Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post Blog Shuts Down 75% of Online Spam

Posted by CmdrTaco on from the real-american-hero dept.

ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?

9 of 335 comments (clear)

  1. Not Just Spam by eldavojohn · · Score: 5, Interesting
    From the article:

    The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.

    And they operated for how long before they were shut down ... as a United States based hosting provider?

    If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating. And I hope a warrant is obtained through the appropriate channels to collect evidence from Hurricane Electric & Global Crossing ... I'm all for user privacy policy from an ISP but obviously these people are criminals.

    --
    My work here is dung.
    1. Re:Not Just Spam by billcopc · · Score: 4, Interesting

      Oh boy... field trip!

      The government is not there to enact justice, it is there to provide services to its citizens. Justice is not a service. Justice is a tool, a device to help ensure social stability, and as long as justice is controlled by someone on the payroll, there will be no true justice. There is only loyalty to the payroll.

      Plus, your sig has been bugging me for a while now:

      The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to the lazy.

      ... nor is its purpose to raid lower- and middle-class people's wallets and give it to the rich, but purpose be damned because that's all it's ever been good at!

      --
      -Billco, Fnarg.com
  2. Re:good job! by TheLink · · Score: 4, Interesting

    Seems like McD is moving quick:

    http://inventorspot.com/articles/mcdonalds_japan_goes_nobrand_with_quarter_pounder_shops_19505

    --
  3. is it morally right to DDoS spaming ISPs? by petes_PoV · · Score: 4, Interesting

    as the title says. if it gets them "off the air" is this a public service or a criminal act (or both)?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  4. Better to NOT shut them down? by plsuh · · Score: 5, Interesting

    When it comes to these sorts of things, oft times law enforcement and intelligence agencies who know about a source of major operations DON"T shut them down, so as to build a case against the bigger players or to maintain the ability to track what is going on. Given that this is a US-based corporation with US-based servers, I wonder if this shutdown has seriously compromised on-going monitoring and criminal cases. While this has almost certainly seriously disrupted operations of the various bad guys for now, I would give it only a few days before they're back online based at overseas locations where they're less easily reachable. Except for some script kiddies, the operations are all sophisticated enough to use standard techniques such as multiple hardcoded fallback IPs. DNS redirection, and using fake BGP announcements to hijack IP blocks to get back online.

    --Paul

  5. My personal experience by rwyoder · · Score: 4, Interesting

    I use a procmail filter that sends mail from known addresses into my mailbox, and dumps everything else into a "garbage" file that I check every morning before deleting it, (on the off change that a friend or business has sent mail from a new address). This morning for the first time in *years*, the file was empty.

  6. All well and good, but... by Time+Ed · · Score: 4, Interesting

    ...once the folks who sell spam and porn find a hosting provider who turns a blind eye, they tend to stick with it and consolidate their operations. Paying attention to Spamhaus and the more reliable botnet trackers tells me where these operations are located, and helps me write good gateway filters for my employer, my house, and my friends. Cutting off internet access tends only to disperse the nere-do-wells rather than stop them, and I have to start over again tracking and writing new filters. In other words, I like to know where these guys hang out so I can avoid them, the same way I avoid the riff-raff in the physical city where I live.

    I think its great that someone is doing something about the problem, but I don't think it should be the ISP. We already have laws against spam and certain porn, and it should be up to the government to enforce those laws. Vigilantism is never the answer.

    The tried-and-true way works: if you have evidence, take it to the police. If the police won't do anything, take it to the press. Sure it takes a little longer, but it keeps - in this case your internet connection - safe from the Random Crusader. And the criminals may actually get arrested.

  7. IronPort reports 66 percent drop in spam Tuesday by tsu+doh+nimh · · Score: 4, Interesting

    From their press release: "In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."

    --
    ...because you never know who you're dealing with.
  8. Re:ISPs are clueless? by NevarMore · · Score: 4, Interesting

    So, I don't mean to be a dick here or anything, but you had those kinds of problems with a vendor you were using as a data centre not just once, but over a timespan measured in YEARS.

    While you anecdotes indicate that HE does have problems, I think the bigger concern is that they have customers who put up with those problems. What golden nugget are we missing? Do they have higher than normal payouts for failing to meet SLAs?