Slashdot Mirror
Spam Blacklist Targets Hijacked Telewest Customers
davidmcg writes "BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm. The Spam Prevention Early Warning System blacklisted the email addresses because a large number of the machines using them have been hijacked by spammers. Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."
"Telewest blamed recent virus outbreaks for the sudden rise in the number of hijacked home PCs. "We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task," it said."
I sympathise with them, I've tried banging my head against the wall before and it's not fun!
odd that the ISP never made an issue of their "Efforts" to clean up their customerbase before ending up in SPEWS. Some people say wholesale blacklisting is ineffective, some whine about false positives, I bet these guys really want to get out of the spotlight so they stop looking incompetant. Well done spews, whoever you are. By the way this article makes a serious mistake:
SPEWS does not exist (TINS (there is no SPEWS)). SPEWS therefore cannot make announcements of any sort whatsoever, though they do have the Lumber Cartel (TINLC) to speak for them.
Spam is a huge problem and any ISP may obviously be subject to blacklisting due to infected machines,Telewest is probably no worse than any other. What I find interesting, though, is that the article states they think 16,000 machines are infected. And the slashdot article claims "have been working with customers to regain control of their machines.". Good luck, I am glad it's not me who's job it is to call all those 16.000 users... (my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe, but .. I'm not important)
9/11: Never forget it was a false-flag operation
Not the address I use here on slashdot but my regular email addy (which has been active for about 4 years) is virtually spam-free.. at least I don't see much of it. My domain is registered through EasyDNS, with the "plus" package you can setup email aliases for your domain.. everything is filtered through their spamhaus/sbl/dsbl/etc blacklists.. then I use thunderbird with junk mail filtering.
:(
On average I see one spam make it through my junk mail filter in thunderbird. I've set it up for my mom/dad/brother & sisters as well. Now they laugh at the amount of spam their friends get compared to their own, which is comparable to mine.
I'm a techno-goof with hardly any understanding of networks and stuff.. If i can do it this easily, anybody can.
I think maybe spam is overrated.. with the right technology in place, it can be defeated. Although indiscriminite blacklisting by Orbs or whoever doesn't really help the situation
BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm.
So... ISP allows spam zombies to run free on its network, anti-spam firm overreacts by putting entire network on blacklist.
Is this really out of the ordinary? Weren't they doing this to US ISPs like Comcast until they started disconnecting zombie PCs?
Is there anything really out of the ordinary here?
They're just listing IP ranges. A complete non-newsworthy item. Consumer machines on broadband/dialup should be going through their ISPs smarthosts anyway ... which seems to be standard practice these days, to the point many isps block smtp or redirect port 25 to their own smarthosts.
Nothing to see here, move along.
Seems Telewest are actually attempting to rectify this situation, although you have to wonder how it is their responsisbilty.
FTFA: One hijacked PC on the Telewest network was sending out more than 100,000 e-mail messages per day, he said.
In cases like these if the offending computer is cleaned with (insert time frame here) then perhaps some negative reinforcement should be considered. fines etc???
serenity now!
"Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."
Somehow I have a bit of trouble believing this. How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it? Or an email with such software in it? Or even call users and tell them they have an issue?
I don't think they've done jack crap myself. And anything they have done is some token gesture to salvage their image.
Don't take life so seriously. No one makes it out alive.
isp's - block port 25 by default, and in account management allow users to unblock it. 99% of people will neveruse it, and those that do will account for such a small number you won't get many support calls for it. shit loads less work then fixing 16000 machines.
If you mod me down, I will become more powerful than you can imagine....
I think this is a good example of how the democratization of the net has really screwed things up in some ways. The net was never intended to be so centralized (undecentralized?), with huge ISPs serving millions of customers. Of course there's going to be zombie networks. The net wasn't designed to have millions of individual users directly connected from essentially unsupervised subnetworks. Notice that you never hear about a company or university having a significant percentage of their machines taken over, especially not for a long time. Originally, the network was just large organizations connecting their managed networks to the backbones, usually from behind firewalls. But an ISP doesn't watch it's clients computers the way a sysadmin would (nor should they) and thus we have the present, sorry, situation of millions of Microsoft moms unwittingly playing host to a global crime wave.
It's a good thing we have such secure consumer operating systems, or this could turn into a real problem!
You appear to have mis-spelled "dollars an hour" as "figures".
Exactly, and if you're forced to sign up for something, either use Bugmenot for anonymous login information, or Mailinator, for throwaway email addys.
About three years ago a usenet death penalty was issued against Telewest. Before it came into force they stopped all messages spreading out from their main newsserver and began scanning their customers for open newsservers and open proxys.
haha, you wasted years of you're life, while I'm earning seven figures sys-adminning.
Pesos don't count.
the average slashdotter is to smart to attend
Are you an average slashdotter?
SPEWS blocked another million addresses? How the hell did anyone notice? That's like taking a glance at the night sky and saying "hey, there's a new star!"
When my cable company had any issues with spam from any of their customers, they simply cut off their internet until the customer had their computer fixed. Seems easier than what this cable company is going through. User can either pay to have their computer cleaned and secured, or do it themselves. They then advise the Cable company to put them back on. Lot better for every other customer who is responsible enough to maintain their PCs.
cockband connections?
