Spam War Takes Out Blog Services

munchola writes "Following on from the story about spammers attacking Blue Security's anti-spam system, CBR is reporting that Six Apart, which runs the popular LiveJournal and TypePad blogging services, has become a collateral victim. Six Apart told its millions of bloggers it had experienced 'intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com', before resolving the issue in the early hours of Wednesday. '[The spammers are] trying to rip apart the internet just to make our community stop fighting back against spam,' Blue Security's chief executive Eran Reshef said, adding that he knows who's behind the attack."

Fighting abuse with abuse is bad

[Pig+Hogger]

Fighting abuse with abuse is bad.

Swamping a spammer is not a good idea, because he can either redirect the attacks to an innocent third party, or simply pointless because they use stolen ressources, like trojaned computers that host illegal sites.

The best way to eradicate spammers would simply be to go after their clients.

Re:Fighting abuse with abuse is bad

[ciscoguy01]

The best way to eradicate spammers would simply be to go after their clients.

That hasn't worked yet. If you have some idea how that could be accomplished and effective against spam and spammers, please feel free to elaborate.

Blue security seems to be causing pain to spammers, enough to get a rise out of them at least. Aren't they actually reflecting the spam back to the source? I think that was their tactic.

If they are effective, that's a net positive in the spam fight.

Re:Fighting abuse with abuse is bad

[jtdennis]

isn't that counter to what you have in your signature?

Re:Fighting abuse with abuse is bad

[ciscoguy01]

Even if that's not the case here, it's certainly possible for someone malicious to subvert Blue Security's agent in such a manner.

It seems blue security has been compromised by the spammers.
I can't see why blue security should be blamed- except for their security problem.
The problem is spam and spammers, and it is ludicrous to think otherwise.

I have been working on the spam problem for >10 years.

The problem is lax ISPs and network operators who don't pay attention to their mail. Who don't jump on the trojaned machines on their network that are causing >90% of the spam problem in the world.

I have had the same trojaned machine sending me the same spam every 15 minutes, from a school district. It took me days to finally get a shitty response out of the network operators there to get that machine shut down until it could be cleaned. They didn't seem concerned at all, it was like I was "bothering them" to ask them to stop that machine from spamming.
I bet it was sending 150,000 messages between the ones I received. Obviously a major problem. They couldn't care less.
Now THEY should have been DOS'd.

Ya know, several years ago I asked one of the principles of Akamai to get involved, to provide some of the bandwidth and hosting in a fault tolerant fashion, which they reportedly are in a unique position to provide on their monitored distributed network. Practically cannot be effectivedly DOS'd. They thought my proposal "interesting" but didn't want to get involved for the good of the internet, because they didn't want to attract attention from the bad guys.
It wasn't 5 or 6 months before they were DOS'd and extorted.

EVERYONE is involved now. We are all being extorted by the spammers. If you cross them they will attack you, even if you just ask them to please stop spamming you.

The only possible answer is responsibility. Networks being responsible for what goes on over their network. Shut down spammers. Don't rent them servers. Don't sell them bandwidth. Jump on problems, even on weekends and holidays, and you have to do it FAST.

Nothing is going to stop spam completely, we can only increase the cost to spammers, and increase the costs for networks to sell to spammers. Make it uneconomical to have spammers as customers.

When the cheapest T-1 a spammer can find is $250,000 a month, spam will stop.

Re:Fighting abuse with abuse is bad

[bezzeb]

Guys, I'm growing tired of the high moral argument that "it's not right to fight abuse with abuse" or "eye for an eye still leaves you blind".

War and drama asside: I keep waiting for someone to make this point but I'm not seeing it yet.

Spam is a solicitation to contact the advertised party in the hopes that you will give them money. Otherwise known as an advertisement. THEY CONTACT US. It's called the free market. In turn we all have the right to use the communication path they supply to request that they leave us alone.

Is it illegal to contact some company you see on a billboard or in a TV commercial? What absurdity! What is this world coming to where everyone gets sucked into DDoS drama at every chance? Blue Froggers are just doing business within the realm of the law. No stretching the rules. No sensationalism.

