Domain: ahbl.org
Stories and comments across the archive that link to ahbl.org.
Comments · 21
-
Re:Someone is full of himself
been hiding under a rock much?
http://en.wikipedia.org/wiki/The_Abusive_Hosts_Blocking_List, considering his own name is HARDLY spattered over the internet as a karma whore / full of himself - I would be much more likely to to believe him than some trolling A/C that has what, committed translations from English UK to English US? Of course that is on the assumption that the poster is who he says he is but if you did actually google rather than being arrogant and full of yourself - then you would find that the guy has indeed been rather involved in anti spam lawsuits etc.
http://www.declude.com/Articles.asp?ID=262
OR
"My name is Andrew D Kirch, I'm one of the founders of the AHBL, and served in that capacity until 2008. I've been harassed, extorted, sued, and defamed by a Mr. Richard Morton Scoville, a resident of San Antonio, Texas for a period of 7 years. During that time I have suffered nearly irreparable damage to my character, and public reputation. I've been questioned by police, and my customers, and I have incurred over $10,000 in legal costs defending myself in court against this person."So, AC - is your code contributions worth $10k to you?
OR
http://www.ahbl.org/legal/scoville/courtdocsLet me just make another assumption here, You are American and don't know who "Tim" Berners-Lee is either? I actually couldn't care less if you do or don't know who he is - but my point being is you wouldn't do the extra effort to look it up.
not posted anon, because I've not been a pussy since 1994.
-
Re:Students tend to be one step ahead...IT departments acting like KU's contain at least one control freak (who probably was the force behind selling the policy described in the article to the administration). You know, the "I know what's running over MY network" types that don't like being denied the ability to snoop and would ban encryption if they could.
There is a DNS blacklist which lists all TOR nodes, entry and exit. The nodes are also published here. This means TOR can be blocked for all but those who can hop their traffic over an outside connection no matter whether it's running on a non-standard port.Students at another university could set up alternate entry points, but I don't expect this to happen for two reasons. First, the students at the other university's resnet aren't likely to be able to accept incoming connections, as those networks are typically heavily firewalled. Second, even if they could accept traffic, they aren't likely to want to answer to the "network police" on their campus about their use of TOR. The universities who would not tolerate this kind of network fascism (e.g. MIT) don't have the resources to offer proxying service to other whole universities and even if they did would find those entry points blocked as well.
Because the TOR nodes are all published, it is easy to block TOR even when it running over port 443. Even if the nodes weren't published, the idea that a network administrator would have to block all encrypted traffic including https to block it is not true--an outbound filter can verify an SSL handshake is actually taking place and block the connection otherwise.
Regrettably, the ability to block TOR for all but the technically savvy with off-campus resources (e.g. proxy through a home broadband connection) is well in their hands. With the ability to punish anyone whom they find working around the blocks (even if just by making them aware they're being closely watched), I don't expect KU to see a sudden spike in TOR usage. It would be nice, though, if the students resisted.
-
Re:Not noticing the increase
Blacklists, my friend. Here's my current list:
rsync-mirrors.uceprotect.net : Level 2 - Fast local blocking
combined.njabl.org - For dynamic IPs and other
dnsbl.sorbs.net - For open relays
relays.ordb.org - For open relays
list.dsbl.orgM - Various types of Unsecured servers
dnsbl.tqmcube.com - dynamic IPs, spam trap
bl.spamcop.net - Spam trap
sbl-xbl.spamhaus.org - Known spammers, exploited servers
l2.spews.dnsbl.sorbs.net - Spam friendly ISPs
dnsbl.ahbl.org - Realtime composite
About four of those are composites, and contain blocks for dynamic IPs. Each link goes to the usage page for the blacklist, and if you want, you can just block dynamic IPs by using the correct subdomain. -
PHP form which generates it
http://www.ahbl.org/funny/response1.php
You can also find it on craphound.com as a txt file, but the php form is very useful. :) -
Spammers are suing RBL maintainers
It seems that more and more spammers are using frivolous lawsuits against RBL maintainers. The AHBL The ABHL is one such recent victim of a lawsuit, in fact after two years of threats by the alledged spammer. In this case the litigant is acting pro se and is seeking outrageous damages (over 3 million). I have personally banned his ass at the ISP I work for --several times in fact when he moved his operations after being TOS'd.
More information at the Abusive Hosts Blocking Lists' legal defense page. -
OT: Bypassing the /. submission nazis
I know I'll be modded off topic for this, but I submitted this story twice and the submission bitches at slashdot didn't think it was interesting enough to include, so screw 'em.