Didn't see that in the original.
SPEWS is not a "anti-spam firm". Check their website at http://spews.org/ for more explanation. And anyone too conserned about false positives should do their due dilligence when picking the DNSBLs they use and notice that SPEWS blocks fairly large netblocks. And there probably will be a lot of legitimate mail sent from bad neighborhoods. SPEWS is a very good tool for blocking spam and educating ignorant ISPs, but it's not suited for everyone.
Spews doesn't block email addresses. As a matter of fact, they don't block anything. Spews is a database of IP addresses.
Underholdning.info
Sneakemail is you friend.
Next time, if BBC News is "crawling", please look at your own link. BBC News is about as good as Google at staying up the whole time. A couple of extra visitors from SlashDot will get lost in the underflow.
PenguiNet: the (shareware) Windows SSH client
Until a spammer notices your domain name and tries a directory harvest/dictionary attack...
Until one of them forwards an email, CCing to all their friends, suddenly an awful lot of people have your address and it gets picked up from somewhere.
I have had to educate several people about (the existence of) BCC
anyone else find that kinda amusing? [p] [b]S[/b]pam [b]P[/b]revention [b]E[/b]arly [b]W[/b]arning [b]S[/b]ystem
Aw Frell this
...but you can stand and fight.
Wait until one of those PEOPLE gets a virus or trojan on their PC and your address is harvested. Or they forward you - and 600 other people - a joke. Or god forbid they post it on their website as part of their friends list, or what have you.
Try having an email address like bob@some.tld. Try hosting a domain and forwarding root@, webmaster@, postermaster@, abuse@, et cetera to your account. Spammers have lists of simple and obvious usernames that they send to every domain they can think of hoping for hits.
I want the public at large to be able to contact me in some instances, so I publish my email addresses unobfuscated. I have 'bob@some.tld'-style email addresses. I forward root@ (and et cetera) to my other accounts for my domains. I couldn't hide even if I wanted to hide.
If you run your own email servers, take a look at this advice. Since the time I took the advice (a couple months ago) I have received *one* spam and that was appropriately tagged as spam and filtered into my spam folder. As far as I can tell there haven't been any false positives.
(I realize the irony in my use of a gmail address for my slashdot account, but that's not about spam. That's about a whole different issue: anonymity.)
I only ask since I don't know. Isn't it possible to run an SMTP server on a different port then 25? It only has to send out from a zombie machine, not recieve mail, so why not run it on say....port 2000? Or is it the fact that it has to send *to* port 25 that's getting blocked?
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
"Or is it the fact that it has to send *to* port 25 that's getting blocked"
Yes.
Some more responsible ISPs block port25 as a matter of course, except to their own mail servers which hopefully you won't be able to spam through madly without being noticed. If at all.
Got a legitimate need to run your own mail server? Ask your ISP for it.
Way to go.
It's a useless service that is in no way forthcoming about its purpose, and has no accountability.
The admins who run it are jumped up petty control freaks who think the internet should be run according to their whims, and they seem totally unable to decide whether it's there to stop spam, or punish spam hosters.
When challenged, they make all sorts of excuses and justifications without any ability to back their aguments up. They have made no impact on spam at all, and their service reduces the functionality of the internet more than SPAM does.
The SPEWS list is worthless as anything other than an indicator of potential spam. Any admin who takes blocks all of SPEWS doesn't deserve his job.
- these customers' PCs were infected
- they were (at least about to be) hijacked
- the users were unaware or incapable of fixing the problem, i.e. it was demonstrably out of control for the systems' owners.
With 3+ GHz CPUs, 512-1024 MB RAM, 300+ gigs of HDD and on a 3+ Mbit/s broadband connection, every ISP knows that off-the-shelf PCs can still appear to work under an amazing (crap)load today, and they have more potential to wreak havoc than entire major companies or universites a decade agoNone of them had ever received that call from their providers (which could even be automated to some extent):
Telewest has had almost one million email address blacklisted by an anti-spam firm.
SPEWS does not block email addresses, it lists IP addresses. Its up to admins who use SPEWS to decide whether or not to use the listing to block email coming from those IPs.
If the users in those affected IPs use a legitimate email server, they can still send email to their hearts content. Only people running their own mail servers and direct-to-mx traffic would be affected.
I have found an interesting offer: pay 50 bucks and you are removed immediately from the spam list. Have a look here
Interesting: The company won't say who they are. They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law.
The summary is misleading. No email addresses are being blacklisted. IP addresses, or in this case blocks of IP addresses, are being listed in a DNS based database of suspect hosts. SPEWS is an organization that attempts to pressure Internet service providers (ISP) in to resolving the issue of spam originating from their networks by the rather controversial technique of listing increasingly broad swaths of the ISP's IP address space in the SPEWS DNS database. Mail servers can query the SPEWS database to see if any connection is coming from a listed address, and use the response to help decide if they should accept mail from that host.
;-)
IP addresses are not email addresses. Broadly put, IP addresses are numbers that identify hosts on the internet.
