We recently had a couple of people come to us looking for a hack cleanup done for their websites due to the website or its domain name being blacklisted. The term blacklisted is sometimes used by website security companies to refer to situation where a website has been flagged by some entity as being hacked, calling that blacklisting looks to us like one of the many ways they try to turn up the fear factor around the security of websites. The more common usage and where it is more accurately used is with email spam blacklists. In both cases what was being referred to by the people contacting us was the latter and in both cases cleaning up a hack wouldn’t have taken care of the blacklisting.
When anyone contacts us about a hacked website we first want to access the situation to among other things, make sure the website is truly hacked, as we are often contacted about situations where the website isn’t actually hacked. In the case of these two websites, only the first appears to have been hacked, but when inquiring about who was blacklisting we found out that even with that one what was of more concern than fixing the website (it was broken in addition to being hacked) was that emails sent from the domain associated with the website were not reaching the recipients.
In both cases when we went to look into the details of the blacklisting what we found was that neither their websites nor their domain names were being blacklisted. Instead what was being blacklisted was the IP address associated with the websites/domain names. That sounds like a minor difference, but it was very important in these situations because when went to look at the details of why the IP addresses were blacklisted we found that this was due to other websites sharing the same IP address, which would likely be on the same server as well. So nothing done with the websites we were being contacted about would have resolved that, instead action related to the other websites would need to be taken and that would be best handled by contacting the web hosts for the websites.
There was another important possible implication of the blacklisting being caused by other websites when it came to the first website, as it seems possible that there was some security issue at the server level or the web host level that caused the website to be hacked. We say that because you had three websites that seems to be sharing the same server that had been hacked in the same time frame and both others had been hacked to be used in way that caused the IP address to be blacklisted. At least in our experience, hacked websites causing email spam blacking listing isn’t a common issue so to have two websites on the same server cause that in the same time frame would lead us to believe there might be a connection between the hack of the two.
With the first website the web host quickly took action with the other websites and got the blacklisting removed, but as far as we are aware there wasn’t anything done about the possibility of breach of the web host’s systems. With the second we can see the blacklisting was quickly resolved, but we don’t what caused that, as we didn’t hear back from the person who contacted after informing them about what was actually at issue and what would need to be done to resolve it.