The only reason spammer servers crash is because they aren't prepared and are poorly designed. They have two options:
1. Seriously upgrade their infrastructure to handle whatever degree of responses their advertisements generate & hire more staff to process the hits their ad generates.
=or=
2. Seriously decrease their advertisements to be in line with their capacity to manage their generated trafic.

It's just economics and common sense. This DDoS talk is a waste of time - the Blue Frog client is much nicer to the spammers than they are to us. And this huge amount of anger directed at Blue Frog is proof that it bites into their freedom to be irresponsible.

They can keep their pill pushing sites - I don't care if there are suckers out there dumb enough to give them money. I just want them to stop bothering ME. They will never get one red hot cent from me. They WILL get endless trouble from me as long as they continue to disrespect my privacy.

All the best folks!
B.

Blame fest

[LiquidCoooled]

fta:
The spammer also launched a conventional bandwidth-consumption DDoS attack against bluesecurity.com. It was around this time that the company opened its new blog, which meant TypePad got whacked.

This blue security article has been running for a few days now and the site hasn't been responding any time I've tried recently.

Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?

A total slashdotting/digging/farking and general newsing all at once.

It was the same when word spread about google going down.
"OMG have you heard, google is dead?"
*CLICK* "Yer, its not working here either" *CLICK* *CLICK* *CLICK*
*CLICK* "Hey, its loaded here." *CLICK* "Oh crap, its broken again now.."

We are all guilty of assisting this DDOS attack. shame on us.

It will ease up once something else comes and takes our attention away from it.

Re:Blame fest

[shark72]

" Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?"

No. Here's what happened:

1. The spammer DDOSed bluesecurity.com. Quite well, in fact.
2. After a few days, Blue Security managed to get a redirect going to a blog they put up on blogs.com, which is run by TypePad.
3. The spammer then DDOSed TypePad.

Believe me, TypePad gets Farked/Dugg/Slashdotted every day. They can handle the normal traffic spikes. This was deliberate, and it was well documented.

"We are all guilty of assisting this DDOS attack. shame on us."

A drop in the ocean. TypePad can absorb these sorts of things. Make no mistake: TypePad was taken down by a deliberate, coordinated DDOS attack.

Kill the spammers

[pete6677]

I don't think spam will stop, or even slow down, until a spammer is seriously hurt or killed. Right now, they know there is no consequence to their actions. I'm not saying I personally advocate killing spammers, but it certainly wouldn't make me feel bad to hear about it being done. Spamming would be a lot riskier if there were an element of harm attached for the spammer.

Re:Kill the spammers

[future+assassin]

I dont think hurting spammers will do anything. In fact this would make spamming more lucritive as the price would go up because of the danger/fine factor. All of a sudden if its worth enough and its more dangerous more fishy/criminal organizations would get into it.

I think going after companies and websites advertised in SPAM woudld do more damage. Get a 1 mil dollar fine and they wont be making the same mistake twice.

Taking away the source of funds/content for spammers will at least minimize spam.

Two birds with one stone?

[3.5+stripes]

Taking out spammers and bloggers?

I can't see any down side to this, honestly.

Re:Guilty of what?

[ptomblin]

I think SixApart is being far too generous in not laying the blame for this fully at the feet of Blue Security. Basically Blue Security decided that their web site couldn't stand the DDOS, so they pointed the URL for their company to their blog.com blog. Thus DDOS'ing all of SixApart.

If I were SixApart, I'd sue the fuck out of Blue Security for deliberately DDOSing them.

Everyone keep's knocking blue...

[ZSpade]

But have they got any better suggestions. The federal government is a *Joke* about bringing any kind of justice down on this filth, and so the masses remained *outraged* and *victimized*. To me a (A computer tech) I see people's computers every day that have been turned into Zombies. Some so bad that they have to be reformated. They are bringing in their computers to me, and paying hard cash for me to fix it and prevent it from happening again. That's real money, real damages everyone is having to pay every day. I guess you could spin it in a positive light and say it's good for the tech industry, but not if people start becoming afraid to even get on the internet because of what might happen to their computer. This is theft, this is vandilism and the governements of the world are practically standing by and watching it happen.

