Introduction
This page is to give information about getting proxy servers and open relay servers re-tested.

If you are listed in the spam, zombies, DUHL, or hacked server databases this page is not for you!

Unless you are accessing one of the Open Relay or Proxy Details pages you will not get a retest key.

How to get Re-Tested!
Warning:Whilst the Distributed Denial of Service attacks continue on SORBS it is impossible to retest your machines.

Re-testing is currently ENABLED.


  1. Use the host that is blocked to perform all of the steps below. The importance of this cannot be stressed enough. Doing this from any other IP address will not work.
  2. ISP staff, and net block owners, please see the sections below if you cannot use the listed host.
  3. To be clear, only the IP address that is listed can request a retest key.
  4. You need to get the re-testing key from the Support page.
    1. Enter your details and then look up your IP address.
    2. Click the 'More..' button this will give you the 'Information' page.
    3. Click the 'Get Key' Button.
      Important Note: If you are not using the host that is listed you will not see the 'Get Key' button.
    4. Click the 'retest' link, this will give you a key string.

  5. Send a mail to retest@stealth.sorbs.net with the Subject: line set to the key you have just received (no quotes necessary).
  6. When you receive the confirmation key, send a second message by following the instructions in the message.
  7. Wait patiently for the retest to complete, and recheck your entry periodically.

Notes:

The keywords "key="; and "confirm=" at the beginning of the keys are part of the keys, and need to be included in the Subject of the retest request e-mail.

Immediately after the confirmation is received, the IP address will be re-tested. If the test finds that the open proxies or relays (as applicable) are gone, the proxy listing for that IP address is marked as "inactive and not flagged to be published". The system will then periodically test the host to ensure it is not just temporarily unavailable.

If the retest indicates that there still are open proxies or relays remaining, the IP address will automatically be flagged active and to be published in DNS.

If the host does NOT fail the tests, the 'last seen time' will NOT be updated. This value indicates the last time the entry was tested and confirmed open.

My host has been fixed and I have been re-tested clean, why am I still in the DB...?
SORBS sets a 'block' flag in the database rather than removing the entry. This ensures that recurring hosts are tracked. They will become more and more difficult to remove from the database the more often they are tested and found to be open.

Database entries are purged after 'n' years of no activity, where 'n' is the number of re-activations after re tests showed the host to be clean.

My address entry shows 'inactive and not flagged' but I still see an entry in DNS, why...?
Because of load issues with DNS based block lists, SORBS sets the Time to Live on each positive entry to two days. This means that the DNS server you queried will hold the entry for 2 days, even when it has already been removed from the SORBS database.

Yes, it will cause you pain that neither you nor SORBS can control. However, maybe that will be pain enough to ensure that you don't end up back in the database.

Why is it a pain in the butt to use...?
Simple, it is to stop spammers un-listing open hosts so they can use them for spamming. It is also to ensure that the owner of the blocked IP address doesn't just block the tester to get unlisted, then reopen the server later. It also ensures the owner of the IP address will only request removal after the open relay or proxy server has been closed.

I cannot access the web page from the listed host, what do I do...?
This situation usually occurs when you are a representative of the Internet service provider that owns the network.

For such cases, we do provide a way to get re-testing keys by email. First of all, the IP address has to have a reverse DNS name. If there is no reverse DNS name for the IP address, this procedure will not work.

The key request email can only be sent from certain email addresses. The valid email addresses are determined by the domain indicated in the reverse DNS name of the IP address. The primary valid email address for this purpose is the DNS SOA (Start of Authority) address for that domain. The secondary valid email addresses are whatever you registered with abuse.net for this domain. If you did not register anything yet, it is "postmaster@that domain".

Please see abuse.net for more information about registering contact addresses.

If all of this is in order, you may mail keysreq@sorbs.net from one of the authorized email addresses, and the system will then send a set of keys back for each IP address that you requested keys for.

The format of the mail should be:
To: keysreq@sorbs.net
From: <your email address>
Subject: Key request.

keys for ip: address 1
keys for ip: address 2
...
keys for ip: address n
If the mail is in any other format, or the sending email address is not one of the authorized ones, you will not get a reply. Please wait at least 60 minutes before assuming something is wrong, though.

 
   
Copyright © 2002-2014 by SORBS | Terms & Conditions | Privacy Policy