Blocking individual email addresses doesn't work because the email address is given entirely as an article of faith. Even if a spammer used the email address of the person whose computer he/she was spamming from the email address would still be useless as a filter criterion because the spammer could just as easily put an email address of an innocent person on the message. This could then be used as a denial of service attack on the email server that blocked messages based on the email address. For example, if an email server blocked email this way, to prevent, say, mike@aol.com being able to send email to that server, all I'd have to do is send a spam that was addressed from "mike@aol.com" (which is, by the way, utterly trivial to do -- most people could figure out how to do it from their own email program in mere minutes with no additional knowledge about how email really works "under the hood").
IP addresses can useful as a basis for filtering spam because in practice IP addresses are unique identifiers. Also, since the IP address can't be readily faked in the conversation that needs to take place between two computers in order to deliver email, filtering messages that come from hosts known to be sending spam is much less likely to ensnare innocent users. This isn't completely true, but most legitimate email comes from sources that are uniquely and consistently identified by particular IP addresses.
Of course, this is where the controversy over SPEWS arises: rather than merely listing individual computers that are sending spam, SPEWS often lists entire ranges of IP addresses in order to put pressure on ISPs to cut off the flow of spam from those machines. If mail is blocked based on a listing in SPEWS, then it's once again possible that mail from innocent hosts may be rejected. (Although there is dramatically less danger of denial of service attacks, unlike the hypothetical blocking based on email address discussed earlier.)
The author of the BBC article seemed to have a tentative understanding that there is difference between email addresses and IP addresses, but the person who submitted the story to Slashdot appears not so well informed. (Of course, most people scarcely need to know that IP addresses exist, so this is entirely reasonable, but it seemed worth correcting so as to avoid any undue confusion -- although normally I'd anticipate Slashdot readers would be familiar with both email and IP addresses
I have seen (completely unsuspecting) home users' machines infected with no less than 200 different (!) "manifestations" of malware on them at once, several times this year already
200 is not unusual, in some case you can multiply it by 10.
So awhile ago I switched to using their own mail servers and now I'm getting even more blocked. Argh!
Broadband providers will actually have to start taking responsibility for this sort of thing and disconnect zombie infected clients. Not just for the good of the Internet as a whole but so their OWN customers don't jump ship to a small DSL provider to avoid this irritating blacklist nonsense.
Interestingly a couple of years ago, or so, they cut me off because they eroneously claimed that my mail server was relaying. It wasn't, it never was. They refused to take my calls and sort it out and I had no option to cancel the service and write a letter of complaint to their management. I spent another six months on a DSL provider before running back, tail between legs. Maybe they've taken the view that enforcing these tests (which are necessary, I will admit, although they did seem inept at it) costs them customers like me - users of their highest and most expensive tier of service? But surely the biggest problem is zombies on family PCs via the basic service?
Note: Other than that, Telewest/Blueyonder is by far and away the best broadband service I have used. Never any evidence of contention and it's many times more reliable than any DSL service (and I've tried six) with pretty much bugger all down time.
No can do. High percentage of hijacked machines are in a state that no security software can rescue them from.
Reinstall windows is the only thing that helps. After that the security software is a good thing.
However, having seen dozens and dozens of computers where the user was clueful enough to buy a security software, only to find out the system was already in a state where no security software will even install, I'm quite confident that most of these 0wned setups are already way beyond what F-Secure, Norton or the likes can do while installing.
And sadly reinstall windows can usually just get them owned again (recovery disks having no service packs, so the thing will get first Sasser-derivate into the system 30 seconds after the recovery install is done)
What computer manufacturers would really need to do is to ship everyone a free replacement recovery disc to get the system up with all patches. Funded by MS because it's their holey software. However, this would actually cost money, so instead people are left on their own.
Telewest have been blocklisted by SPEWS for quite literally YEARS! I remember discussing this with their support team in 2002/3 and them merely saying that they wouldn't pay their "charity" fee because that amounts to blackmail. Quite reasonable, IMO. I imagine it's quite a moneyspinner, extracting cash from corps who technically could afford it.
They are randomly blocking whole netblocks without having any clue about what is really going on. That way they blacklisted whole countries like China, Hong Kong, etc.. While it is arguable if a random geek in the US needs to receive mails from China, any bigger corporation with any contacts to foreign companies does.
In short, spews is USELESS for any serious business, and any admin that is using that blacklist for tagging should other BL lists (e.g. Spamcop.net)... any admin in a bigger company using that BL for killing mails should go to look for a new job, because he is obviously highly incompetent.
We had many cases where we were unable to deliver our mails because some moron admin in a big international company with worldwide suppliers and customers was using spews for rejecting mails.
btw. I am currently export manager for a manufacturer in china, and have to deal with such shit everyday. We host the servers by our self, because the ISPs here are incompetent. There are no other alternatives though, so we have to live with that. Pressuring the has NO effect. We still have after six months, three different isps, pressuring and detailed step-by-step instructions no r-DNS.
Companies like SPEWS blocking whole countries upset me because of their pure ignorance.
If you need a good BL, use Spamcop.net, kills nearly almost all spam here, the rest is done by spamassassin.
When you see people refer to 'outbount' port 25, they mean an attempt to connect to p25 on some other machine. In fact, these zombies are not smtp *servers*, they are smtp *clients*, acting similarly to Outlook Express or Thunderbird, but with the user bits automated. They are a programe to 'type in' millions of spam emails and then send them direct to the target user's smtp server.
