Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CBL Listing and social.png

Discussion in 'Security' started by abdelhost77, Jan 22, 2015.

  1. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    101
    Likes Received:
    2
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I have installed Maldet to clean from cryptophp infection ( social.png ) , but even if maldet does the job a few hours later , the IP is listed in CBL spamhaus and i cannot send mails , and i have to wait 48H to trigger delisting and been able to send mails again ; any idea how to resolve this please ?
     
    #1 abdelhost77, Jan 22, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jan 22, 2015
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    You need to find and remove the account that is infected with cryptophp. These infections come from stolen ("nulled") plugins that are packaged with malware.

    Don't try to clean it. Nuke the site and start over. Until you do you will continue to be re-listed on the CBL. Generally, changing your sending IP is a band-aid fix, and one that can hurt your IP reputation more than help it. In this case you might get away with it, but you still need to solve the real problem here.
     
    #3 quizknows, Jan 22, 2015
  4. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    101
    Likes Received:
    2
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator

    Yes you are right , im terminating the account which having the social.png and not only deleting the file or extension , but you cannot forbid users from installing WP plugins , and if so , plugin may be infected and CBL seems to be so quick for listing , more quick than maldet do to detect and clean the infection :) ,assuming that im scanning the whole /home/*/public_html once a day , and when listed you are 48h blocked from sending mails , so any other solution than changing IP for exim ?
     
    #4 abdelhost77, Jan 23, 2015
    Last edited: Jan 23, 2015
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    You can't forbid installing plugins, but you can make it against your ToS to install stolen plugins. According to all the research I saw, the cryptoPHP infections came from nulled (stolen) plugins.

    Generally CBL de-listing is instant, unless you've previously requested delisting without fixing the problem.

    If you need to change your mailing IP it can be done, but be sure to take everything into consideration; SPF records, reverse DNS, etc.
     
    #5 quizknows, Jan 23, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Listing social
  1. JJ Johnson

    SOLVED SpamAssassin or other means of whitelisting by TO address?

    JJ Johnson, Jun 28, 2018, in forum: E-mail Discussion
    Replies:
    4
    Views:
    80
    JJ Johnson
    Jul 2, 2018
  2. Markif

    How does blacklisting countries in cphulk work ?

    Markif, Jun 23, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    104
    cPanelMichael
    Jun 25, 2018
  3. parstfp

    Close Open Directory Listing?

    parstfp, Jun 21, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    53
    cPanelMichael
    Jun 22, 2018
  4. willke

    SOLVED Configserver "deny list" listing IPs blacklisted by cPHulk Country blocks?

    willke, May 22, 2018, in forum: Security
    Replies:
    2
    Views:
    93
    willke
    May 22, 2018
  5. tomdchi

    Whitelisting Countries in cPHulk?

    tomdchi, May 10, 2018, in forum: Security
    Replies:
    7
    Views:
    150
    linux4me2
    May 11, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice