Gojko

Well-Known Member
Nov 24, 2014
112
7
68
Macedonia
cPanel Access Level
Root Administrator
Hello, my ip just blocked by SPAMHAUSE because my IP (some account) is in botnet network:

Detection Information Summary
Destination IPremoteIP
Destination port80
Source IPMyIP
Source port44034
C&C name/domainwww.website.com
ProtocolTCP
TimeFri Apr 24 08:40:24 2020 UTC

then:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address "remoteIP" or host name "www.website.com" on any port with a network sniffer such as Wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to "remoteIP" or "www.website.com". See Advanced Techniques for more detail on how to use Wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.

so what i can do? how to find what account made this? is there any log that i find that website or IP?
is there anything i can do to prevent this?
 

Usif Nasirov

Active Member
Jun 11, 2016
29
4
53
Baku
cPanel Access Level
Reseller Owner
Good day!
I had similar problem, maybe it helpfull for find for which user/domen your ip was blocked

 
  • Like
Reactions: Gojko