Are your cPanel, Plesk or DirectAdmin servers email blacklisted? Here’s how you can prevent spam block listing of web hosting servers

Spam block listing or IP address blacklisting happens when spam traps detect outbound spam mails from a web hosting server. Spam mails are primarily sent using:

1. Spam scripts uploaded to a hacked web site which has outdated and vulnerable web applications(WordPress, Joomla, Drupal, etc).
2. Stolen/leaked passwords to email accounts that allow spam mails through email authentication.
3. Un-secured email server that acts as an open email relay.

Email blacklisting issues are very common in shared web hosting. Over time, Bobcares help desk support services has been consistently successful in preventing email black listing issues in web hosting servers. Here’s a brief description of our best practices to avoid email blacklisting.

Blocking spam script uploads to hacked web sites

Spam scripts are the single largest source of outbound spam from web hosting servers. The majority of web sites in a shared hosting servers have outdated versions of web applications. Spammers exploit this vulnerability, and upload spamming scripts. The obvious solution is to get all websites upgraded as soon as a patch is released. However, this is not possible in a shared hosting environment.

One of the ways Bobcares combats this problem is by securing Apache with mod_security, so that no spam scripts can be uploaded into the server. By using a security module, each connection to the web server is monitored, and any connection that resembles a hacking pattern is immediately terminated. It additionally prevents malware upload by integrating into an anti-virus program. This system protects the websites of shared hosting customers, and prevents outbound spamming from the server.

Preventing spam through stolen/leaked passwords

Desktops, laptops and mobile devices of web masters get infected by trojans all the time, and this is a common way for hackers to get hosting account login details. Once they have email account login details or control panel login details, they can either send spam through SMTP authenticated emails or through spam scripts. While spam script upload can be blocked as discussed above, outbound SMTP authenticated spam mails can be blocked through the following ways:

1. Anti spam mail queue scanner
2. Anti spam mail gateway
3. Rate limiting outbound mails

Anti-spam mail gateways and anti-spam mail queue scanners are a great way to weed out spam, but it is quite expensive on resource usage and software licenses. For web hosts looking for ZERO outbound spam, we implement an anti-spam solution. However, for web hosts on a lower budget, Bobcares recommend implementing mail rate limiting. Through email log analysis it is possible to find out how many mails your customers send out on average. Setting this as the default limit, and excluding high volume senders on a case by case basis immediately cuts down on the outbound spam volume.

Hardening server to prevent open mail relay

Open mail relay is the oldest way to send out spam. Modern shared hosting servers become open relays through email server mis-configuration. It usually happens when un-balanced custom updates are made to the email server settings. Bobcares prevents this situation through periodic server audits, and quick reaction to mail volume anomalies as reported by monitoring systems.

If you would like to discuss how your web hosting business can be protected from spam block listing, we would be happy to talk to you.

About the author

Visakh S is a senior software engineer at Bobcares. He has extensive experience in managing technical support teams of web hosting companies and data centers. He is passionate about systems engineering, and loves to get his hands dirty on systems automation.