My Linode’s IP is on a blocklist. What happened?

Linode Staff

My Linode’s IP is on a blocklist. What happened?

1 Reply

The most common causes for an IP address ending up on a blacklist are the following:

  1. Potentially malicious activity like port scanning or brute force attacks
  2. Reports of spam coming from your server's IP address

As a first step, you may want to make sure your server is not doing something you're not aware of like brute forcing other servers, scanning other servers or sending out a ton of spam.

You can start investigating this by auditing the following log files and writable directories:

  • /var/log/auth.log : Check this log file for signs of unauthorized access and brute-force attempts. Use the ‘last’ command to cross reference recent account logins with this file.
  • /tmp : This directory is often used by malicious parties to store files
  • Web server logs: There may be a vulnerable script or web application. The location of these log files depends on your web server (apache, nginx, etc.) configuration.
  • ps aux : Use this command to audit running processes for foreign processes

You might also want to run a tcpdump and look for any unusual traffic. Make sure you exclude your SSH session when you run a tcpdump, otherwise you're going to get a lot of useless output. Here's an example of a tcpdump that excludes your SSH session:
tcpdump -ni eth0 not host $YourIpAddress

You might also want to scan your server for malware with ClamAV.

If you determine your mailing campaign is putting your IP address on a blacklist, we have another great post you may want to check out.

Another possibility is this IP address ended up on a blacklist before it was assigned to you. If that's the case, you'll want to go through the steps to remove your IP address from the blacklist. If you have an issue getting delisted with the RBL administrators or the RBL requires that an ISP contact them for removal, you can open a Support Ticket for further assistance.

As a last resort, Linode Support may consider issuing you a new IP address but please understand this action is the exception and not the rule—every effort to delist the IP must be taken first.

Here's a great tool to check if you're currenty on a blacklist.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct