Domain: uribl.com
Stories and comments across the archive that link to uribl.com.
Comments · 10
-
Re:This reminds me of WW 1
On the contrary, It might be I know a thing or three about DNS that you haven't' figured out.
There are several examples already in existence of using slightly modified DNS servers for a totally different purpose.
After all, DNS is nothing but a lookup engine and a very fast one at that.
One of the spamassassin plugins of a few years back was called URIBL which used a basic dns engine to look up links sent via email to help determine if the email was spam. It basically did a DNS hit on any URI using custom DNS servers which returned a specific ip indicating the probability that the uri spam. Similar technology is used by Cloudmark on a customized hash of suspected spam content.
The point is the DNS lookup engine is a very quick way to get an IP (or anything else) given a specific input.
Since it need not be done in-line it would not slow down traffic or mess with any DNS servers.
The router simply notices a lot of one way traffic to a specific IP from one or more IPs behind it, and sends a request to the customized query engine. That engine returns a status that the target has advertised itself to be under attack. The router then starts throttling that traffic.
I speculated that such a query engine could be more quickly built out of DNS technology in order to avoid re-inventing the wheel, simply because it is ubiquitous and well understood.
So, none of your dire predictions would come to pass, because checking IPs for presence in the "Under attack" database would a) not need to be done in real time, and b) have nothing at all to do the the existing DNS service.
-
1000 piracy sites for starters
The Net-Chinese registrar in Taiwan has accepted a service contract to register over 1,000 software piracy sites. It is just this sort of widespread abuse for which legislation like this is needed.
For the last 5 days alone, see the pirate sites listed at http://rss.uribl.com/nic/NET_CHINESE_CO_LTD_.html
For over 1,000 examples in October/November check http://spamtrackers.eu/wiki/index.php/Net-Chinese
If the US can't ensure compliance at home, how can anyone expect to convince the Taiwanese piracy sponsors? -
Blogspot Abuse
Where is all this spam abuse people talk about in Google Blogger aka Blogspot?
First of all, anyone who has a Gmail account can create a blog. If I want to create 10,000 blogs to use for spam site redirection, I need to get 10,000 Gmail accounts. That way, when Google tries to communicate about 1 of those 10,000 sites, they will have to go to 1 out of 10,000 accounts. In the last resort, they may terminate the Blog site, and the Gmail account. 1 in 10,000 is not too bad.
So where do I get 10,000 Gmail accounts? Well, heck, that ain't hard. Some enterprising turkey called "William Lim" is selling any number up to 10 Million Gmail accounts over there in the spammer haven, BulkerForum. 10,000 is only a small portion of his portfolio.
Then I have a simple automation tool that cycles to the next one of my list of 10,000 Gmail accounts, logs in, auto-creates a site, and puts in an obfuscated java script that redirects to a spam brand, like "Canadian" Pharmacy - you know, that well documented fake pharmacy using a domain name registered in China, running on a web server in Korea, and if it ships any counterfeit pills or placebos at all, they come from India. Your credit card details and payments go to the herders in Russia, and a month later you find your details have been used to order more domain names.
So you think Google doesn't know all this? Yeah, right. You can see the rate of abuse in the site that builds a list of spamvertized blogspot URLs as they land in the spam-traps. We are talking 600-1000 abuses of the Blogspot terms of service per day. That's about one every 3 or 4 minutes, 24/7!
The abuse list for the last 5 days is updated in real time and is at the URIBL blogspot tracking site
You can even compare how the competitors, Yahoo (Geocities) and Lycos (Tripod) who have been equally abused at the same rate, are performing in handling this issue. The comparison is in the statistics for the blog site hosters -
Blogspot Abuse
Where is all this spam abuse people talk about in Google Blogger aka Blogspot?
First of all, anyone who has a Gmail account can create a blog. If I want to create 10,000 blogs to use for spam site redirection, I need to get 10,000 Gmail accounts. That way, when Google tries to communicate about 1 of those 10,000 sites, they will have to go to 1 out of 10,000 accounts. In the last resort, they may terminate the Blog site, and the Gmail account. 1 in 10,000 is not too bad.
So where do I get 10,000 Gmail accounts? Well, heck, that ain't hard. Some enterprising turkey called "William Lim" is selling any number up to 10 Million Gmail accounts over there in the spammer haven, BulkerForum. 10,000 is only a small portion of his portfolio.
Then I have a simple automation tool that cycles to the next one of my list of 10,000 Gmail accounts, logs in, auto-creates a site, and puts in an obfuscated java script that redirects to a spam brand, like "Canadian" Pharmacy - you know, that well documented fake pharmacy using a domain name registered in China, running on a web server in Korea, and if it ships any counterfeit pills or placebos at all, they come from India. Your credit card details and payments go to the herders in Russia, and a month later you find your details have been used to order more domain names.
So you think Google doesn't know all this? Yeah, right. You can see the rate of abuse in the site that builds a list of spamvertized blogspot URLs as they land in the spam-traps. We are talking 600-1000 abuses of the Blogspot terms of service per day. That's about one every 3 or 4 minutes, 24/7!
The abuse list for the last 5 days is updated in real time and is at the URIBL blogspot tracking site
You can even compare how the competitors, Yahoo (Geocities) and Lycos (Tripod) who have been equally abused at the same rate, are performing in handling this issue. The comparison is in the statistics for the blog site hosters -
eNom are MAJOR scumbags
This may be somewhat OT, but eNom are known well in the anti-spam community for being one of the largest registar choices of spammers. They are almost 100% likely to do nothing to discourage spammers from using them as a spammer-safe haven for registrations.
This is further supported by taking a glance at data from the URIBL "Realtime URI" feed for Abused/Abusive Registrars. A glance at their website shows they rank second out of 250 registrars for hosting blacklisted domains. -
yahoo
hell, i bet yahoo could create the database by themselves. based on the amount of KP sites that show up on their nameservers http://rss.uribl.com/ns/yahoo_com.html
-
URIBL.COM RSS Feed for black domains on Godaddy
Hell, they could just use our data feed to identify spam domains registrered through their nic. http://rss.uribl.com/nic/GO_DADDY_SOFTWARE__INC_.
h tml -
Re:Survey Says?
good near-realtime stats at http://rss.uribl.com/
-
rhsbls are much more effective than ip-based lists
RHSBL's such as http://www.uribl.com/ maintain (and publishes via white.uribl.com) a very large whitelist for domains resulting in much less chance of FP on their black.uribl.com list. spamcop doesnt seem to believe in whitelisting ips/subnets, as hosters such as gmail, aol, sbc, and the like seem to get listed about every other week.
give it a shot, the spam accuracy will hang around 70-80%... which is better than you'll ever get from spamcop.
-
pretty small sample size
300 random domains from the entire zone of 90 million
.com's doesnt give a real good idea of what the problem here is.if instead they would take a sample of newly registered domains, that percent would jump significatly. we use whois lookups as part of the heuristics at http://www.uribl.com/ to identify new spammer uris that show up in the query stream en masse.
domain age proves to be a big indicator of spamminess when it comes to uris in emails.
for the last 7 days, the top 10 creation dates for domain names that we have blacked
rank / created / black uris
- #1 01-dec-2005 301
- #2 02-dec-2005 262
- #3 05-dec-2005 207
- #4 30-nov-2005 154
- #5 06-dec-2005 133
- #6 04-dec-2005 108
- #7 29-nov-2005 95
- #8 28-nov-2005 93
- #9 07-dec-2005 75
- #10 03-dec-2005 61