Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?
just wondering...ank
Still hoping for Gentle Treatment...
Vigilante Justice does work!
I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL, DSBL, and ORDB.
-Lucas
Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.
"Draco dormiens nunquam titillandus."
why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
If you read his notice, you'll observe that his biggest beef is that he got no support from any of the big ISP's that probably used his services anyway. The /. blurb is right...until there is some sort of distributed, un-DDOS-able method of tracking spammers and their ever-rotating servers, we will continue to be blanketed with spam. By the way, has anyone noticed a particular surge in spam just today? I've gotten dozens of very similar messages in just the past three hours.
... atleast they didn't blow up blow up their servers.
Um, you got it wrong pal. It wasn't spammers getting DDOS'd, it was spam fighters getting knocked off the net. By spammers. You know, the bad guys.
Where's my lobbyist? Right here.
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
From Article II: "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed."
Are we now supposed to "take up arms" against the SPAMmers ourselves?
William
When you're not looking, this sig is in Latin.
What exactly is a 'massive Joe job'?
These "anti-spam" guys have been a thorn in my side, and I HATE spam. They will list you in their list for the slightest of insecurities in your email system, and keep you there for days, weeks, or months after you've patched them. They will assume you are a spammer, even if you swear to them up and down how much you hate spam (and mean it!). They will block whole subnets based on the activities of a few.
Most (all?) of the "anti-spam" systems out there are very poorly thought out. The ratio of "collateral damage" to actual spams stopped is way too high. And who appointed these guys worldwide "email cops" anyhow? I know I didn't.
There has to be a better way to block spam than blackhole lists and the like! Maybe making it a Federal crime to buy anything from a spammer? Voila, no one buys from spammers, so spammers stop spamming the US...
Honey, I shrunk the Cygwin
You, sir, are a hero. Not only did you avoid reading the article, but you apparently didn't even read the HEADLINE!
Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.
Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.
Most writers regard truth as their most valuable possession, and therefore are most economical in its use - Mark Twain
I think the bottomline failure in the "War on Spam" is that there's no central "root of trust" authority in the e-mail system... that is, no sactioning body regulating the use of e-mail in the way that we can have regulations about use of the PTSN that actually stick.
What I think is going to need to happen eventually is that e-mail is goin gto have to become a closed-system where ISPs have to pay to gain admission and risk ejection if the fail to control the Spam or other abuses coming out from their sources.
The fact is, any time you have an open unregulated communication system, the lowlifes are gonna be the ones who take it over...
I hate to sound like the typical crybaby, but why do the good guys always get screwed? If we (the spam-hating/fighting collective) were to do this, I can almost guarentee there would be media and probably law-enforcement backlash against us (as proven by the story of the spammer whose information was leaked by someone).
Now, knowing that law enforcement WON'T do anything against this, what happens when we decide on vigilante justice and return the favor onto the spammers who DDOoSed them (it's an assumption)? Will the law suddenly perk up and seek those who struck back?
And what sort of example is this proving? That Law Enforcement doesn't matter/work with technology as the internet? Is this foreshadowing for the California Anti-Spam bill?
This is your typical example of hitting your little brother/sister back after s/he hit you and your mom catching you only citing "It's always the second person who gets caught."
When modding "Informative", please make sure it both has a source and IS actually informative.
Never. Fact is, for a blacklist to have any credibity it has to come from a central source. If it doesn't, then how are you going to authenticate the real blacklist from a fake claiming to be the blacklist but actually blocking legit ISPs and letting spammers by. P2P isn't the solution to everything.
I've gone one better than SPEWS and blocked all incoming connections to port 25 from any site with an IP address between 0.0 and 255.255.255.255. Sure, I don't get any email any more, but at least I don't get any spam!
You are not alone. This is not normal. None of this is normal.
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Luck favors the prepared, darling.
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
If you were blocking sigs, you wouldn't have to read this.
I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).
I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
total lack of interest shown by law enforcement
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
The US Army: promoting democracy through unquestioned obedience
This is definetly true.
