IP Delisting
How to check if your IP is listed, request removal, and prevent future listings.
Why IPs Get Listed
IP addresses are added to the ReportedIP database when they are reported for malicious activity by community members, WordPress security plugins, or honeypot servers. Common reasons include:
- Brute-force login attempts against WordPress sites
- Comment spam or form spam
- XMLRPC attacks
- Port scanning or vulnerability probing
- DDoS participation
A listing does not necessarily mean the IP owner is malicious. Shared hosting, compromised servers, VPN exit nodes, and open proxies can all result in legitimate users having a listed IP.
Automatic Removal
ReportedIP uses a time dampening system with exponential decay. Reports automatically lose weight over time:
| Report Age | Remaining Weight |
|---|---|
| Fresh (0 days) | 100% |
| 30 days | 50% |
| 60 days | 25% |
| 90 days | 12.5% |
If no new reports are filed against an IP, its Confidence Score will gradually decrease until it falls below the blocking threshold. Most IPs are effectively delisted within 60–90 days of the last report.
How to Request Delisting
If you believe your IP has been listed in error, or you have resolved the security issue that caused the listing, you can request manual delisting.
1. Check Your IP
First, check your IP's current status on the ReportedIP homepage. This will show you the Confidence Score, number of reports, and the attack categories associated with your IP.
2. Send a Delisting Request
Email [email protected] with the following information:
To: [email protected]
Subject: IP Delisting Request — [Your IP Address]
IP Address: [e.g., 203.0.113.42]
Organization: [Your company or hosting provider]
Reason: [Why you believe this is a false positive, or what steps you have taken to resolve the issue]
Contact: [Your email address for follow-up]
False Positive Reports
If you find your IP listed on a specific IP detail page, you can also use the Report False Positive button directly on that page. This creates a review ticket that our team will investigate.
Common causes of false positives:
- Shared hosting: Another site on the same server was compromised
- VPN / Proxy: A previous user of the IP was malicious
- Dynamic IP: Your ISP reassigned a previously abused IP to you
- Security testing: Legitimate penetration testing was mistakenly reported
Review Process
After submitting a delisting request, here is what to expect:
Acknowledgement (within 24 hours)
You will receive a confirmation that your request has been received.
Review (within 48 hours)
Our team reviews the reports against your IP, checks the source data, and verifies your claim.
Outcome
You will be notified of the result. Possible outcomes:
- Delisted: All reports removed, Confidence Score reset to 0
- Partially cleared: False positive reports removed, valid reports remain
- Denied: Reports confirmed as legitimate (with explanation)
Prevention
To avoid future listings, consider the following best practices:
- Secure your server: Keep software up to date, use strong passwords, and disable unused services
- Enable rate limiting: Use tools like fail2ban or Cloudflare to limit brute-force attempts from your IP range
- Monitor for compromise: Regularly check your server for unauthorized access, malware, or misconfigured services
- Check regularly: Use the ReportedIP API or website to monitor your IP's reputation proactively