# My IP is blacklisted for being some kind of spambot IP?



## Kaljinyu (Jun 20, 2005)

I keep running into issues when I try accessing websites that use Cloudflare. I'm asked to verify my humanity by entering a CAPTCHA. I've included a screenshot, on most Cloudflare-powered sites I get some variation of this prompt.

Apparently my IP is blacklisted on Project Honey Pot as some kind of spambot or a zombie in a botnet or some such term I don't understand? But I have no idea how that's possible, I only visit, like, one website ever. But I'm blacklisted not just on Project Honey Pot, but a handful of other sites too. Cloudflare blocks people based on the Project Honey Pot blacklist. 

This has happened before, a few months back. I downloaded a bunch of antivirus stuff, did a scan, and found nothing. Requested a whitelisting, and then uninstalled the antivirus stuff. I was sailing smooth for a while, but then this started happening again. I think something must be up. But what?

Here's my Sysinfo. 

---

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Pro, 32 bit
Processor: AMD Sempron(tm) 145 Processor, x64 Family 16 Model 6 Stepping 3
Processor Count: 1
RAM: 3071 Mb
Graphics Card: ATI Radeon HD 4200, 368 Mb
Hard Drives: C: Total - 152175 MB, Free - 48982 MB;
Motherboard: Hewlett-Packard, 3047h
Antivirus: Windows Defender, Disabled


----------



## cwwozniak (Nov 29, 2005)

One possible scenario, if your Internet connection uses a dynamic public IP address (typical for residential service), another customer of your service provider may have triggered the honeypot for the IP address they were using at the time and now you have that address.

Are you the only person using the Internet connection or is the connection being shared by several others? If multiple computers are using the same connection, they use different port numbers, but the same public IP address.


----------



## Cookiegal (Aug 27, 2003)

Are you using a proxy server, VPN or other type of Private Internet Access service as this can trigger the same type of message. See this thread in the Site Help & Feedback forum where it recently happened to a user accessing this site:

https://forums.techguy.org/threads/attention-required-message.1162406/#post-9187520


----------



## TerryNet (Mar 23, 2005)

Following up on Chuck's post, Blacklist Check shows that your IP address is on about a dozen lists. There are some links there that give more information, including how to proceed. You'll probably have to get your ISP to do something.


----------



## Kaljinyu (Jun 20, 2005)

*cwwozniak, *I'm not the only one who uses/has used this modem/router. But I don't know if I have a dynamic public IP address. Is there some way I could find out?

*Cookiegal, *I'm not using any of those, at least not on purpose. Could Windows 10 be giving me one without my knowing? Like maybe I'm constantly connected to some Microsoft server that's remotely attached to my computer, and because of that I'm being picked up as a zombie in a botnet?

*TerryNet, *it's something that only my service provider can fix? Provided I'm not infected? Do they even know how to fix it? What could they do?


----------



## TerryNet (Mar 23, 2005)

Kaljinyu said:


> But I don't know if I have a dynamic public IP address. Is there some way I could find out?


You could search your memory--when you contracted for this service was it for regular residential (almost definitely dynamic address) or business or something special with a static IP? Or you could look at your router WAN section to see if you assigned a static IP.



Kaljinyu said:


> it's something that only my service provider can fix?


I don't know. Have you read the additional information from several of those links? Do you know which blacklist service is the one of concern?



Kaljinyu said:


> Do they even know how to fix it? What could they do?


Probably not the ones who answer the phone or email; you probably have to ask for a supervisor or "tier 2." They can persuade the blacklist service(s) that they have the situation under control now and please remove your IP (probably a block of IPs) from their list.


----------



## Kaljinyu (Jun 20, 2005)

The blacklist service that is of concern is Project Honey Pot. They allow you to request being whitelisted/removed from the blacklist. That's what I did when this first started up. And things were fine for a while. 

But a few months later it started up again. I was put back on Project Honey Pot's blacklist. And I'm looking around at some of these other blacklist services, you can also request whitelisting with them, but here's the thing, if they keep seeing your IP out there causing trouble, they won't let you request whitelisting. They're just gonna say "You're too risky. You're blacklisted forever." If my IP keeps causing trouble, could Project Honey Pot just decide one day, no more whitelistings for me? 

I wonder if there's a better way besides requesting a whitelisting every time this happens.


----------



## dvk01 (Dec 14, 2002)

You have a dynamic IP which is allocated and changed at random intervals by your ISP

sometimes rebooting the modem /router will force the ISP to automatically issue a new IP number, other times, you need to speak to ISP and explain the problem and ask them to change your IP number

There are currently very high ddos attacks against loads of sites protected by cloudflare and cloudflare have introduced new extra protections.
They have started to ask for authentication for all users for the entire IP range from "attacking" IP numbers
Changing your IP number might not be enough, if the new IP number is in the same IP block that Cloudflare have determined as "attacking"


----------



## Cookiegal (Aug 27, 2003)

Kaljinyu said:


> Could Windows 10 be giving me one without my knowing?


No that wouldn't be the case but I'll leave you in the hands of the others who know more about these things. I just thought that "might" be a possibility.


----------



## lunarlander (Sep 22, 2007)

dvk01, could the OP has a botnet client installed ? They are sleeping agents after all by definition and are usually commandeered to attack web sites.


----------