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
In Soviet Russia, the television watches YOU!
OK, IANAL, but I have an idea that so crazy it just might work.
Instead of outlawing spamming, outlaw the purchace of products advertised with spam.
You could enforce this in a similar way to recent online gambling regulations that prohibit credit card companies from honoring transactions for online gambling. So if you sell your products using spam, you can't collect on the payment.
Also, you solve the jurisidction problem of outlawing spamming. Instead of just moving the spammers out of the country, you now discourage spammers from ever sending spam into the country because it would then become illegal for anyone to purchace their products.
And finally, it would discourage the 0.001% of people who are idiotic enough to respond to this crap. "You'll go to jail if you buy this." is just the kind of simplistic message that would get through to these people. When spammers stop getting replies, they won't have anyone to sell thier service to.
This is just an idea, so I'm sure there's a few problems with it. But maybe in order to combat spam, we need to stop trying to go after the spammers and start trying to just make it unprofitable for them to operate in the first place.
A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.
Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.
BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.
I wish law enforcement had the resources to go after whomever is DDOSing these ant-spammers.
But I understand that, especially now during our war against terrorism, law enforcement must prioritize, and go after bigger threats to our well-being.
I applaud John Ashcroft for realizing this, and using our scarce law enforcement resources to attack the real threats: Tommy Chong, the bong seller, and porn that personally offends him.
If these anti-spammers were serious, they'd do the right thing and incorporate as for-profit companies and make the campaign contributions that would purchase them real police protection. That they haven't makes it clear to me that they have no reason to expect law enforcement to take them seriously.
Opinions on the Twiddler2 hand-held keyboard?
These anti-spam lists were notorious for ruining the good names of ISP's who went thru the trouble of eliminating spammers from their ranks only to continue to be listed on these lists.
They couldn't run the damn things right, its probably disgruntled ISP's and not spammers who are DoS'ing them right now. And rightly so.
Mac OS X and Windows XP working side by side to fight back the night.
The poor guy gets DDoS'd, and then we end up Slashdotting his "suicide note"!!
This guy just can't catch a break.
I'm sorry for the trouble these guys have had, but I've had more trouble with black lists then benefit. I've been black listed many times for stupid reasons. Like one of the sign-off's mentioned, I've had @mydomain.com used to send spams, had to handle the bounces and then been blacklisted on top of that. I've had spam link to a page I host even though the spam wasn't advertising the page, it was using the page to support the sale of its product. The page was about water safety, and posted by someone with no connection to the spammers. I've twice been blacklisted and once had UUNet filter my IP allocation because users had uploaded old vulnerable versions of FormMail.pl to their web sites and spammers found and abused the hole. Both times I had found and removed the offending script before getting shut down, only to be blacklisted/filtered AFTER fixing the problem.
As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.
Dude! I think you're on to a really good idea here!
Why not create some form of public repository to display IP's currently being used in Zombie-based DDOS attacks?
If anyone wants to help me form something more concrete, my jibberished email address should be display above.
How about contacting SANS or maybe Security Focus? (Would this work best as a mailing list perhaps?)
Sig.i>
There better be no muthafuckaz tryin' to perp' shit against *my* homies in *my* lively 'hood. Might have to pop a cap in somebody's ass.
-Looking for a job as a materials chemist or multivariat
Which authorities? Which jurisdiction?
We are the complacent ones. We are responsible. We must no longer sit in our chairs and point at each other. If we don't like what's happening we must stand up and act!
Spamassassin is good. Rating systems are good. Distributed early detection of spammer hosts is good. P2P distribution of anti-spam intelligence is good. Rate-limiting spammer hosts is good.
If we really care, we will create the defense and save the 'net. If we really care, we will act.
I will act.
I fight spam!
If RFG can show that more than $5000 worth of damage was done to his computers or business, he can get the FBI involved. If they can track down who did this, there could be jail time for some of these bastards.
This post expresses my opinion, not that of my employer. And yes, IAAL.
