Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?
just wondering...ank
Still hoping for Gentle Treatment...
I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL, DSBL, and ORDB.
-Lucas
Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.
"Draco dormiens nunquam titillandus."
why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
... atleast they didn't blow up blow up their servers.
Um, you got it wrong pal. It wasn't spammers getting DDOS'd, it was spam fighters getting knocked off the net. By spammers. You know, the bad guys.
Where's my lobbyist? Right here.
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
You, sir, are a hero. Not only did you avoid reading the article, but you apparently didn't even read the HEADLINE!
A Joe Job is where some unsuspecting innocents email is placed as the "from" address in the email headers. Headaches ensue
Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.
Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.
Most writers regard truth as their most valuable possession, and therefore are most economical in its use - Mark Twain
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Luck favors the prepared, darling.
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
If you were blocking sigs, you wouldn't have to read this.
I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).
I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
total lack of interest shown by law enforcement
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
The US Army: promoting democracy through unquestioned obedience
This is definetly true.
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
In Soviet Russia, the television watches YOU!
A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.
Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.
BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.
Where your send email purporting to be from someone else, or in this case when spammers send spam purporting to be from the anti-spam orgs. SMTP servers don't validate the From: field, you can put anything in there. Most lusers and a shocking number of clueless sysadmins don't realise this.
If you were blocking sigs, you wouldn't have to read this.
I'm sorry for the trouble these guys have had, but I've had more trouble with black lists then benefit. I've been black listed many times for stupid reasons. Like one of the sign-off's mentioned, I've had @mydomain.com used to send spams, had to handle the bounces and then been blacklisted on top of that. I've had spam link to a page I host even though the spam wasn't advertising the page, it was using the page to support the sale of its product. The page was about water safety, and posted by someone with no connection to the spammers. I've twice been blacklisted and once had UUNet filter my IP allocation because users had uploaded old vulnerable versions of FormMail.pl to their web sites and spammers found and abused the hole. Both times I had found and removed the offending script before getting shut down, only to be blacklisted/filtered AFTER fixing the problem.
As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.
Not to be overly-dramatic, but when it happens to you it's a nightmare and one of the blackest pits you can imagine.
:), and installing such watchdogs and filters as I could. I cultivated good relations with the folks who supported the server. I did all I could, short of purchasing a server for myself, which I could never have afforded.
Think of spending all your time, energy, heart and soul developing a business (or organization), providing for it, gaining credibility and referrals, making a name and niche for yourself, however small. Imagine you're attempting to support and educate a family via that business.
Now imagine it all wiped away with no thought at all by anonymous monsters of greed.
That's precisely what happened to me. I'm actually not illiterate. I exercised care in building my site, selecting a host for it, making sure it ran Linux
Then I made the mistake of becoming ill. Over Christmas I spent six days in the hospital, and when I came home, a corresponding several days downstairs. They struck during that time. I returned to hundreds and hundreds of bounced messages, angry complaints, bitch-outs, whatever.
A call to the tech support people actually put a stop to the whole thing rather quickly. The spammers were using Sprint, and apparently Sprint lacks tolerance for these issues. I wrote to each and every person who'd bitched, swallowed my pride and explained who I was and what had happened. Some wrote back.
On the practical side, I have now a trusted friend who will look after things for me if I ever become ill again, and I will do the same for him. In fact the two of us may lease a server from a reputable company. That's a huge cost, but it may well be worth it.
On the emotional or impractical side, even eight months later I have an enormous amount of anger. Anger is often un-helpful, but I entertain visions of finding ways to inujure these people (not physically or by violence, but in their ability to do this). I visualize them financially ruined, humiliated in public, hounded out of their neighborhoods. I visualize attacks on their servers. That's all quite counterproductive. In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.
Regards,
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
Sorry to interrupt your rant, but...
Does anyone know if law enforcement was even CONTACTED?
As a state prosecutor, I can charge DDoSers with felonies, but I need to be able to track them down, and I need a victim to report the crime.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
SPEWS ultimately blocks legitimate email. Indeed, it rejoices in doing so, the argument being that if legit email is blocked, its senders will put pressure on their ISP to kick off spammers.
I can't agree with that being a legitimate tactic. It may be a legal tactic, as the idiots who are itching to hit reply with the same old "It's my server, I can do whatever I want" bunk will point out, but it punishes the wrong people. It's a little like local businesses banding together to refuse employment to anyone living under a landlord who hasn't kicked out a local shoplifter. Just as with that case, "It's my business, I can employ whoever I like". Just as with that case, "They can move can't they?" (Er, yeah, but it's rarely as trouble-free as you pretend. Businesses especially, who tend to be the profitable customers of ISPs, are usually locked into contracts and have paid substantial amounts for everything from dedicated lines to domain names. They, the most critical customers of the ISPs, cannot just up stumps and leave.)
SPEWS has that pitchforks and flaming torches thing about it, it's comprised of people too angry and too childish to consider what the consequences of their actions are. My "Due Diligence" with ISPs is such that I'd prefer to do business with one that works with spammers than one that'd arbitrarily block my email. (Right now, I'm fortunate enough not to have to deal with either, but come the day...)
You are not alone. This is not normal. None of this is normal.
I'm half-wondering how you're going to work that out. My first thought was "murder mystery" but I found myself thinking that it would wind up something like this:
You are in a maze of twisty little relative jumps, all alike.
*WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.
There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.
Technical people don't make good administrators.
Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.
Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.
I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.
We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project for an example of this.
As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...
With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.
If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.
Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.
Exactly. This is what the Sobig trojan writer was commissioned to do, in my own personal belief. I've read some extensive analysis of what the Sobig trojan and some of the other recent worms that have been crushing the net, and they were explicitly designed to become tools of spammers and denial-of-servicing fleabags.
The sad part is that Ron Guilmette, the fellow who ran monkeys.com, has tried to get law enforcement and the ISP's where the DDoS was coming from interested in this problem and was pretty much rebuffed outright. FBI won't look at it, the ISP's are signing pink contract at double the usual rates at least to keep spammers connected and ignore complaints. No one is interested in helping with this and it's sad.
It's getting more and more like the Wild, Wild West every time I hook up to the 'net anymore. There are people complaining that they don't like the vigilante justice involved with running the DNSBL's. Imagine what your spam load would look like *without* the DNSBL's.
Or imagine the Pandora Project coming to life.
Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.