Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam War Takes Out Blog Services

Posted by ryuzaki0 on from the lj-writers-use-ddos'd-icon dept.

munchola writes "Following on from the story about spammers attacking Blue Security's anti-spam system, CBR is reporting that Six Apart, which runs the popular LiveJournal and TypePad blogging services, has become a collateral victim. Six Apart told its millions of bloggers it had experienced 'intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com', before resolving the issue in the early hours of Wednesday. '[The spammers are] trying to rip apart the internet just to make our community stop fighting back against spam,' Blue Security's chief executive Eran Reshef said, adding that he knows who's behind the attack."

9 of 315 comments (clear)

  1. Self-hosting by AKAImBatman · · Score: 2, Informative

    Ah, it's so nice to be self-hosted. Back when I was on Blogger.com, myself and many other users who received links from Slashdot stories or news sites became the target of a spammer who's sole purpose was to screw up the service for everyone. He had a script that would bomb a blog with hundreds of racist messages, overloading the system in the process. (Sorry, blogger.com's software isn't that good.) I was forced to disable the comments, delete the entry, and recreate it. Thankfully, there were only a few anonymous comments on the current entry which were easy to recreate.

    While Blogger eventually added a captcha to solve the problem (after being non-responsive to support requests), it left a bad taste in my mouth. It was at that point that I decided to go self-hosted. I've never looked back. For the cost of a cheap hosting provider, you can setup a Wordpress installation that looks better, is more feature-rich, and automatically queues suspcious messages rather than allowing them to pass through. So while my site could be DDOSed if it was specifically targetted, it can't be overloaded with spam or used to take down other bloggers.

    --
    Javascript + Nintendo DSi = DSiCade
  2. Re:Guilty of what? by ptomblin · · Score: 3, Informative

    I think SixApart is being far too generous in not laying the blame for this fully at the feet of Blue Security. Basically Blue Security decided that their web site couldn't stand the DDOS, so they pointed the URL for their company to their blog.com blog. Thus DDOS'ing all of SixApart.

    If I were SixApart, I'd sue the fuck out of Blue Security for deliberately DDOSing them.

    --
    The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
  3. Re:Fighting abuse with abuse is bad by Whiney+Mac+Fanboy · · Score: 2, Informative
    Blue security seems to be causing pain to spammers, enough to get a rise out of them at least. Aren't they actually reflecting the spam back to the source? I think that was their tactic.

    I'm not so sure - read the last paragraph of the article:
    Neither Reshef nor TypePad's Sippey were comfortable talking about the technical details of the attack. Sippey said he did not believe it used the potent "DNS amplification" technique that emerged earlier this year.
    It seems a little...vague.

    I'm thinking there's at least the possibility that Blue Security's 'swamping' program is being used against them (hitting some innocent bystanders on the way).

    Even if that's not the case here, it's certainly possible for someone malicious to subvert Blue Security's agent in such a manner.
    --
    There are shills on slashdot. Apparently, I'm one of them.
  4. Re:Shifting attack by MrDoh1 · · Score: 5, Informative
    They don't supply spammers with the addresses of their members. What they do is offer a tool that cleans our email addresses (which are contained in an encrypted database) out of their spam address databases. So all that was done is the spammer in question compared a pre-cleaned version with a post-cleaned version and any addresses that no longer appeared were obviously members of BlueSecurity.

    Also, the spam reports that are sent out are sent from a proxy type email address. My normal address wouldn't show up, but username@reports.bluesecurity.com is where it would come from.

    Personally, I see nothing wrong with sending 1 unsubscribe request per piece of spam I get. BlueSecurity has just automated this method so I don't have to take the time, and they also handle escalation to the proper authorities if the situation isn't resolved.

    If the spammer perceives getting 1 unsubscribe request per spam he sends a DDOS attack then I would think the best course of action would be not to send to those people. Heck, we are the ones who wouldn't buy anything from them anyway.