Spamming generates a LOT of money for these people. The fact that their "industry" is already considered criminal by the internet community only makes it worse. These attacks are totally predictable...they will do whatever is necessary to protect their revenue stream. They are like the mafia.
What I don't understand is, why can't the government go after the people who enlist the spammers' services? For example, I've gotten spam from some "financial services" companies that want me to take their investment advice. They have obviously hired a spammer to spew emails on their behalf. Why can't that company be fined or sued? If we make it too expensive for the ADVERTISER to use spamming services, then I believe that will reduce spam overall. Or am I completely naive?
There is no gravity...the earth just sucks.
I presume your ISP was harboring spammers. That's assuming you are not a spammer. ISPs that harbor spammers do get a chance to terminate them (unless it is a well known spam gang). If they don't, it's probably because the ISP needs a financial incentive to do so. SPEWS provides that. All customers of such ISPs are indirectly supporting the harbored spammers when they pay their ISP bill.
You don't have to use SPEWS if you don't want to. The opportunity to know and understand how SPEWS works, so those who do choose to use it, should read and understand what it means. If blocking ISPs that harbor spammers is not what you want to do, then don't use SPEWS. No one is twisting your arm.
SPEWS has been responsible for getting quite many spammers, who would not otherwise have been by other DNSBLs, kicked off their ISPs, and their spamming abuse activities stopped or reduced for a while. And this is what has pissed off a lot of spammers.
Of course, a lot of customers of the listed ISPs never tried to understand, and assumed they were being accused of being a spammer. What they should have done is pressured their ISP to remove the spammer(s).
now we need to go OSS in diesel cars
Unfortunately the spammers will always win. It is WE (collectively not individually) who are responsible for the proliferation of spam. Spammers are in business to make money and if all those blithering idiots out there who actually RESPOND (i.e. who buy the crap the spammers are selling) would stop, the spam would simply go away because it would no longer be profitable. STOP BUYING THE SHIT THE SPAMMERS SELL. If you simply MUST have the product or service they offer, just go DIRECTLY to the supplier of the product or service. Cut out the middle man and he/she WILL go away.
Paranoia was conceived to make you feel that your reasonable suspicions are unreasonable and unwarranted.
Put it on a .gov website, then whomever tries to DDOS it gets a one way ticket to Gitmo.
between the greater and lesser infinities sleep the dreams undreamt
It's high time for MTA operator licensing.
I think we need to implement a system where operators of MTA software need to be licensed, just like radio operators. The licensing should be open to anyone. The rules need to be:
1. The licensee's MTA is only allowed to receive email from their own network to forward, and only receive email from other licensed MTAs from outside their network.
This means that licensed MTAs will reject email from adsl-1-2-3-4.somebigisp.com, but will accept email from mail.somebigisp.com. A cryptographically signed list is distributed containing the list of MTAs that are licensed.
2. If a licensed MTA operator's MTA is used to send spam or viruses, the MTA operator has their license suspended. Egregious violations can be punished by fines, or in extreme cases, imprisonment.
3. ISPs (as opposed to an MTA run by an individual or a small company) would have to be licensed themselves to send email, and hire only licensed MTA operators to run the mail gateway. If an ISP is guilty of allowing spam or malware through their MTA, they can lose their MTA license, and in egregious cases, be fined.
Licensing exams must relate to MTA operation best practise, rather than the specifics of operating a particular piece of MTA software. Licensees will be expected to learn how to properly configure and test their software before putting it online. Hopefully, the risk of a license suspension/revocation will provide ample incentive to ensure the MTA is configured correctly.
Licensing rules would have to be agreed by international treaty. The licensing authority should probably be national governments, but could be the administrator of the DNS TLD for the full DNS name of the MTA in question.
Effectively, licensing will be a big whitelist of mail server operators who have a minimum mandated level of clue, and a code of conduct enforced by the rule of law.