;-)
In fact, as smtp works on a 'store-and-forware' principle, most real people send their emails to their ISPs smtp server (eg smtp.nildram.co.uk for me) which then sends it on to the target machine for them. This is part of the design of smtp to make it resilient, but which also allows us to do the following:
Specialist 'smarthosts' at the ISPs network firewall can spot any attempt to make an outbound port 25 call and block it or forward it to the ISPs own smtp machine. This gets rid of the problem as the spam becomes traceable and deniable. Any company failing to do this is lazy and shite and should be named and shamed on slashdot
Hope that helps.
Justin.
You're only jealous cos the little penguins are talking to me.
Whoops. I think spamhouse.org write spamcop.
:p
We use sbl-xbl.spamhaus.org for killing and spamcop.net for tagging in spamassassin at a low level, sorry
I'm not a terribly happy telewest customer. I now _only_ use them as a pipe to the outside world and host mail etc elsewhere. Even now I get blocked from IRC left, right and center. Spamhuas have eaten them alive.
.5fps!)
There net service is actually pretty reliable but (as with all ISPs) is full of crap. I don't really want all the additions they give me (I'd like to save my cash and their resources) but that won't happen.
One last thing... the image quality of their TV broadcasts has plumetted in recent years. Especially after the change over to digital! We were promised better pictures with digital but the amount of compression is obscene! Seriously... blocky artifacts everywhere... I wonder if they're ready for hidef TV??? My TV sure is.
Oh... and their cable box is CRUD! It took 2 years to get the volume control working and the "interactive" features are more slideshow (try playing frogger at
Sadly in London you don't have much choice in providers as the city is geographically divided up between just a couple of players. There are options (like ADSL) but they're pointless..
My plan is SIMPLE and EFFECTIVE... but a Wifi router in every lamppost... should give pretty good city wide bandwidth.
Time flies like an arrow. Fruit flies like a banana.
I thought it was Rubles?
I have to say they are the best ISP I have used to date. My only other option for broadband in my area is British Telecom or AOL and the like which use the British Telecom network. Their service is reliable, fast, and although they don't officialy support open source operating systems they have never put artificial barriers in my way to cause problems. I use a BSD based NAT router/firewall and my home LAN is all Debian. It all works fine.
Their tech support line is a free call, and on the rare occasions I have had to call them I have always talked to someone who knows what they are talking about! Being a true computer fanatic I run my own mail server (I guess that makes me one of the 16,000 email servers mentioned in the story) and from my logs I can see that they have an automated check running to ensure it's not an open relay.
I think the story highlights the dangers of running a well-known incompatible and insecure operating system. Personally I blame the companies that produce such operating systems, not my ISP which has offered nothing but exemplary service for the last 4 and a half years.
You cannot, I repeat cannot install Win XP from scratch with the ethernet plugged in if you are on Telewest Broadband (aka 'blueyonder'). The machine gets owned in 20 seconds or less after the first boot. Try it if you don't believe me, it's quite an experience.
Here's how it works: first boot. A few seconds after you log in you start to get the first spam netsends. You go on windows update to get SP2 and while it updates you get the 'rpc server error, machine will reboot in 60 seconds'.
Once you reboot your machines is infected with several hundreds trojans. It's incredible, I've been in IT for 12+ years and I've never seen something like this.
The only way around it is to use a good router, or buy the sp2 CD and a firewall and install those BEFORE connecting to the net.
My router registered 98,000 intrusions attempts in just the past two weeks... I can't imagine a non-techie managing a windows install on this network, or even maintaining one. Their network is toasted.
They don't make annoucements other than publishing their block list itself. Nor do they block addresses themselves--that's up to the admins who find their list to be a useful tool. (Many use it to tag email for filtering.) Also suspect is the assumption that those addresses were listed for directly spamming. It's also likely that they were listed because Telewest has had spammers that they have ignored for a while and the SPEWS listing expanded because Telewest is seen as spam-supporting.
Anyone making exact statements about SPEWS' reasons or motives is speculating. IANS.
One line blog. I hear that they're called Twitters now.
I get quite a few machines from Road Runner customers that have received a notice and had their service turned off until the machine was fixed. One customer told them she fixed it (she didn't, was using all Macs) and had her service turned back on, just to be almost immediatly turned off until she had proof from some sort of tech support it was fixed (it wasn't her machines... It was her open wireless router and her clueless neighbor who just connected to whatever popped up first.) I had to fax over a letter on my companies letterhead to have her service turned back on once her router was configured properly.
