IP Reputation Clean up -- ?

Big Dan

EQ Forum Moderator
Hi Guys,

A few weeks ago I moved a client's WordPress install over to my server. It was badly infected. I thought I got rid of all the hacked scripts but I didn't. It sent out ~10k emails before I caught the bad scripts and trashed them.

Now mail sent from my server ends up in people's spam folder. Just last night a friend informed me that my email went directly to Gmail's spam folder even though I'm on his contact list.

According to MX Toolbox I'm not on any black lists https://mxtoolbox.com/SuperTool.aspx?action=blacklist:107.182.166.86 so why does my email go to spam (well I know why) but how do I fix it?
 

EQ Admin

EQ Forum Admin
Staff member
The overall reputation if your IP address matters more than a simple blacklist check:

https://senderscore.org/lookup.php?lookup=107.182.166.86

17 is terrible. You need to get that back over 80. It looks like you had a great score in the 90's until around 3 weeks ago.

From the graph it appears you're still suffering from bursts of spam from your IP address.

Who is responsible for keeping that wordpress up to date? If it's the client, I recommend you have them get their own web hosting so your sites don't suffer when their site isn't kept up to date.
 

Big Dan

EQ Forum Moderator
The overall reputation if your IP address matters more than a simple blacklist check:

Lookup for 107.182.166.86 - SenderScore.org

17 is terrible. You need to get that back over 80. It looks like you had a great score in the 90's until around 3 weeks ago.

From the graph it appears you're still suffering from bursts of spam from your IP address.

Who is responsible for keeping that wordpress up to date? If it's the client, I recommend you have them get their own web hosting so your sites don't suffer when their site isn't kept up to date.
Hi Ray,

Thanks for the reply. I apologize for not responding sooner. I wound up just dumping the server and getting a new one with new IPs. Namely because of this issue and I had a tech work to install ffmpeg, they had files strewn all over the place and it never worked. I wanted a fresh start.

Anyhow, I'm responsible for maintaining the WP install. If I don't manage it, I won't host it. You cannot depend on clients to be vigilant about updates. In the past year I've updated a couple of WP installs that were still running 2.x!

Once I caught the email issue I went through every folder in the account and found several php scripts with base64 encoding in the uploads folder. I neglected to check the wp-content/uploads folder when I did the original clean up. I rarely check /uploads as it's usually just pictures but this infection was particularly nasty. It placed PHP scripts named similar to WPs scripts all over the account (hard to detect) in addition to randomly named scripts which were easier to pin out. I wound up dumping all PHP files and manually uploading clean WP, plugin, and theme files. I had no problems after the more aggressive cleanup.

Finally, I moved this particular guy to a reseller account I have at a pretty awesome host. They have very strict email and abuse polices. I'm sure if there were still spam going out they would've been on my case by now.
 

EQ Admin

EQ Forum Admin
Staff member
Namely because of this issue and I had a tech work to install ffmpeg

Contact me offline when they come up and I'll start walking you through Linux SA types of tasks. Any interest in being connected with a WP install/security type and trying to pick up more work?
 

Big Dan

EQ Forum Moderator
Contact me offline when they come up and I'll start walking you through Linux SA types of tasks. Any interest in being connected with a WP install/security type and trying to pick up more work?
Thanks Ray. I appreciate the offer. I'm sure I'll be dropping you a line in the near future. My biggest issue is fear of the unknown. I really don't know a whole lot about Yum and have read quite a few horror stories of dependency hell with Red Hat. I'm also not as confident installing packages on a server. Someone's always trying to exploit public servers and if I miss a config setting somewhere who knows what back doors I'm inviting hackers through. Maybe it's time I setup a Fedora VM to play with locally just to get confident with Yum.

At the same time, I'm very familiar with aptitude from using Ubuntu and am reasonably proficient in with it but would still be a little hesitant mucking with it server side due to hackers.

Definitely on the WP security deal. I'll shoot you a message with how I've been operating.
 
Top