In the early days of road vehicles, there were no drivers licenses. However, you'd have to be nuts to argue that driver's licenses (and most are internationally recognised) are a bad thing these days. The same really needs to go for mail servers - doing nothing at all is no longer an option. In the last 48 hours, Exim on my server has rejected just under 3000 instances of the Swen worm and SpamAssassin has canned 400 spam emails. Indications are that it will ONLY get worse. Rewriting SMTP won't help - we need proper rules about email, and proper remedies that can be applied (license revocations, fines, imprisonment) when people fail to follow those rules. With proper MTA licensing, ISPs will ensure they can properly identify all users and can so punish people who try and abuse their MTA, instead of just ignoring the problem like they do now. I'm beginning to wonder if email is worth it any more unless measures like this are put in place.
In the short term, ISPs can help by blocking all outbound port 25 access apart from their mail gateway. Slashbot whiners who don't like this can stump up for a business broadband account and a static IP if they really must run their own MTA.
Oolite: Elite-like game. For Mac, Linux and Windows
More to the point, given that it's certainly doable with plain old DNS: why don't we have one already?
Let's say I run a DNSBL server on a domain I own, "bl.dnsblacklist.com" say. How hard would it be to allow volunteers, preferably at large corporates and ISPs to download the entire zonefile contents via DNS AXFR (or whatever), in return for hosting a mirror server complete with another A record for "bl.dnsblacklist.com"?
I would get to vet the applicants, because they would need to contact me first to acquire the necessary permissions required get access to the zonefile. If I don't trust the applicant to be 100% legit, or get evidence they have misused the data (which, at then end of the day is just a list of IPs that have sent spam), then it's access denied. There are some potential problems with this that I can see though. We still have a limited number of IPs for the distribution of the zone files to the slaves, so it would possible to DDOS those, unless that role could be safely distributed too.
Note: this occurred to me while reading the article, so I almost certainly have missed some potential holes. Still, it does seem a way for a DNSBL provider to gain some resiliance for free if those holes can be plugged. Comments?
UNIX? They're not even circumcised! Savages!
Would it be possible for the zones themselves to be distributed via rsync? Mirrors could be provided, and scripts could be setup easily to handle multiple zones from different 'lists' -- the problems I see here is that the zones would be available to ANYBODY (including spammers) -- However, they are now, just with alot more work involved.
Something to think about... Performing a:
rmerge sync
rmerge dsbl/monkeys.com
would be neat, and would not rely on any external DNS server, as the zones would be locally hosted.
Running the above from crond every 5 hours, etc. would keep the list fresh.
Forum Foundry, Inc.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
SPEWS ultimately blocks legitimate email. Indeed, it rejoices in doing so, the argument being that if legit email is blocked, its senders will put pressure on their ISP to kick off spammers.
I can't agree with that being a legitimate tactic. It may be a legal tactic, as the idiots who are itching to hit reply with the same old "It's my server, I can do whatever I want" bunk will point out, but it punishes the wrong people. It's a little like local businesses banding together to refuse employment to anyone living under a landlord who hasn't kicked out a local shoplifter. Just as with that case, "It's my business, I can employ whoever I like". Just as with that case, "They can move can't they?" (Er, yeah, but it's rarely as trouble-free as you pretend. Businesses especially, who tend to be the profitable customers of ISPs, are usually locked into contracts and have paid substantial amounts for everything from dedicated lines to domain names. They, the most critical customers of the ISPs, cannot just up stumps and leave.)
SPEWS has that pitchforks and flaming torches thing about it, it's comprised of people too angry and too childish to consider what the consequences of their actions are. My "Due Diligence" with ISPs is such that I'd prefer to do business with one that works with spammers than one that'd arbitrarily block my email. (Right now, I'm fortunate enough not to have to deal with either, but come the day...)
You are not alone. This is not normal. None of this is normal.
*WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.
There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.
Technical people don't make good administrators.
Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.
Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.
I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.
We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project for an example of this.
As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...
With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.
If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.
Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.