Have never seen one from a Verizon customer locally, though (RR and Verizon are pretty much the only two providers you see used around here.)
rm -rf
Hate to reply to my own post, but here is a list of ISP Zombie spam I received this morning:
4 -141-14.cpe.ga.charter.coms .east.verizon.nets wbell.net. genuity.net - 28.hsd1.in.comcast.nete voh.ameritech.net. verizon.nett h.neto .uk
modemcable204.203-131-66.mc.videotron.ca
68-18
pool-68-160-42-154.bo
adsl-67-65-232-106.dsl.lgvwtx.
wbar22.lax1-4.31.136.154.lax1.elnk.dsl
c-67-182-92-72.hsd1.ca.comcast.net
c-67-167-19
adsl-67-36-114-254.dsl.cl
pool-68-160-242-240.ny325.east
adsl-068-153-180-046.sip.mia.bellsou
82-38-102-51.cable.ubr02.donc.blueyonder.c
c-24-12-53-105.hsd1.il.comcast.net
I included only the major US ISPs. This is from spam sent during the last 8 hours, sent directly from the above address to my SMTP server. There is a major problem with these zombies, and ISPs need to be more active about fixing it.
isomerica.net | Foonetic IRC
I've heard all kinds of confusing things when people try and explain an IP address to the general public, but that a slashdot subscriber confuses an IP address with an email address takes the cake.
SPEWS blocks IP address ranges, i.e. netblocks, as the article very clearly states.
In Soviet Russia, I ruled you
This article mischaracterizes how SPEWS works completely. SPEWS does not communicate actively. The only form of feedback one can gain is through their listings and from their website. Otherwise, SPEWS has said nothing since it's inception, has been represented by no one (no one except the denizens of news.admin.net-abuse.email, and then only from a third-party viewpoint), and will probably continue to say nothing.
What's really happened is that TeleWest, like many other cable and dsl providers, has had their users overrun with zombie trojans and depite being informed of the problem appear to be doing nothing to solve the problem. Meanwhile millions of spam emails are being spewed from the zombies occupying their network. In the absence of any apparent effort by TeleWest/BlueYonder to do anything about the zombie problem, SPEWS has simply blocked their IP Addresses, not email addresses.
When TeleWest/BlueYonder start taking steps to get the infected zombies off their network, notifying the machine owners that they will not be allowed back on the 'Net until they clean up their fscking machines, then I'd think the SPEWS listing could be lifted. Similar situations are happening at several providers: Comcast, WideOpenWest, SBC, Verizon, and others.
This really is nothing new. All a network has to do to keep off the SPEWS list is to stop the flow of spam from their IP addresses, no matter the source--be it zombied windows boxen, spammers operating directly from their netspace, or other circumstances.
I recently re-connected to Telewest, and they now ask you "Is your PC free of Viruses, Spyware, Trojans". This is the first time an ISP has ever asked me this, so in my opinion they are getting a bad wrap.
Maybe their actions are just a reaction to their blocking, or possibly they are being PRO-active... you be the judge.
Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines
Start
Shut-Down
Restart in MS-DOS
c:\format c:
I mod down so you can mod up. Your welcome.
So rather than ban 16000 individual IP's, they figured, "hey, a 60 to 1 false positive rate isn't so bad, lets just block a million IP's worth of subnets."
Ugh. The article gets almost everything mostly wrong.
SPEWS doesn't list "email addresses." It lists IP addresses for spam-friendly ISPs. (Although the article says "net addresses," not "email addresses," as in the Slashdot summary.
Telewest admits that a huge virus infection meant they were a large source of spam. The SPEWS listing is allowing the rest of the world to quarantine them until they can clean up their act.
Telewest was a big source of spam. They were blacklisted. That's what blacklists do. That's why we use them. Don't like it? Don't use SPEWS.
Yeah... when the malware injects itself into the running explorer.exe, you usually are pretty screwed! Oh wait! Gee, you COULD boot into safe mode where the majority of this crap (even the "shell-injector") do not auotload. You'll have to scan, reboot, scan, reboot, etc about 20 times, but eventually you will have a mostly clean system. This leaves us with two problems still: (1) that the majority of the malware being used for spam and DDoS are not detected by most AV products, and (2) the user must then sufficiently patch their OS to keep from being owned within the first two minutes of being back online. $ISP should negotiate deeply discounted rates with "Worst Buy" and their Geek Patrol so that people can make an honest effort at cleaning their machines.
I'm surprised the isp isn't doing the usual maneuver and crying us rivers for being abused. Kudos to them for sucking it up, taking their lumps, and attempting to do something about the problem they fostered instead of whining to us about it not being their problem.
If I were on their service I'd be a little peeved for having my email blacklisted, but I would know the correcct organization to direct my ill-content to: not the blacklister, but to the isp. Hopefully they can get a good percentage of their customers' owned machines back under control and get delisted soon.
Any isp that does not have detection systems to identify and either cap or disconnect machines that are clearly spam engines is doing the internet a dis-service, and as a result their customers are getting the shaft by blacklist. Best way to look at it is the ISP should be providing the "service" of not getting their customers blacklisted periodically by catching and dealing with clueless customers with owned machines. Customers going on the cheap with their ISPs risk not receiving this oft-overlooked "service" and finding their email roundfiled.
I work for the Department of Redundancy Department.
To get thousands or millions of addresses listed requires an ISP to ignore their spammers for a long time.
To get unlisted requires cleaning up the spammers.
Since those guys are not SPEWS, what the hell does your inflammatory tidbit have to do with anything?
I've had problems with blacklists in the past and though some may think it's a great idea, when you've made the list it makes you think twice. I went in circles between our ISP and the Blacklist website trying to work things out. We had our mail server hijacked and in the end the draconian rules of the blacklister forced us to purchase a entirely new email system. In my opinion, Hijackers 1 Good Netizens 0. There has got to be a better way.
