Internet privacy and security course
About translation
Previous Next

Chapter 97

What blacklists are for and the consequences of having your IP address on a blacklist

Suppose you were a mailman that delivers mail to the apartments in your area. Of thousands of apartments, five have some aggressive drug addicts that regularly attack mailmen. After getting attacks a few times, you decide to steer clear of these dwellers.

But you don’t stop at that, you warn other mailmen about the aggressive drug addicts as well as alert the services that monitor apartment buildings to the aggressive acts. For instance, if workers responsible for checking water meters visit all apartments without your blacklist, they will probably get assaulted by the drug addicts too. But if they use your blacklist, they will successfully avoid the encounter with “dangerous” flats.

There is an analogous situation with regard to IP addresses: companies that trace the IP addresses used for performing DDoS attacks, fraud, sending spam add these malevolent addresses to their blacklists. Then other companies, mainly mail services, ISPs, payment systems, banks and online stores buy the screening of their customers through these databases.

For instance, a customer of an online store has entered his credit card details when making a payment. The store manager checks if the customer is blacklisted. If the IP address is blacklisted, there is a high chance he will be rejected or face an additional check. In this wary stores try to prevent fraudsters from paying with stolen credit cards.

However, if a customer is assessed with modern anti-fraud systems, a simple screening of his IP address using blacklists and confirmation of the presence of this IP address on a blacklist is just one of the indicators that form the ultimate assessment of a user. Therefore if your IP address ends up blacklisted, this can’t be great, but it’s not that bad.

Users of tainted IP addresses may get especially annoyed by having to constantly enter captcha codes, for instance, when using Google and Yandex search, verifying themselves in external checks and before anti-DDoS systems like CloudFare.

The IP addresses of public VPN services are regularly blacklisted because cybercriminals resort to VPN services. If the IP address of a VPN service becomes blacklisted, all users connected to this VPN server will have problems.

Let me share a curious story that happened over a decade ago to an acquaintance of mine who works as an IT security expert. He once consulted a user who requested his help in finding proof that his computer had been hacked. However, the computer the user provided didn’t have any signs of hacking, and my acquaintance asked the customer to explain why he was so sure that there had been a hacker attack. 

It turned out that a local payment system blocked his e-wallet with money, accusing him of performing attacks on other users of the system. He had plenty of money remaining, but he was getting himself into real trouble because the representatives of the payment system were bent on filing a police report to bring criminal charges over the incident.

After long hours of communicating with the security service of the payment system and the user, he was finally able to solve the mystery. His customer used a proxy service available for public use whose server was also used by a perpetrator who hacked the accounts of the payment system. Hence their addresses coincided.

There is no way you can check if someone has used the IP address you received for committing a crime, but everyone can check if his IP address is blacklisted.

Tip

If you ever want to use a public VPN service or proxy, check if your IP address is blacklisted.

You should check your personal VPN or proxy since a hosting service can provide you with a tainted IP address. In this case you need to ask your hosting provider to make a replacement.

Remember that blacklists are not static and they are constantly updated. If someone else uses your IP address, your IP address can end up on a blacklist at any time. Today it may be clean and pure and tomorrow end up put on all popular blacklists.

Be aware that blacklists reflect current data. If an IP address used for illegal activity is detected, it will be put on a blacklist immediately. And if illegal activity coming from it ceases, it becomes removed from the blacklist after some time, usually in 15-45 days.

How do you check if your IP address is blacklisted?

There are plenty of companies that compile such lists, but Spamhaus is the largest and most respectable one. Therefore we are going to dwell on this organization and show you how to check your IP address using the rest of blacklists at the end of the chapter.

The Spamhaus Project is an international nonprofit organization based in London and Geneva and founded by Steve Linford to track spam-related activity and its sources.

The Spamhaus Project became known by composing a list of the IP addresses used for distributing spam and other malicious activity. This database is used by plenty of ISPs and email providers to reduce the amount of spam and malicious activity. Spamhaus distributes several IP address-based blacklists, but you would actually be interested in two of them:

  • The Spamhaus Block List (SBL) targets all IP addresses used to send spam. 
  • The Exploits Block List (XBL) targets the IP addresses used for sending viruses, attacking computer networks, infecting computers and servers. It also lists open proxies used for attacks. 

These two lists combined form a single database known as ZEN. Spamhaus lists are offered as a free public service only to users and noncommercial organizations, companies have to pay a substantial fee for the services.

Users can check if their IP address is on a Spamhaus list absolutely free by using this link. To learn your IP address, go here.

Spamhaus is not the only spam fighter, there are many other organizations that compile IP address-based backlists, however they haven’t gained that much influence. You can check your IP address through other lists by using the website MXtoolbox. If you find your IP address on one of these lists except Spamhaus, you have no reason to worry as this is unlikely to cause you any disruptions in your work.

MXtoolbox IP checking 

What to do if your IP address is blacklisted

Suppose, the drugs addicts we began our chapter with left their apartment, and you move into their former place. Soon you begin to notice that you don’t get your mail so you go to the post office to find out what’s going on. There you are told that your apartment is on a blacklist, and you ask them to remove you from it. The mailman agrees and removes you from the blacklist. Now that your apartment is not blacklisted, you start receiving your mail again.

Blacklists work in a similar way, and IP address can always be removed from a blacklist at the request to the moderator of the list. However, it’s not always that easy when it comes to a VPN or proxy IP address so we recommend you just change your IP address.

If you deal with an IP address provided by ISP, sometimes to change it, you just need to turn off your Wi-Fi router or pull out the cable. If it doesn’t help, contact your ISP asking them to change your IP address.

Previous
14469
Next