Nothing we know of can stop DDoS attacks - except law enforcement getting off their asses and ACTUALLY PROSECUTING CRIMES. Remember, every DDoS attack is rooted in zombie machines. Unauthorized hijacking of someone's machine is a CRIME. The problem is, the law enforcement people don't care about this particular crime, so nothing we do can fix iit. http://www.seebs.net/log/archives/000071.html
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Exactly. This is what the Sobig trojan writer was commissioned to do, in my own personal belief. I've read some extensive analysis of what the Sobig trojan and some of the other recent worms that have been crushing the net, and they were explicitly designed to become tools of spammers and denial-of-servicing fleabags.
The sad part is that Ron Guilmette, the fellow who ran monkeys.com, has tried to get law enforcement and the ISP's where the DDoS was coming from interested in this problem and was pretty much rebuffed outright. FBI won't look at it, the ISP's are signing pink contract at double the usual rates at least to keep spammers connected and ignore complaints. No one is interested in helping with this and it's sad.
It's getting more and more like the Wild, Wild West every time I hook up to the 'net anymore. There are people complaining that they don't like the vigilante justice involved with running the DNSBL's. Imagine what your spam load would look like *without* the DNSBL's.
Or imagine the Pandora Project coming to life.
For example, how about getting RMX (Reverse MX lookups) working. A lot RBLs are error prone. A distributed RBL would either not really be distributed (i.e. a central 'committee' that decides who's on the list and lots of mirrors), or a disaster (i.e. anyone on the net can block people). I'm not saying it couldn't be done, just that it would take a Herculean effort to prop up a technology that a lot of people think causes more harm then good.
:P. Older entries would automatically loose 'weight' so that people who change their ways can send email again. People who send in bizarre reports would have those reports weighed lightly.
The ideal (in my mind) anti-Spam 'tool chain' would be RMX and Bayesian filtering along with per-user white listing for messages that are flagged by those systems. A per-domain blacklist of "sites vouch for Spam via RMX" could be created and done on a somewhat distributed system, rather then an IP based system.
Anyway, here's how I would design a distributed blacklist type system. First of all, it would be based on RMX rather then IP space. That way people who are forced to share IP space with spammers don't get screwed. Users of the system could flag mail as 'legitimate' or they could flag it as 'Spam' legit email is sent in only as a counter, and actual Spam is forwarded to a central system. Unlike Kazza or whatever, we wouldn't need to worry about getting shut down by the RIAA so some centralization is OK.
No one person would decide what to 'blacklist' rather, simple counts of spam/non-spam could be retrieved by users. People running mail servers could see the Spam that they supposedly sent and, erm, repent
How do you prevent DDoS? Well, honestly I think the best solution would be to have users pay a small fee going towards hosting on something like Akami. That would be a lot simpler then trying to setup and manage the security of a distributed redistribution system.
We might also have an identity verification system to prevent spammers from faking thousands of accounts to fuck up the averages.
autopr0n is like, down and stuff.
You might have the same problem as me.
A lot of the mail I sent out was comming back with notes that it was sent from a black-listed server and therefor was not going to be delivered. As it turned out my host company, was guilty of having open ports and had at one time hosted a spam site. The result was that every IP in their IP block ended up on a black list including mine.
Since my host won't fix their servers, and I can't get my IP removed from the black lists, I'm moving the website to a better host.
Do what I did, and move your site. Chances are, if enough of their clients leave them they might start thinking about closing their open ports and stop relaying spam.
-Goran
Carpe Scrotum - The only way to deal with your competition.
"And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."
Uh, No.
RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one.
Most big name bandwidth providers are now rate limiting icmp.
Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.
I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?
Give us the choice and let the few abuse it and the many enjoy it.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
we need more spam. i think all operators should shut down their lists even temporarily to show everyone what happens(even themselves). either noone will notice a difference or everything will shut down.
there has been no control in the experiment. no real idea of wether it works. if anything it makes more money for the talented spammers, becuase they can send out more spam.
Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.
There is a way to fight of spam, with a p2p like system!
You first have to get rid of the 'blacklists' idea to detect spam. As already mentioned by many people, they have downsides and moreover in a p2p net there is no 'authority' and so they could do anything, but noithing what is intended.