    Also, based on what I have read in the blog itself (when it was still accessible) it was a user in the comments that suggested redirecting the site and error pages to the blog so users would at least have some clue what was going on. It's likely they took the advice without contemplating the potential outcome.

    --
    I am Homer of Borg. Resistance is Fut.. Mmmmmmmm, Donuts!
  5. Re:Blame fest by shark72 · · Score: 4, Informative

    " Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?"

    No. Here's what happened:

    1. The spammer DDOSed bluesecurity.com. Quite well, in fact.
    2. After a few days, Blue Security managed to get a redirect going to a blog they put up on blogs.com, which is run by TypePad.
    3. The spammer then DDOSed TypePad.

    Believe me, TypePad gets Farked/Dugg/Slashdotted every day. They can handle the normal traffic spikes. This was deliberate, and it was well documented.

    "We are all guilty of assisting this DDOS attack. shame on us."

    A drop in the ocean. TypePad can absorb these sorts of things. Make no mistake: TypePad was taken down by a deliberate, coordinated DDOS attack.

    --
    Sitting in my day care, the art is decopainted.
  6. Re:Best way to eradicate spammers by penix1 · · Score: 2, Informative

    "Of course, if SPAM had been declared illegal in the first place... we wouldn't have to deal with this mess."

    You don't honestly believe that do you?!?!

    Most spam (in the true sense of the word) IS ALREADY ILLEGAL in that it is fraud.

    Spam doesn't operate in a vacuum. There is profit to the ISP hosting spam sites as well as the email accounts of known spammers. Add to that the security exploited machines and it makes email unusable.

    To put it in the words of spamhaus.org:

    "Although all networks claim to be anti-spam, some network executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations. Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines."

    In short, if the ISPs were forced to be held accountable for what is on their network, THEN maybe they would take it seriously.

    B.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  7. Tucows services still recovering from DDoS by Jayfar · · Score: 2, Informative
    "Reshef indicated that a few thousand domains managed by a top-five domain name registrar may have been impacted by the attack too, but an executive at the registrar told us that it had seen some upstream troubles but no direct attack."

    Ha! All of Tucows services, including the managed dns and email defense services were completely down most of yesterday. The managed DNS service is still impaired until the new IPs of ns1.mdnsservice.com and ns2.mdnsservice.com propagate (they just this morning changed the TTL to 1200 secs %-).

    status.tucows.com

    Managed DNS Service Degraded Performance - restore time is currently unknown Beginning at approximately noon Wednesday May 3rd the Tucows network was under a severe DDOS attack. To stop the attack, we have changed the IP addresses of the servers. If you are using IP addresses in order to connect to MDNS, you will have to update your records. Also, any nameserver with a long TTL should be updated in order to use the new info. Next Update Time:15:20 UTC, 04 May 2006",/i>

  8. Re:Fighting abuse with abuse is bad by Kadin2048 · · Score: 2, Informative

    Actually it was pretty conclusively said in the last Slashdot article on this topic that Blue Security wasn't compromised, what happened is that some spammer (which apparently they know but aren't releasing? That doesn't make much sense...anyway) took their spam-list, ran it through Blue's list-cleaning program which removes all BS subscribers, and then ran a diff on the result in order to get a list of people who'd signed up for Blue Security.

    Then he/she/it sent the people on this resulting list a lot of threatening emails, implicating a breach of BS's security, when in truth nothing like this had to have happened. The people who got "compromised" were already on the spam lists anyway.

    The rest is just a DDoS attack, nothing about that reflects on BS's security one way or the other.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  9. Re:Shifting attack by mailman-zero · · Score: 2, Informative

    I know they have a linux client because I use it. I don't know about Mac, but I know that they provide source code to compile your own. It's not FOSS, but the source is there for compilation purposes.

    I signed onto this about five days before the war began. I just hope they get it back up and running again soon. I think critical mass could be reached with all the publicity they've gotten.

    --
    Let's play video games with mailmanZERO