Anyone else got any sob stories? Maybe we could start a coalition of the pissed off.
Ummm was this moderated??
Wrong. Today's antivirus/antispyware programs are mostly crap. They remove a lot of stuff, but hardly everything. For example, crappy F-Secure commonly FINDS lots of viruses, then says 'can't delete, renaming file', and then silently fails even that, so next scan the pest is still there. Also lots of current malware will even interfere with safe mode (you should see some of the trickery these software go into to keep running and/or prevent deletion of the files/registry keys).
/SCANNOW - except that in such cases it usually fails to start at all due to some service or file being hosed)
Then again, if you don't work in PC repairs/support, you wouldn't know. Go try it someday. You'll be amazed how hosed systems people carry into paid 'remove the viruses please'-service. People simply won't move their butts until the system is at a state where nothing meaningful can be done.
Only way I have manually cleaned badly hosed systems is via deleting files of the malware using a WinPE live bootdisk, or by putting the drive as additional drive to another computer and manually getting rid of the actual files of the pests. Antivirus programs are fine in preventing infections of known junk, but once the system is Gone, its Gone. None of the big commercial antivirus software is today able to remove all of the viruses they detect.
I've seen stuff that just goes to immense lenghts to prevent deletion. From your average 'I'm sorry dave, I can't let you delete that one (permission denied)' via premissions (yeah, Take 0wnz0rship works, to a degree), to just plain locked files that cannot be touched - even in safe mode, and need removal using WinPE or some other method of booting from somwhere else than the messed up OS disk. Most funny situations is where the malware actually messes up with the permissions of the OS to a degree where an Administrator account suddenly doesn't have access to a lot of stuff. You could manually start restoring permissions, but really - it's just not feasible. It takes so immense amount of time, that it's not cost-effective compared to 'wipe disk, reinstall OS'.
(and I know of SFC
You guys don't seem to understand the amount of mischief these money-incentived malware writers can do on a 'rooted' windows box (since everyone runs at Administrator). If someone roots your linux box completely, it's POINTLESS to try clean it up. It's compromised, and no amount of antivirus snake oil at that point can restore your trust to the status of the system. Only full reinstall and recovery from a known good backup is any good. Yes, you can rescue data files (after suitable checks that they cannot be infected), but beyond that the only real cure is reinstall.
It was still her resposibility. If she said she fixed it, and in fact she had not fixed the wireless router (her ignorance is probably why she didn't think it was the point of the problem), then she told an untruth (maybe not intentionally so). But Road Runner was in the right to immediately cut her back off and require more definitive proof. I'm glad you knew to check the router.
Maybe Verizon is blocking outbound port 25 that goes to other than their own smarthost MTAs. That would stop a lot of zombie spam until the spammers shift their paradigm to having the zombies do smarthost relaying. They are already using the zombies to do mass and distributed signups of new users at Hotmail, Yahoo, etc, so they have ready accounts to do spamming from over there, too. That's hard for the free mail providers to detect as a spammer activity.
now we need to go OSS in diesel cars
... I owe you a beer. I owe you many beers. Great job!
now we need to go OSS in diesel cars
Oh, not saying it wasn't her fault for not having her equipment properly configured. And I charged her for having to drive to her place just to take 5 minutes to configure it.
I don't believe Verizon is blocking port 25, but they may be. The service they provide locally is horrid compared to RR, though, so I wouldn't be surprised if they're just ignoring the problems. The speed difference alone is amazing. The commercials for RR always talk about being a bit faster, but when actually comparing the two directly, it's very noticable.
rm -rf
Who Is Pamela Jones?
By Maureen O'Gara
Friday May 6 2005 - A few weeks ago I went looking for the elusive harridan who supposedly writes the Groklaw blog about the SCO v IBM suit.
The now-famous opinion-shaping open source leader Pamela Jones, aka PJ, doesn't give conventional face-to-face interviews. Never has, near as anyone knows. All communication is virtual. Only one person in the world has ever claimed to have met her - in the pressroom at LinuxWorld in Boston complete with a Pamela Jones badge - and described her as a fortyish reddish-blonde who giggled a lot.
Oh yeah? Wonder what cold crème she uses.
Pamela Jones is a 61-year-old Jehovah's Witness who lives in a shabby genteel garden apartment in desperate need of an interior decorator on a heavily trafficked commercial road at 304 North Central Avenue in Hartsdale, New York. Hartsdale is in Westchester and Westchester is IBM territory.
See, even though Groklaw treats cell phones like they were Kleenex and changes its unpublished numbers regularly, one number it left with a journalist led to this flat and - wouldn't you know it but - some calls from there had been placed to the courts in Utah and to the Canopy Group so obviously this just isn't any Pamela Jones.
Pamela has lived in apartment 1A for 10 years at least, according to the super, who says he's watched people move in, have children, and the children marry and move away.
Now, this isn't your usual anonymous New York apartment. It's practically a self-contained village where the super goes for the old ladies' groceries when there's snow on the ground and people know each other's business.
But the super didn't know much about Pamela except that she had a computer, worked at home (maybe sometimes) for a lawyer, was "paranoid" - his word - and "sensitive to smells."