You even have to forget about all 'traditional' ways to identify a certain mail to be spam.
A p2p is the most powerful tool against spam, I can imagine. It offers the strongest method to detact spam, because only a _network_ and distributed computing offers the possibility to reveal information unique with spam.
Unique to spam is that a huge amount of mails are sent over the net in 'short' time, with almost identical (i.e. identical in parts of the content, not header fields) content.
If we get to know, that many mails with almost identical content are sent over the net in a short time, than we know, that spam is going on. and viola, spam>/dev/null
0. If the sender is on the whitelist, the mail is treatened normaly! (To avoid declaring mailinglist, newsleters and the like to spam, if they are not.)
1. We need to use common p2p technology to inter connnect mailservers, relays and mailclients.
2. When revieving a mail it gets queued in a verification queue.
3. For each mail in this queue, checksums of different parts of the mail are calculated. This 'checksum-sets' of received mails are stored and keept for some time. (Let's call that, the mail servers own checksums)
4. The checksum-set ist sent out to a handfull other participants on this p2p for 'confirmation'.
5. If such a 'confirmation' request is received, the checksum-set is stored too. (For a shorer time)
6. All checksum-sets (the own ones an the ones from _different_ hosts requesting 'confirmation' are now compared to each other using Bayesian statistical approach.
7. If to checksum-sets indicate a very similar, both checksums-sets get bundeled together and sent out as an 'alert notification' to all hosts connected. (The host IP's recieving such a mail are very important to avoid checking one hosts copies of his checksum-set temporarily stored on other servers!)
8. When receiving an 'alert notification' the mailserver checks similarity against all checksum sets, he has stored. If further similarities are detected, the are added to this 'alert notification' and again sent out to all connected machines.
9. Once the a 'alert notification' reaches a critical number of 'host' that received such a mail, they sent this package to all of these hosts and theyl delete the mail. (Of course this 'alert notification' will not be deleted, it will, again, be stored for further checks, as a 'spam notification'. (Mailservers that recive such spam mail some time later, should not start the whole process all over, since spamcase is already clear. Of course they'll receive this 'alert notification' withn an indicator, that all included hosts have already received this package.
10. The mails that 'survive' for more than an hour in the veryfication-queue are valid and leave the queue.
11. We're done with it.
The critical number should not be high enough, to avoid droping mails with multiple receipents or 'false positives'.
(Maybee I have forgotten one or the other detail, but I hope you can understand the priciple
The only solution is all out war!
The problem is that spammers have a significant financial motivation to act in the ways that they do.
Spam fighters, on the other hand, are fighting back and providing services mostly out of the goodness of their hearts. (Check me if I'm wrong, but i've never seen an article on the lavish lifestyles built by opposing spam.) This means that unless we can come up with an *unbreakable* technological solution the spammers will always win the war: they have a financial motivation to fight harder than we do.
The solutions I've heard proposed sound more like problems than solutions: central governing bodies, a regulated internet, pay-per-email, etc all make my crypto-libertarian instincts nervous. If we don't want our commons taken away, we have to defend it ourselves!
So how can we win against an enemy with superior motivation? We need to take away their motivation! We can't ever win by fighting the spammers, so lets start fighting the people funding them!
We need to (legally) DOS the resources of those who are benefitting from spam. This is going to require maturity and restraint in the heat of battle, but if we attack the wrong people, we will be no better than the spammers. Let me propose the following:
Benefits and prerequisites... :) This is where it is key to have high profile trusted and respected figurehead. If Joe Blow organises this on his dsl line, his access gets cut off and the feds disapprove. If an innocent party is wronged than he probably goes to jail. If, on the other hand, ESR organises it, public opinion on the net will massively oppose federal pressure against him and commercial pressure (ie his access being cut off) is much less likely.
Speed is of the essence. Attack must respond to take down target before any profit is made. Scale is important as well. Volume of traffic must decimate servers even on fat pipes (or at least cause high bandwidth $$$ usage). It might even be possible to DOS 1-800 numbers if every subscriber was willing to place a call and complain.
