Why was my IP listed in the Exploits Blocklist (XBL)?

Back

Why was my IP listed in the Exploits Blocklist (XBL)?

The IP was listed because we have compelling evidence that suggests that the machine using the IP or one or more devices behind it are insecure, compromised, or infected.

If it’s a spambot: to stop the abuse immediately, close port 25 on the router or firewall, and restrict port 25 access to known email servers.

• NOTE: Closing port 25 will only prevent the abusive connections from leaving your network. If the problem is (for example) an infected mobile phone, when it moves to another insecure network, it will resume its activity without restriction.

To find and eliminate the source of the problem, please see the our FAQs:

• General help for hacked networks or systems
• WiFi and Home/Small Office Networks
• Closing port 25

Is the IP a NAT gateway, firewall or router?

• The infected devices are usually computers or other devices (such as mobile phones) behind the router, but in some cases it can also be the router itself.
  • Please consult the documentation or manufacturer of your router or firewall to see how to ensure that the device is properly secured, and make sure its software is up to date.

General considerations:

• Microsoft Windows operating systems: any or all of the following free tools may help: Windows Defender, Malwarebytes, Norton Power Eraser, CCleaner, or McAfee Stinger.
  • Make sure that Windows is running the most up-to-date and patched version of the available operating system.
• All operating systems: Check tool-bars, extensions and plug-ins on each browser for anything you don’t recognize. Look for for “free” VPNs or other heavily-monetized apps.
• Calling your ISP, IT department, or taking your suspect machine(s) to a competent tech support service might also be useful.

Back