Solved

Resolving Blacklisting Issues

Posted on 2016-09-14
4
24 Views
Last Modified: 2016-10-03
Our company recently encountered a blacklisting of our domain due to a certain computer or computers sending out bad information.  I've since run Malwarebytes on all computers but have no idea which computer would have been the cause of the issue.  My questions are as follows:

1) Is there a utility or method I can use to determine which PC or PCs had caused the blacklisting problem?
2) How do I know if the problem has actually stopped so we can be de-listed for good (in addition to the obvious of informing employees of the normal cautions when on the internet)
3) Will obtaining a premium version of Malwarebytes for all computers stop this from happening again in the future?

Any suggestions?
0
Comment
Question by:rsaba
4 Comments
 
LVL 93

Accepted Solution

by:
John Hurst earned 200 total points (awarded by participants)
ID: 41797938
1. You probably cannot find that.
2. You need to make sure the computers are clean and then check the traffic out of each one. Simple approach: Look at the Windows Network Card status.
3. I use my own AV and then supplement with Malwarebytes as needed. You do not want both running at the same time., so scan with Malwarebytes and then full scans with your own AV.

Then go back your ISP and attempt to get of the Blacklist.
You can also appeal to Spamhaus to help you.
0
 
LVL 16

Assisted Solution

by:Dirk Mare
Dirk Mare earned 175 total points (awarded by participants)
ID: 41798070
Check that your exchange server or email relay is not an open email relay that can be used by anyone on the internet.

I agree with John use a network analyzer between your network equipment and your internet router and monitor activity on port 25
Wireshark is a nice tool or if you have access to your router (depends on the router) you can monitor traffic on your network port and get IP address that sending data to port 25

Use mxtoolbox.com to test health of your exchange server and check for blacklists you can also use trend micro rbl
https://ers.trendmicro.com/reputations

DirkMare
0
 
LVL 7

Assisted Solution

by:harryhelp
harryhelp earned 125 total points (awarded by participants)
ID: 41798143
Have you had Cryptolocker or anything similar recently? I've seen cases in the past where a security firm had identified that a computer behind our IP had Crypto and therefore blacklisted us...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question