He remembered how he was cleaning paintbrushes one day and she came running down the stairs screaming "Fire."
She was also missing and had been for weeks.
Nobody there knew where she was.
She had up and disappeared one day, and the super was worried about her. He said her son had dropped by and he didn't know where she was, and that some strange man that "nobody knew," as the super described him, had tried to get into her apartment while she was gone - the Medeco lock she had had installed on her door - something nobody else in the complex seemed to feel a need for - was more expensive than the door. But, as it happened, the super said, she had just sent in her rent in an envelope postmarked Connecticut.
Like an episode out of "Where in the World is Carmen San Diego," the trail led to 10 Bittersweet Trail in Norwalk, Connecticut, 24 miles away. Sure enough, parked in the driveway was Pamela's car, just as the super had described it, a dark gray '90s Japanese number with a bunch of Jehovah Witness pamphlets tossed on the backseat.
The woman at the house, Barbara Sharnik, told a disjointed story. She didn't know Pamela, Pamela hated her, Pamela wasn't there, Pamela left her car there because it got bumped, Pamela left her car there because she left town, and so on.
Afterwards Barbara called the cops, and then the cops called the number we left with her and the cops said that she was Pamela's mother and that Pamela was on the run and had shacked up with her mother because she had gotten "threatening mail" weeks before and that she had just gotten spooked again because "people were getting hurt around [my] stories" and had lighted out for Canada.
Odd, the subject of my stories - or any stories - never came up during our brief interview. I was just looking for Pamela.
That left Pamela's son, Nicolas Richards, who, as it happens, had been in the software business in Manhattan until - why, my goodness - things seem to have come a cropper right around the time Groklaw came into existence.
Nick and his ma were apparently involved together in Medabiliti Inc, an ISV, because one Pamela Jones with a Westche
You're posting common spammer anti-SPEWS lies. You can tell us. What ISP kicked you off because your constant criminal spamming activities caused their blocks to get listed in SPEWS?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I worked for a while for a very small company which had about 7 full time employees. Because we did business in part via email we could not change addresses without a signifigant impact. The employees did not worry about giving their addresses out to anyone. We were getting 20 to 30 thousand emails a day. That is over a million per employee.
I spent at least 1/3 of my time updating spamassassin filters.
I've had run ins with SPEWS, they don't just list IP addresses that are spamming but will also list IPs only slightly associated with a spammer.
Example, I had a long term hosting reselling client, he had sites relevant to the local area he lived in at the time, mostly some sites based around Oregon, etc and they were all perfectly legitimate sites. He had never relayed any spam via my servers.
After a couple of years this fellow had taken to working with some of the big spammers, he was doing this elsewhere and I had absolutely zero knowledge of it as the account he had with us was still perfectly normal.
One day I get a call from our NOC that one of our servers had been disconnected due to a SPEWS listing and they were going to terminate my server entirely. I was shocked, I had no idea why and they finally pointed me to the SPEWS listing on the newsgroups.
What had happened was this person had used an email address on the domain he hosted with me as a contact for another domain he was using elsewhere, all of sudden this made me "spam friendly" apparently.
This person caused trouble on several of my servers also because of secondary DNS, SPEWS actually started listing my secondary DNS boxes because of this.
I was quite pissed off because of all of this because my company had zero knowledge of what this client was doing elsewhere and we had nothing at all to do with any spam deliveries and yet we were branded guilty with little choice in booting the client and then begging SPEWS to delist us.
Our TOS states we don't allow spam to generate from our clients nor do we allow it to generate elsewhere pointing towards their domain names hosted with us. It doesn't state we can dictate what they do elsewhere however and frankly we have no business knowing what our clients do elsewhere.
It took two seperate tries to fix this problem, we were delisted only to be relisted again later for the exact same thing and this was after we had completely removed the client from our servers. Our NOC had access to our server and I told them to look for themselves to see we had long since removed the client but had no control over what DNS servers they listed in their zone records, that was the issue the second time, our DNS servers still appearing in the zone records was enough apparently, even if we'd long since removed the domains and zones from our DNS.
In short SPEWS caused hours of downtime for our clients due to a false accusation, we were never informed by anyone at SPEWS this client had ties elsewhere and we had never had any spam sent via our server.
Quite honestly, had SPEWS been a local office I would have probably shown up with a baseball bat and beat some common sense into them for a while.
SPEWS it one of the RBL's that will NOT be used on any mail server we have control over. They proved to us that they are very prone to over reaction. What really makes me mad is would they have listed AOL if the guy had used his AOL email address instead? How about Hotmail? Gmail? Doubtful.
As I asked them, are they listing the guys cable company? His utility providers? The restaurants he eats at?
It's strange that none of the anti-virus makers include a bootable CD to do the first-pass scan and disinfect of potentially compromised systems. How can a compromised system be trusted to diagnose itself correctly? I managed to hack something together with a Slackware live-CD and the Linux version of F-PROT and removable HDDs, but it's a PITA to use and doesn't support NTFS very well.... Just sticking in a pre-made antivirus CD and rebooting would be so much more convenient. Symantec already has a mini-Windows environment on CD for some of their other utilities, so they easily could make a bootable AV CD.
F-Secure's Internet Security 2005 does that.
