Curious which networks in South Africa are hosting botnets and malware? Spamhaus keeps an updated list of these malicious networks as part of their non-profit mission to track spam sources around the world. By offering the list of blocked IP addresses associated with spamming, the SBL list can alert you if you’re being targeted by a spammer. Network abuse like this can be aggravating for South African services, since their IP addresses might be cut from the internet, too.
Spamhaus reports that many South African service providers know about SBL and many refer to it regularly. It’s a good idea to have a separate abuse email (i.e. abuse@). Operators should also publish known spammy addresses to the local Internet registry WHOIS database. In South Africa, it’s AFRINIC. Most listings on Spamhaus are there because servers are infected or hacked. Usually, users don’t even know that sites or emails are compromised.
To the Rescue
It’s the job of a service provider to put an end to the problem source, which sometimes means shutting down websites or servers, and even changing email passwords. Only after swift action is taken is the client notified. The next step is cleaning up content. For web hosts specializing in co-located and virtual private server industries, it’s tough because service providers aren’t in control of server content. Spam is very difficult to stop.
If you redirect through servers, it can cause even more issues. Outgoing mail can break down. To prevent this, a case by case stance must be taken. Redirecting is wrongly assuming that the majority of customers spam, and that’s just not true. Another approach is to use a commercial tool to scan cPanel server email.
A Constant One-Upping
Spam will always be an issue, but it usually crops up due to old passwords and software. For clients with dedicated servers, once they’re notified they can take action. Some spam battlers choose to quarantine any infected hosts then tell the customer. This is often when Trojans and hackers are at play. Spammers will offer DNS services for spam or relay emails.
There are some companies, like Vodacom, who are quick to admit that there has been a rise in attacks from their network. However, this particular company is also chronically putting in new best practices and systems to fight back. When you’re one of the big players, you’re going to get targeted. Sharing and blocking malware IPs with others in the industry is how Vodacom contributes and helps stop spam attacks.
A misconfiguration might be all it takes to lead to a compromise. Working together is critical, and website owners need to perform due diligence to ensure they have quality partners. Who your host is can make a huge difference, and choosing VPS over a shared basic plan is a great starting point. You should also update firewalls and security software, upgrade when necessary, and institute an SOP for everyone in the office to keep the environment safe and secure.