Slashdot Mirror
Washington Post Blog Shuts Down 75% of Online Spam
ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?
The comments on the Washington Post site are pretty worthless, but this one was particularly good:
"Brian - Well done, and well reported. For the user who asked about reporting news versus creating news, you misunderstand Krebs's reporting. Like most good reporters who write big stories, he either got tips or analyzed data regarding spam and cyber-security. It probably was a combination of both. If he determined from his research, reporting and analysis that this data was coming from one place, he did not create a story by informing the spam host's business partners. Rather, he sought comment from them about this site, and they took action. What Krebs reported is not a big a story as Watergate, but what do you think Woodward & Bernstein did? Wait for a press release? A regulatory filing? No, they took one news event, worked backwards from it, and determined that something big was going on -- just like a spammer. Then they wrote about it, just like Krebs did. When Henry Blodget on Silicon Alley Insider wrote that The New York Times Co faces several possibilities for survival, he did not tap into a planned news event. He analyzed a balance sheet and made conclusions. Much of the news that comes out is because beat reporters see connections and draw conclusions that are not opinion, but reasoned and accurate viewpoints based on evidence out there that resists coalescing into a larger news event because most of us don't get it. That's why we have journalists, and this is a great example of that. And now for the full disclosure: I'm Robert MacMillan. I am a reporter at Reuters who covers the journalism business, and I worked at washingtonpost.com for many years with Brian. I sat right across from him so I know what he eats for lunch. Posted by: easymac | November 11, 2008 9:45 PM "
The days when Slashdot could shut down a site with proper hosting are long since past. Imaging it could shut down a whole ISP is preposterous.
RTFA. The ISP in question hosted the control points for the botnets which generated the spam. They didn't need crazy bandwidth, just solid hosting.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
This was not a DDoS. They simply convinced their upstream providers to cut them off.
This is perfectly legal(*) and moral, but is most cases completely impractical (upstreamers don't want to loose the revenue stream, downstreamers can always find a new upstream, etc).
Of course it is also very susceptible to abuse as it is the digital age's equivalent of old-world shunning.
(*) There may be contractual obligations and penalties for such actions but perhaps the downstreamer's bad behavior might contractually dissolve those obligations (it depends on the contract).
False. ISPs are Not common carriers. They have never applied for that distinction within the courts, and so they remain private-owned businesses. Therefore they are liable for actions committed.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Except that ISP's are NOT common carriers in the USA.
http://yro.slashdot.org/article.pl?sid=05/06/27/1510219
Now, please stop promoting nonfactual bullshit.
If sharing a song makes you a pirate, what do I have to share to be a ninja?
For all those who don't believe that a single ISP can be responsible for this amount of spam: take a look at the munin graph from our spam scanner. When I looked at it in the morning I went "huh, did I misconfigure something on our mail server?", didn't find anything, went to Google News and submitted to /. shortly after that.
"internet service providers are protected by common [lectlaw.com] carrier [wikipedia.org] laws"
That's pretty damn close. If they are protected by "common carrier laws" then they are "common carriers" in effect, if not actual name.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
This shows a dramatic reduction in spam as of yesterday 4PM EST.
Will be interesting to watch it climb back up....
A fool throws a stone into a well and a thousand sages can not remove it.
Because Hurricane Electric is operated by a boatload of fucking imbeciles. As someone who had cage/rack space (as a form of 2nd data centre) from them for numerous years, I can assure you their operational methods are quite possibly the worst (particularly in the Bay).
It comes as no surprise that "HE had no idea this was happening". They have no idea what's happening on their network at any time.
Imagine calling them because your network port is showing 30-40mbit/sec incoming traffic, destined to IPs that aren't even in your netblock (but are assigned to another HE-hosted company), and having two engineers tell you "that's impossible". You provide them tcpdump pcaps, and they tell you "those can't be real". The issue mysteriously gets resolved 72 hours later, and no one calls you back to tell you what the problem was. When you inquire, you're told "a customer had a misconfigured load balancer", which just induces even more questions about their network setup.
Imagine a co-location provider that does not use vlans or any form of layer 2 segregation between customers, relies on out-of-country ISPs to provide connectivity between them and large tier-1 ISPs (specific example: peering with Telia -- a Swedish ISP that does not have a US-based NOC -- exclusively to gain access to AT&T's network), and has no form of failover redundancy, specifically on their core routers (they did have redundancy at the switch level). I'm absolutely convinced their Fremont data centre had a single public-facing router.
Their main Cisco GSR would crash/lock up for 10-15 minutes at time, before rebooting on its own or being administratively power-cycled. "What is happening with your network? No inbound or outbound packets make it to their dest" "We have an open case with Cisco" "Why was there no failover?" "We've an open case with Cisco". 2 months later, repeat. "Is this the same issue as 3 months ago?" "We believe so" "And why have you not replaced the hardware?" "We've an open case with Cisco". This issue went on for THREE YEARS.
Then there's their UPS/power situation: twice during a single year their Fremont data centre lost power for 6-7 full minutes at a time. Both times, it was caused by "unexpected problems during maintenance"... but they supposedly have back-up gas generators, and tote photos of them on their web site.
Then there's the cages. The cages are enclosures which should be 4-post, and are intended to be 4-post, but are front-mounted 2-post (and by front-mounted I don't mean telco style!). Generic, non-managed power strips are shoved into the cages, intended for you to use (rather than a 1 or 2U SNMP-managed PDU at the top of the rack). The cages are not deep enough for full-length servers, which results in full-length boxes blocking said power strip AC outlets. 42U rack, but only 6 or 7 AC outlets usable (unless you spaced your servers in a peculiar way, wasting about 1/3rd of your entire rack).
One word: ghetto.
When you consider all of the above, no one in their right mind should be surprised they were hosting a kiddie porn/spam/shady customer. "Build it and they will come".
This is no vigilante justice. Someone noticed things that are (usually) contract terminators, notified the hosting provider, who then exercised their rights that were reserved in the contract between them and the customer.
There was no justice, only contract fulfillment.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
This is why
The CAN-SPAM Act is directed at the commercial entities that actually create the message, not the service providers who happen to be the medium.
as the actual medium as it's put is already constitutionally protected from being liable. So although ISP's are not common carriers in the US, the law is virtually identical for the considerations discussed within the article.
Oh honey look... How cute... an angry slashdotter!
They have never applied for that distinction within the courts
[Yawn] This is getting old. One doesn't 'apply' for common carrier status. One engages in a line of business that the regulators and courts determine to be a common carrier. Often in spite of the complaints of the organization in question.
See the second paragraph here.
Have gnu, will travel.
False. Black bears are better.
What I'm saying is that since the majority of the country voted for the candidate who wants to make the government everything for everyone the idea of using self-initiative and being self-reliant must be obsolete.
It's like trading in your Volvo for a Jaguar. Sure the Volvo was sturdy and dependable, but it was also boring, and didn't attract the chicks. The Jaguar is way cooler, and makes you more popular and successful with women, but you have to take it to the shop every week because it constantly breaks down. This country moved one more step from being a Volvo to being a Jaguar.
You are in a maze of twisty little passages, all alike.