However, 3-6 months old AV signature files do exactly Jack and Squat against new threats. Yeah, again you can remove some bits, but not everything.
SPEWS is, indeed, not widely used as compared to SPAMHAUS and it's SBL or XBL lists or Spamcop. I dont know any large corporate network or mail service that uses SPEWS to block outright, simply because SPEWS regularly bans/blocks/lists entire ISPs, huge netblocks, etc. and the collateral damage is too high when you cannot afford to miss important emails.
They then want you to go to USENET groups to post about things, yet when you get there, all you'll find are a bunch of people all saying "i'm not SPEWS". So... go figure what company, corporation, or network of any size would use such a list. I suppose individual users could use it on a scoring-based system like Spamassassin without too much problem.
**FREE** Track and view your phone's via CellID and/or WIFI and/or GPS
Isn't it the the fault of the NOC for making the leap of SPEWS listing -> must be evil spammers? Maybe you (or they) should have read whatever contract you had with them more carefully.
Pretend that something especially witty is here. Thanks.
My dad is an Edinburgh Telewest Customer
I connected a SP4 WIN2k machine to telewest and it was a burnt out virus ridden wreck within 2 minutes, it is a horrendous network, slow, very slow at weekends, even with Zonealarm and AVG they get in.
Finally I got a router and that helped.
Now telewest Surfmodems have a router built in but Telewest won't switch it on unless you give them loads of extra money for a "small office connection" - Telewest really really suck and I am glad someone is forcing them to clean up their act.
The UK Goverenment rolled out Broadband Small Business Grants, they should have required routers to be part of the equation, even an unpatched windows machine can survive behind a router, a router is way better in my experience than a software firewall.
Now the East Euro Haxor Mafia ownz all UK small business info and it didn't have to be that way.
I tell people NOT to connect their business machines to the Internet, do you havbe any private information on that computer? Yes. Well you won't once you plug that modem in.
P.S. Telewest is cable so viruses have more ability to roam than adsl.
Nice to see that all SPEWS critical posts get moderated as flamebait. It just confirms how badly the moderation system is abused. If it's not popular opinion, mod him down.
As of 4/26/05 I enter the world of a non-smoker. Wish me luck and a lot of support.
I quit back in February, using nicotene replacement. I still pop those Committ pills from time to time, but it's a lot better than smoking, and cigarettes honestly taste like shit to me now. Gained 10lbs when I quit, but I've almost lost it again. Just remember, having 1 smoke doesn't mean you failed, and the more times you try to quit, the more likely you are to succeed.
https://www.eff.org/https-everywhere
Don't worry, I informed the NOC of the displeasure of them taking SPEWS so seriously when this was obviously something I had no knowledge of and could not have known about.
They lost business from us over it and other things, btw, the NOC was the same one that bought that SCO license which was the final straw.
Got a legitimate need to run your own mail server? Ask your ISP for it.
I asked my ISP to unblock port 25 so I could continue to develop email related software I've written but my request went unfufilled.
I am not a n00b and I need affordable dialup access before June 1st with an ISP with nationwide access dialup numbers who will not block any ports coming or going! Anybody here have any recommendations?
1) ISP must be affordable (<= $10/month for 'unlimited access').
2) ISP must offer nationwide access numbers in the USA.
3) ISP MUST NOT BLOCK PORTS COMING OR GOING!
Please do not suggest I search The List -- that will take too much time and is only as a means of last resort.
Thank you for your consideration.
I'm using nicotine replacement, too. Using Nicoderm right now, actually, and it is making it a lot easier. I don't mind a bit of weight gain, either, I work out pretty regularly and always have a lot of trouble putting on weight in the first place. Tend to be very skinny, no matter how much I eat. One of those things were everyone told me I would grow out of it, and I haven't. Thanks for the support, though! All the support of those around me makes it a lot easier, much more than any patch does.
rm -rf
You have misunderstood what SPEWS lists. They do not list spamming IP addresses. The "EW" in SPEWS is "Early Warning". They list IP addresses that are owned by people that support spammers.
Listing spamming IP addresses is pointless, because providers that support spam just shuffle them around. SPEWS lists the IP addresses owned by the bad providers.
The usual analogy is crack dealers. You may not be a crack dealer, but if you live in an apartment building full of crack dealers, where there are random shootings, and pizza delivery people get mugged whenever they try to deliver to that building, they are going to stop delivering to you. It doesn't matter that YOU are not a crack dealer. You are in a bad neighborhood.
That's what SPEWS lists: bad internet neighborhoods.
And again I state I doubt very much that they would have listed Gmail, AOL or any other large ISP had this user used an email address under those domains.
I'm all for getting rid of spammers, I run mail servers that filter as much of the crap as possible, however I am NOT a spam supporter and was mistakenly painted as one by SPEWS.
If what they did to me was correct then they should be listing the guys utility companies and anyone else who does business with him, right down to the corner shop where he buys milk.
Now had they warned me first, had they informed me about it, etc. I would have taken the steps necessary, but really the guy was doing zero spamming from my servers so technically he was within the TOS so it becomes quite tough to deal with.
It came down to "kick your client because he's a spammer, we're not providing you with proof we're just telling you he's a spammer".