So, do you have any better suggestions, if not then I kindly ask you to ommit your views until you can add something to the cause.

Opting out is *NOT* abuse!

[Spy+der+Mann]

All blue frog does is requesting to be opted out. One form send per spam received. No more, no less.

4 of the 10 major spammers had already excluded the blue security list from their mass mailings, and their problem was solved. But this particular spammer, instead of complying, shut down Blue Security.

Just because Blue Frog causes A SIDE EFFECT of disminishing the bandwidth of the spammer's website, is not Blue Security's fault. (It is our LEGAL RIGHT to request for opt-out, and to keep requesting it UNTIL IT IS FULFILLED).

To say opting out is abuse, is nothing but legitimizing illegal (non CAN-SPAM complying) spam.

Re:Shifting attack

[MrDoh1]

They don't supply spammers with the addresses of their members. What they do is offer a tool that cleans our email addresses (which are contained in an encrypted database) out of their spam address databases. So all that was done is the spammer in question compared a pre-cleaned version with a post-cleaned version and any addresses that no longer appeared were obviously members of BlueSecurity.

Also, the spam reports that are sent out are sent from a proxy type email address. My normal address wouldn't show up, but username@reports.bluesecurity.com is where it would come from.

Personally, I see nothing wrong with sending 1 unsubscribe request per piece of spam I get. BlueSecurity has just automated this method so I don't have to take the time, and they also handle escalation to the proper authorities if the situation isn't resolved.

If the spammer perceives getting 1 unsubscribe request per spam he sends a DDOS attack then I would think the best course of action would be not to send to those people. Heck, we are the ones who wouldn't buy anything from them anyway.

Also, based on what I have read in the blog itself (when it was still accessible) it was a user in the comments that suggested redirecting the site and error pages to the blog so users would at least have some clue what was going on. It's likely they took the advice without contemplating the potential outcome.

Re:Is Blue Security going public with who's behind

[DaHat]

Agreed! I've got my pitchfork and torch right here... I dunno about you but I'm up for some mob rule and a lynching to take care of this mess.

Breaking point

[Stray1]

Speaking as one of the people who helped start the last bluesecurity article, I think we've all had enough time to reflect and debate on the 'fight fire with fire' technique that blusecurity has enacted. What this new DDOS attack has brought to the table is something a little different. Before the attack, Bluesecurity would send an equal amount of opt out requests as spam. THIS DDOS attack on bluesecurity, which is clearly illegal, is the breaking point. I'm not sure WHAT going to break, (of than someones ISP) but it has shed light on spammers intentions. Spam artists have always relied on the fact that their activities arent spefically illegal. With this attack they have really crossed the line- This event could be the event that got some sort of anti spam- legislation rolling, (or it might have the opposite effect). Something should come out of this though, if only to be remembered the 'bluesecurity incident'. Personally I was pretty pissed having some jackass hold my gmail account for ransom, especially since bluesec. was so ridiculously effective. FYI, despite the threats, I have recieved no greater amount of spam than when I was first threatened on monday (sunday). I dont think their database was compromised despite what joe spammer tells us.

BlueSecurity on holiday? Unacceptable

[Animats]

Six Apart mitigated the attack to the point where it was no longer causing major availability problems, but had been unable to contact Blue. The anti-spam firm is headquartered in Israel, where May 3 was a public holiday.

This is a 24/7 business. A serious online service vendor can't have company holidays. Least of all in the security business.

Re:Shifting attack

[anagama]

Does Bluesecurity have a linux or mac client yet? Spammer is an idiot. 1) he raises awareness of what bluesecurity does. 2) he makes it look like BS works -- why else would he waste resources he could be using to spam or extort people, it must be hurting him. Effectively, this is great for PR Bluesecurity -- how much would a worldwide advertising campaign have cost?

Re:Guilty of what?

[HTTP+Error+403+403.9]

Don't be fucking pedantic. It's an analogy, buy a clue.

Redirecting a URL is not vandalism.
--
Fast, Reliable webhosting for online communities [communityhosting.net]

Is it okay for Blue to redirect the next DDOS to communityhosting.net? I hear it is fast and reliable.