Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon's EC2 Having Problems With Spam and Malware

Posted by ScuttleMonkey on from the you-kids-get-off-my-cloud dept.

jamie pointed out a story about the recent problems Amazon's EC2 service has been having with malware and spam. "EC2 space is now actively blocked by Outblaze, and has been listed by Spamhaus in their PBL list [...] However as Seth Breidbart noted in the comments, 'note that Amazon will terminate the instance. That means that the spammer just creates another instance, which gets a new IP address, and continues spamming.' True enough -- as described, instance termination simply isn't good enough."

4 of 103 comments (clear)

  1. Re:Terms of Service by MBCook · · Score: 4, Interesting

    No kidding. I'd say you have to put up a bond if you want to be able send more than some small threshold of emails out per day (100?). If you're good, you are safe. Maybe you get your bond back after 6 months. If you misbehave, Amazon cuts you off and you just lost $5-$10k.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  2. Re:Terms of Service by macx666 · · Score: 4, Interesting

    Then amazon needs to do a much better job of determining who their clients really are, and there are quite a few fairly reliable ways of doing so.

    Nothing is perfect, but it can be made very hard.

  3. Sheesh, seems like a match made in heaven by fuzzy12345 · · Score: 4, Interesting
    Previously, senders of large volumes of paid-for (by the sender) yet unwanted (by the receiver) emails had to corral their own clouds of distributed, low-cost computing resources (a.k.a botnets). Amazon provides similar capabilities for pennies an hour. Both Amazon's and the emailers' business models work, and questionable penetration of third parties' computers is no longer required.

    Somebody finally solved the ????? = Profit equation. What's everyone getting so worked up about?

    --

    Everybody's a libertarian 'till their neighbour's becomes a crack house.
  4. Re:Terminate accounts not instances? by Todd+Knarr · · Score: 4, Interesting

    There's actually a solution to that, but it involves slowing the process down. Just don't activate the account once the information's entered. Instead, send a physical letter to the credit-card billing address. You can require a form to be signed and returned, or just include an activation code in the letter that has to be entered to turn the account on. That should make it infeasible to use 99% of stolen cards. It introduces a few days of delay between requesting the account and getting it, but IMO if you intend to use the account for any length of time a few days shouldn't be an issue and if you don't then you're likely exactly the kind of person this is intended to filter out.