Would all this be illegal? Certainly as a whole the intent is to DOS the target and therefore is illegal. I could even imagine RICO coming into play (this is after all an organized conspiracy to commit a crime). However the actions of those subscribing to the service are not illegal (IANAL, someone else comment). After all, I (as subscriber) am just saving a highly recommended commercial resource for later perusal!
I realise that there is lots of hand waving going on here. But I firmly feel that this may be an instance to fight fire with fire, fight outlaws with vigilante justice, etc. We need to claim our space for our productive use and not for other's pollution and decimation. Fighting spammers directly is like "fighting terrorism". Attacking those who provide the incentive is like taking the battle to host countries of terrorism; a much more likely strategy.
http://metapundit.net
You're comparing the operators of these services to spoiled children, when they've done more for the anti-spam cause than nearly everyone who will ever read your comment. What did they do to deserve that? If they are being selfish for giving up their efforts, doesn't that make you and I even more selfish for never making an effort in the first place?
Who wants to become a volunteer in a world where if your efforts fail you will be seen as a failure and if they succeed you will be seen as an entitlement?
...really. How many unsolicited personal emails do you get that are important? Even if you're in an organization with a network, how many corporate emails are not from the company domain? Just filter out anything not from a known source be it your personal or business address book.
...
Our institution has a central broadcaster for corporate info. Any email for the general worker population is sent via that broadcaster. That's one filter. Coworkers another filter. Personal address book another filter.
That's it. Anyone else goes to Junk and that is checked every couple of days in a dedicated time slot. Nothing gets missed. And time isn't a factor because when was the last time you received some kind of deadline item from someone you didn't know?
Maybe a business has a few machines that really can't implement such a filtering scheme (eg. sales) but not everyone in a business has to be subject anonymous email solicitations. But at home it makes no sense that you have to be inconvenienced by spam. Just look at it statistically, how many emails have you had from addresses you didn't know, that mattered? OK maybe that Nigerian general with the account
"Consensus" in science is _always_ a political construct.
You're not short of time; creating the system you describe (assuming good client software) hardly takes longer then typing your post did.
- Download, install, and run Freenet.
- Download and install fcptools.
- Instead of having your RBL list sourced from the HTTP net, have the RBL-client download the list periodically by running a quick invocation of fcptools.
Somebody has to publish it, but you could start by simply mirroring an existing list. The publisher's life is a little harder; they need to learn how to use SSK keys, get one, and learn how to post periodic content, but we're still talking half an hour. Moreover, you won't even necessarily be personally identifiable.A Freenet implementation is not a pipe-dream that would take months of highly-skilled developer time to implement, it's something anybody could do in about half-an-hour, if the RBL clients are configurable enough to take the RBL lists from varying sources like a shell script and not just HTTP. I don't believe in RBL lists because I believe they are censorship, so I'm not going to do this, but it would take so little effort you'll be astounded. You could do it over a lunchbreak.
The ratio of "collateral damage" to actual spams stopped is way too high
Hear, Hear. Effective blacklists with no practical collatarate damage actually exist, even if all the attention seems to gather around the overzealous(SPEWS) and stupid(AOL) blocklists.
dsbl.org open proxy/relay list, easy to get out once you fix the problem. very effective.
spamhaus.org lists IP addressess known to belong to spammers. Not as effective as dsbl, but a nice compliment in case spammer decides to send mail directly instead of raping a relay.
with those two, 60-80% of spam will stop at gates, so you will still need a content based filter for the rest.
signatures pending - ansa@kos.to - (dont mail there)
I'm kinda wondering, if I, as a lowly cable modem user, can easily identify hundreds (if not thousands, I haven't completely gone through my firewall logs) of zombies on the same netblock I'm on (68.0.0.0/8).
But the ISPs on that netblock (Cox, Charter, Bellsouth, Adelphia, Verizon, et.al.) can not.