As posted on the Usenet newsgroup news.admin.net-abuse.email, after over two years of legal threats from an alleged spammer, "FreeSpeech Store", Richard Scoville of San Antonio, TX has filed a lawsuit in the Texas court system against the Abusive Hosts Blocking List, a community involved RBL. The suit seeks in total 3.525 million dollars in damage, and a TRO is in effect. While frivilous lawsuits against RBL maintainers are not a new concept, they seem to be more prevalent lately, especially considering the legal costs required to defend lawsuits from out of state. Amazingly, FSS has asserted that any donars who pledge funds to defray legal expenses will be considered "co-conspirators" in his lawsuit. -
OT: Bypassing the /. submission nazis
I know I'll be modded off topic for this, but I submitted this story twice and the submission bitches at slashdot didn't think it was interesting enough to include, so screw 'em.
As posted on the Usenet newsgroup news.admin.net-abuse.email, after over two years of legal threats from an alleged spammer, "FreeSpeech Store", Richard Scoville of San Antonio, TX has filed a lawsuit in the Texas court system against the Abusive Hosts Blocking List, a community involved RBL. The suit seeks in total 3.525 million dollars in damage, and a TRO is in effect. While frivilous lawsuits against RBL maintainers are not a new concept, they seem to be more prevalent lately, especially considering the legal costs required to defend lawsuits from out of state. Amazingly, FSS has asserted that any donars who pledge funds to defray legal expenses will be considered "co-conspirators" in his lawsuit. -
You have got to be kidding me
You have got to be kidding me. _This_ is news? Come on, this guy can't even get his facts right. First major glaring error I see:
As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming.
How about you do some research Paul? The SBL does not block based on domains, only IP addresses. DNSbl lists are always IP based, RHSbl lists are domain based.
I always found the SBL to be a very reliable DNSbl to use, and have never lost a legit e-mail to it before.
But hey, what do I know? I'm just one of those evil anti-business DNSbl admins (AHBL anyone?). -
Re:Good luck calling around
Telewest is probably no worse than any other.
for a medium size ISP 16,000 machines spewing crap is a huge issue.
my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe
I run the AHBL and I am a firm believer in this. You are responsible for your car on the highway, you are responsible for the actions of your children if you have them, and you should be responsible for the damage your computer does to the public network. Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago. -
I like the Abusive Hosts Blocking List article...
http://www.ahbl.org/notices/isearch.php
It's a second-level link from here. I'm putting the link in this post because some people may not see it and it's definitely worth reading like all good horror stories are. -
My take on this
Well, we at the AHBL have dealt with this bastard of a program before, and here is our results of our interactions with it:
http://www.ahbl.org/notices/isearch.php -
Re:AHBL policies
Not that I need to justify/explain myself to you
You've justified yourself to others, why not me?
but I'll point out that just because a company has private investors doesn't mean that it isn't govt. owned/controlled.
Frankly, I could care less if they are govt or privately owned. Doesn't absolve them from their responsibilities to control the abuse that comes from their network.
All I am trying to do is make sure I have accurate information, because what I have been told is that they are govt owned/operated.
Well perhaps the person who told you told you wrong? Why are you putting inaccurate information above that supplied to investors by the company's website? Now why don't you now go and read the investor information to find out that they are indeed a private company. On the About Telefónica page you will find "Telefónica is a 100% public company, with almost 1.7 million direct shareholders."
If you cannot get basic information like this right then you have shown that you do not understand what you are dealing with. You have to understand what you are dealing with before you pull the plug on it to understand the social impact it will have.
You are dealing with the ex-state monopoly that still has the majority of the Spanish market. There are other, smaller, Internet providers, however most of those (with the exception of Auna and ONO for the customer market) simply resell Telefónica's supply.
It is not simply a case of customers changing ISPs because it people are locked into contracts with a minimum commitment of one year. There is a high probability that end users would need to buy themselves out of their contracts, rip-out Telefónica's (or their reseller's) old feeds, and get new ones installed. As for dial-up, again it's resold except for a few notable exceptions like Wanadoo.
Let me put it in a context that you may be able to understand. It is like Bell's position in the US before it was broken up. It's a huge country-wide corporation with a practical monopoly on telephone and Internet services.
You have a responsibility to make every effort to avoid this situation where you simply blacklist the vast majority of a country through it's ex-monopoly provider's IP space. You have to get it into your head that your actions can have social repercussions that go beyond the mere '419 bad, must block'.
Allow me to quote another line from the press release:
However, should it become known that TDE is ignoring complaints, or playing games with the spam fighting community, their netspace will be relisted and not removed for a minimum of 6 months.
If you block it for six months then you are utterly irresponsible.
-
Remember how the Internet actually works...
Some have said that 'blanket measures' (such as listing entire countries as spam and abuse sources) taken by the AHBL are wrong, and that only the "bad" ISPs (those harboring spammers) should be targeted for such listing.
