Imagine yourself for a minute as a postman delivering mail to apartments in your area.
Out of a thousand apartments, five are occupied by aggressive drug addicts who regularly attack postmen; After getting there a couple of times, you start to bypass these apartments.
You share this information with your fellow postmen, as well as with other services whose tasks include visiting apartments.
For example, if the specialists in charge of checking the meters go to apartments without your blacklist, they will surely remember the meeting with drug addicts for a long time.
And if they use your blacklist, they will bypass all the "dangerous" apartments. The situation is similar with IP addresses: there are companies that track IP addresses that carry out DDoS attacks, fraudulent activities that send spam, and add these addresses to their black lists. And then other companies, mainly postal services, Internet providers, payment systems, banks, online stores, buy a check of the IP addresses of their visitors against these databases.
For example, a buyer of an online store entered credit card information when paying for an item, the store checks if the user is on black lists. If the IP address is blacklisted, it is highly likely to be denied or sent for additional verification.
This is done because of the fraudsters who pay with stolen bank cards, whose victims are shops. I want to note that in the case of checking and evaluating the user with modern anti-fraud systems, everything is somewhat more complicated than a simple check of an IP address in black lists, and the presence of an IP address in the black list is just one of the indicators that form the final user assessment. Therefore, getting an IP address on the blacklist is definitely bad, but "not critical".
A particular inconvenience for users of "dirty" IP addresses can be the constant introduction of captcha, for example, when using Google and Yandex search, passing checks from outside and anti-DDoS systems like CloudFlare.
VPN users are particularly affected by this. The IP addresses of public VPN services are regularly blacklisted due to the cybercriminals resorting to VPN services. If the IP address of the VPN server is blacklisted, then all users connected to this VPN server will have problems. I'll tell you a rather interesting case that happened to my acquaintance an expert in the field of IT security back in the middle of the two thousandth.
He once consulted a user with an unusual request: the client claimed that his computer was hacked, and asked to find evidence of this. But the computer provided by the client did not show any signs of hacking, and my friend asked why the user had such confidence in hacking. It turned out that one of the local payment systems blocked his wallet with money, accusing him no less of carrying out attacks on the wallets of other users of the system.
A lot of money was blocked from him, but it was still in flower, as representatives of the payment system planned to report the incident to the police to initiate a criminal case against the user. My friend spent a long time understanding the situation, communicating with the security service of the payment system and with the user, and in the end he got to the bottom of the truth. His client used a public proxy service, where he sat on the same server with an attacker who hacked into accounts of the payment system.
This is why their IP addresses were the same. You, of course, will not be able to check in any way whether someone has previously committed any crimes from the IP address you received, but everyone can check the presence of an IP address in the black lists. Tip If you ever decide to use a public VPN or proxy service, check the IP address for blacklists before using it. This also applies to personal VPN or proxy, as hosting can provide you with a server with a "dirty" IP address. In this case, you need to contact your hosting provider and ask for a replacement.
Remember that blacklists are not static and are constantly being updated. If someone else is using your IP address, your IP address can be blacklisted at any time. Today it can still be white and clean, and tomorrow it can be on all popular black lists. Another feature of blacklists that I would like to draw your attention to is the relevance of the data. The IP address from which the illegal activity occurs is almost instantly listed. And if the illegal actions have stopped, then the IP address is excluded from the black list after a while, usually after 15-45 days. How to check if an IP address is on blacklists? There are many companies making such lists, but the largest and most reputable is Spamhaus.
Therefore, we will analyze it separately, but we will tell you how to check your IP address in all other lists at the end of the article.
The full name Spamhaus - The Spamhaus Project, is a non-profit organization founded in 1998 by Steve Linford based in London and Geneva. The organization is engaged in tracking spam and identifying its sources.
The Spamhaus Project has become famous for its list of IP addresses that are seen sending spam and other malicious activity. This database is used by many Internet and email providers to limit spam and other malicious activity.
Spamhaus has several blacklists of IP addresses, but we are interested in two of them: The Spamhaus Block List (SBL) - this list contains IP addresses seen in spam mailing.
The Exploits Block List (XBL) - this list includes IP addresses that are seen spreading malware, attacks on computer networks, as well as infected computers and servers. This list also includes public proxy servers that can be used for attacks. These two lists are combined into one base known as ZEN. Spamhaus lists are free only for inpiduals and non-profit organizations, but companies will have to pay a decent commission to use the database.
Users can check for an IP address on Spamhaus lists absolutely free of charge using this link. Beforehand, you can find out your IP address here. Aside from Spamhaus, there are many other IP blacklists, however, they have not received the same prevalence and impact. You can check the IP address against other lists on the MXtoolbox website. If your IP address ends up on any list other than Spamhaus, there is no cause for concern - it is unlikely to have a serious impact on your work.
What to do if your IP address is blacklisted Let's go back to our addicts, with whom we started this chapter; one of the families of drug addicts left their home and you moved in. Soon you notice that you are not receiving correspondence, and you go to the post office to find out what happened. There it turns out that your apartment is on the black list, and you ask to be deleted. The postman says: "Good" and crosses it out, the apartment disappears from the blacklist - and you get mail again.
Blacklists work in a similar way, and the IP address can always be removed from it by contacting the list moderator. However, this is not always easy when it comes to, for example, the IP address of a VPN or proxy, so we recommend simply changing the IP address. If we are talking about the IP address provided by the Internet provider, then sometimes to change it, it is enough to turn off the Wi-Fi router for a while or pull out the cable. If this does not help, contact your ISP to change the IP address.