You should see my firewall logs...day after day, the same IPs from the same ISPs are hammering me. It is CLEAR nothing's being done.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
Very simple. You have one person or a group that are trusted. They create and distribute a PGP/GPG whatever, public key to all the people who want to be a part of the network. Then every time a list goes out or a list is queried, you just check the key signature on it to make sure it came from the trusted people. So list creation is centralized (like it is now) but distribution is distributed. Easy to verify, hard to DDoS. Bingo.
The FBI/etc wouldn't know how the attacking host resolved the address, they would simply see DoS packets from the attacking host.
True, at least at first. But it wouldn't take them long to work it out.
A better solution, IMHO, would be to transfer the domain name to someone outside of the US, who he trusts, and let them point it to the FBI or something.
The problem is companies who pay spammers to send their crap. And we know nearly all of them because we have their names, urls, products, etc... in all the spams we receive. Instead of trying to track spammers down, when they are rich enough to pay a judge, why not randomly catch as many of their customers as possible to make the other ones fear the risk ? Use Darl McBride and RIAA's method : "warning, we know who you are, you have a little chance to be caught, but perhaps 5 years in jail for paying someone to pollute the net will make you think twice if it's worth the risk".
And if the spammers lose most of their customers, they will have to raise the prices to a able to pay for their access, and become far less appealing as a means of communication.
Just my thoughts,
Willy
Yeah, that's what we expect, but what the hell, the ISP's are part of the problem, they don't mind raking in the extra bux from the spammers to keep them connected. It's just *business* after all. **spit**
ISP's make money hosting spammers so ergo to put spammers out of business cuts them out of a goodly sum of cash to keep their already failing businesses alive. It's all *so* much bullshit.
Wrong, get your facts straight. Joe Jared runs Osirusoft. Matthew Sullivan runs SORBS.org. The only thing he gave was a general derision for all the Average Joe's who thought they could run mail servers competently by opening a Microsoft Exchange box and installing the CD, or any other software, without giving any thought to reading the friggin' manual, no thought for whether or not that software was set up securely or whether their systems were fully patched.
Yeah, we should automatically assume everyone on the 'net is as competent as Matt Sullivan. Yeah, that's the ticket!
The unstated (but pervasively implied) follow-up to the above statement is "... but I don't want to actually have to pay for any of it".
Sure it's sad to see a service that you're familiar with and like to use (like these anit-spam services) suddenly fold up shop. However, I'm curious why none of the comments anywhere in this thread bring up the idea of some type of for-profit approach (i.e. a subscription-based service).
If there really is no one who is willing to pay for these types of services... well, you get what you pay for. If you believe that "the internet becomes more worthless every day", maybe that's because when it comes time to put your money where your mouth is, you consider its worth to be $0.00.
Just my $0.02 (figuratively speaking, of course)
Slashdot is entertaining like pro wrestling is entertaining
such as Usenet and Freenet and Gnutella and probably Kazaa, and it's not too hard to develop efficient data formats for baseline and incremental update and detail records (easier for IPv4 blocking than IPv6
There are some problems with broadcasting the list as opposed to doing transactional interaction - a list of "mis-configured open relays or proxies with updates" is not much different from the spamware spammers' products of list of new still-usable open relays. (It's a bit less useful, because they know that some people are blocking them, but they also know that lots of people aren't.)
The other half of the communications process is harder - getting the information on spammers to the list maintainer without exposing the list maintainer to attack. A simple usenet group or IRC channel can be flooded, and email can be mailbombed, and the obvious way to do it is with bogus spam reports to reduce the integrity of the information. And some of it's an arms race, e.g. spammer submits a purported open relay to list-manager the list-manager's tester tests the "relay", and the "relay" captures the tester's IP address for DDOSing.
There are spam-reporting reputation systems - Cloudmark and Vipul's Razor do some of that, if imperfectly, or simple subscriber-only systems can stay below the radar (even though they'll have some spammers subscribing...) and you could probably build one that was P2P for a bit more safety. Vipul's distriuted approach lets users mark messages as spam, and distributes hashes, rather than killing whole sites, but you could adapt it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks