?

my new site , www.northshoretaxi.x10.bz, is apparently hosted on this server. The only thing I could get from the admin is that the site was blocked due to malware being served from it.

I am awaiting a further response from them and hope to get an email address you can respond to if the issue has been resolved or perhaps they can give you more detailed information about what they have detected as being malicious.

 

[descalzo]

'They' are probably getting their information from Norton or Google or someone like that.
Your server has possibly 10K accounts on it.
One may have been detected as being infected (many malware 'attacks' come from compromised sites, not from intentional actions) and so the 'Goodguys' decide to blacklist the entire server or domain.

If they have a domain that they are concerned about, it would be nice if you could forward it on to the Admins here. But it is often the case that the site is already suspended.

 

[danward.ma16]

they use an Ironport router to filter http traffic. ironport creates the majority of entries in the blacklist. the security admin is trying to give me a song and dance about the entire IP address of that server being blocked , but when i go to http://69.175.121.66 it loads the page with x10hosting usual - this website hasn't been configured etc etc page, which means the security guy either doesn't know what he's talking about or is trying to feed me a load of you know what. I aksed if there was anything X10 could do to alleviate the problem and he said no stating :

"The traffic is constantly monitored and the web reputation score will improve as no malicious activity is detected. There is no one to contact."

so ironport has some kind of scoring system or something

I'm starting to suspect someone up the ladder has a taxi business and they dont like my website

 

[Jarryd]

Hello,

Unfortunately as he says there isn't much we can do, nor them. Whether they're just blocking your site or they're blocking the whole IP it's totally out of our hands. You'd have to submit a request with your sysop and as they don't want to just remove it you'll just have to wait for it to either expire like they said or try again.

Alternatively, you could always upgrade to a paid hosting plan which allows your own dedicated IP address.

 

[danward.ma16]

The second option addresses most of my concerns. I'm still having a hard time figuring out why they would pick up a one page site as being malicious, i vote conspiracy!

Anyhow I didnt realize getting premium hosting would include a unique IP. the current site is my mockup so the person I am creating it for has a good idea of how I set it up etc
... once I get the green light I'm going to have it changed to premium anyhow, so it's a moot point.

thanks for pointing that out, I'm not even going to worry about it in that case.

 

[Anna]

premium does not by default come with an dedicated IP, only the buy and pay for three years option have an dedicated IP included. Otherwise you can buy an dedicated IP for an additional $1/mo with your premium account.

However, the premium servers do have a different IP then the free does, and are less likely to be blocked, as there's far less abuse going on there.

It is possible that the block is placed on the domain, x10.bz, and not the IP. If that is the case it might help changing your main domain to use one of the other options available (unless they are blocked as well), can be done through account panel.

 

[danward.ma16]

thanks for the additional info.
I already tested that theory ( see post #3) and it's not the ip itself, contrary to what the IS person intially told me. oddly an alternative addo domain is alos being blocked.

i think someone in IS has ties with a competing cab company and it's a conspiracy .

either way , I am just waiting for the thumbs up to get this setup on premium, with a dedicated IP, so hopefully that will fix the issue on my end.

 

[Jarryd]

Hello,

You're welcome, is there anything else we can help you with?