I would point out that the "bad" ISP, in this case, IS being targeted. The fact that it is Spain's national ISP is secondary to the fact that Telefonica.es (and its broadband/dialup counterpart, rima-tde.net) is a huge and (apparently) unceasing source of spam, port probes, and other network abuse.
Speaking as a mail server owner/operator, I rank Spain as only a few steps below China, Korea, and other Pacific Rim ISPs as spammer havens and nests of virus-compromised 'spammer zombies.' I've lost count of how many times I've seen spam attempts from IP ranges controlled by Telefonica, Rima, and their clones hit our filters. The abuse flowing from them is responsible for at least 10-15% of the accumulated weekly entries in our reject logs.
I would also like to point out a few other things. First off: NONE of the DNSBLs, such as AHBL, SPEWS, or Steve Linford's Spamhaus actively block ANYone.
What DNSBLs do is publish AN OPINION, in the form of their listings of IP addresses or address ranges, as to which parts of the Internet are supportive of spammers and network abuse. It is up to EACH INDIVIDUAL SYSADMIN, or anyone else who connects to the Internet, to choose whether to believe that opinion by configuring (or not) their equipment to check incoming mail-transfer requests against said DNSBL.
Let me say it again: DNSBLs, BY THEMSELVES, DO NOT BLOCK E-MAIL OR ANY OTHER TRAFFIC! SYSADMINS DO.
Yes, SysAdmins. Those like myself, who are fed up with the unending abuse of our private property by spammers, abuse that is supported by unethical or uncaring ISPs who, apparently, don't give an aerial intercourse through a toroidal pastry what their users do as long as said user's check doesn't bounce.
I'm currenly using the DNSBLs compiled and mainted by Spamhaus, and several from Blackholes.us to help protect our tiny little corner of the 'net from spammers. No one compelled, ordered, cajoled, coerced, bullied, or hassled me into using any of them. I chose to do so because of the positive things said about them by other SysAdmins, and because my own experiments revealed an 80%+ drop in our spam load received once I implemented their use by our servers.
Am I blocking entire countries? Yes, several. China, Korea, Taiwan, Hong Kong, south America (the 200/8 subnet, to be exact), pretty much every IP range controlled by LACNIC, most of France, and the .ru top-level domain (just to name a few) have all made it into my local 'Deny' lists, all because I never seem to get anything but spam and other abuse from all of them.
My servers, my bandwidth, my rules. And it's just exactly that simple for anyone else who connects to the 'net, no matter if they're an AOL user, trying to protect their single E-mail box, or the CTO of a worldwide conglomerate with 100,000+ E-mail boxes to worry about.
Telefonica got themselves into this mess by ignoring spam complaints. They have no one but themselves to blame if other admins choose to drop packets from them, no matter if they're doing it with their own local list or with the AHBL's help.
If the AHBL thinks listing the entirety of Telefonica will get their attention, and perhaps give them some badly-needed motivation to clean up their act, great!
One other thing. Slashdot posed the question at the beginning of this article "...or has something gone terribly wrong?"
Yes, it has. Spammers are still being allowed to abuse a resource that anyone, from a three-year old kid to a century-old adult, should be able to enjoy WITHOUT THE THREAT of losing their inbox to spam.
That sure seems "terribly wrong" to me. -
Re:AHBL policies
From the Press release...
(Note from BB - I've been getting mails from users indicating that TDE is now privately owned, I will be attempting to confirm this ASAP)
Well we're dealing with some real worldly types here, aren't we? It's not exactly difficult to find out, you switch their home page to English if you can't read Spanish and you get all the investor information you need. See the options there at the top-right?
I'm sure all the Spanish businesses trading internationally that you've just knocked off the Internet will thank you for your tactful approach to the problem. As will people trying to stay in touch with friends and relatives in Spain, especially so soon after the terrorist bombing in Madrid. Taking a leaf out of the Rumsfield book of diplomacy or something are we?
The first thing you get if you go to your About Us page followed by the link under "People Who Dislike the SOSDG And The AHBL" is "Power Without Accountability". Do you think they might actually have a point? Or do you labour under the delusion that if people (not spammers, but legitimate businesses and private individuals) don't like you're doing then you must be doing it right?
Of course you will argue that you only provide the list, it is up to others how to use it. Unfortunately your lists are implemented by scripts and there were very few scripting languages that came with a conscience last time I looked. However at least it means you've neatly absolved yourself of any responsibility so you can block an entire country of 40 million people without bothering about the repercussions in your US-centric blacklist (which basically amounts to regarding anything from outside North America as suspicious).
Feel free to answer my points all you want.
-
Re:Shoot on sight...
And what is wrong with treating legal and other threats seriously? Spammers and scammers think that making threats will get them what they want, and you do not want to encourage them by giving into their threats. A popular threat is the threat of a lawsuit, but never have the intent of falling through on their threats.
Take this one for example of what they have to deal with. They were going to delist the person who complained, but due to his threats and impatience he got listed. If he had coperated and waited he would have been off. -
Re:come on!
There must be accountability on the web. Period.
Tell that to these people. Incase you didn't know, that company that was raided the otherday was not only a spamhaus but a safe haven for zombies and other internet scum. Blockquoth the AHBL:Breaking News! Ding Dong, Foonet's Gone!
Perhaps the blackest of the black hat networks is finally gone, raided by the FBI.Foonet [CITHosting] was home of spammers, packet kiddies, script kiddies, carders, and other illegal activities, as documented in the links below.
SPEWS's rapsheet on Foonet
Usenet postings in regards to Foonet
GBLX yanks Foonet's pipe
Foonet hosting carders (credit card thieves) and here
More on foonet's hosting of spammers, and possible traceroute forging
Foonet's Page
theWHIR article
-
FooNet/CIT/Xerox/Paul
First let me preface that I havn't had any association/communication with Paul in years, but back in the mid-90's I Knew Paul, the owner of FooNet (Now CIT) in relation to a Small ISP I used to be a corporate officer of/part own/work for (we were the coloc host of the fledgling FooNet.net's first server 'foonix' if I recall correctly). Things could have changed since then but I very much doubt so.
Back in the day, Paul was very much into the warez/irc scene and seeing the UseNet Articles that are around about FooNet, it seems to be pretty much the same as it used to be, only quite a bit larger. I don't know that I'd actually place CIT in the 'innocent' category, as even back then he knowingly hosted practically anything and anyone that would pay him.
Evidence seems point to quite similar behavior of FooNet/CIT as I had experienced in the 90's, so, I'd say good riddence to one more large spam/DDoS host. -
Re:Seizing an entire data center
Let me fill you in on Foonet.
Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.
Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.
They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.
I knew about this right after it happened.
Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.
A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').
I have a list of stuff about foonet on the AHBL page here. -
You know...
It's not like I agree with this, if indeed things happened as the article state... but a quick google on FooNet (AKA / DBA CIT ) turns up some VERY interesting results.
I google'd quickly on a hunch, and sure enough I got some rather interesting hits.
I claim to know nothing about SPEWS and how they go about adding to the blacklists, but they apparently are no stranger to it.
Furthermore, it seems that this IS NOT the first run-in with the FBI that FooNet/CIT has had: from here, if you scroll down a bit, you'll see the following text: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host # We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. And this was from Feb. 14
...Another incident was reported out here on 07/12/03 (search the page for "foonet")
... seems that 84898 spams swamped a box, and follow-up by FooNet sucked - e.g. they turned a blind eye.There are far too many hits to return
... if you're interested in more, you can always head here. For now, I'll close with this: I do not agree with the methods used, if they were as described ... however, FooNet/CIT is no stranger to the FBI, and perhaps this is all rolled in to the Feb. 14th notice ... maybe the FBI actually gave them 10 days to comply... I'd really like to see how this ends. -
They had good reasons to shut them down, indeed :
I can't get access to the article, but I guess that the story is about the shutdown of FooNet. FooNet isn't a "real" hosting solution ; it's a cheap shell provider for script kiddies who want to have their own ircd. They might also provide "serious" hosting services ; but as soon as one provides shell services for such a targetted audience, she knows that she will have to handle some specific problems - DDOS, flood, etc.
And according to what I know about the FooNet shutdown (if that's the same story), there was thousands of DDOS "drones" located at the datacenter, and the staff of the datacenter failed to shut them down. That sounds very dubious to me, but you might want to check this for another side of the story
...Quoting :
"Perhaps the blackest of the black hat networks is finally gone, raided by the FBI. Foonet was home of spammers, packet kiddies, script kiddies, carders, and other illegal activities, as documented in the links below."
PS: if the shutdown mentionned isn't the FooNet one, ignore this post
:-) -
Gah
Gah, this story is not what it appears to be from first glance. This is a story about an ISP (a known Spam Supporting ISP at that) blocking access to a website through its network.
Most times, a blacklist is used only for e-mail blocking and not website blocking. Alot of DNSbl maintainers specifically tell you that their list should NOT be used to block anything but e-mail.
Its just stupid and pointless to filter out websites - unless you want to support censorship.
Now, onto Verio blocking a spamming website. What a crock! Maybe they should start cleaning up their own act and throwing the spammers off of their network FIRST before trying to be a netkop.
Now for a shameless plug - the AHBL is online for those of you who use DNSbl on their mail servers.