Suspect Arrested In Spamhaus DDoS Attack

New submitter apenzott writes "According to the BBC, a Dutch citizen has been arrested by Spanish police who suspect he was behind the recent Spamhaus DDOS attack, one of the biggest such attacks ever. 'The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.' According to a press release from the Dutch Public Prosecutor (Google translation of Dutch original), the 35-year-old man's computers and other devices have been seized as evidence. The man will be transferred from Spain to the Netherlands shortly. 'Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and the way they have worked with us,' said a Spamhaus spokesman."

Hangin's too good for him

[soundguy]

I hope they hang this piece of shit up to dry and his scummy, criminal "hosting company" fades into history.

Re:Hangin's too good for him

[BasilBrush]

I wonder just how much of the world's spam went through this scumbag. I'm hoping for a downturn in spam volume as this outfit is closed down.

Re:Hangin's too good for him

[Ossifer]

I've already had a big downturn--the news item elicited me to investigate my settings, and I found I wasn't using spamhaus properly... Now I am... Kind of an analogue to the Streisand effect...

Re:Hangin's too good for him

[dissy]

An infected machine in my network got our company on the XBL the morning the DDOS started.

Please stop being lazy and inconsiderate, add the two firewall rules to your router to stop attacking the internet.

Allow outbound dest port 25 from your mail servers IP.
DENY outbound dest port 25 (from everything else)

You wouldn't have that problem, that infection wouldn't be attacking all of our systems, and you wouldn't be making such stupid comments about a blacklist that rightfully listed you.

Re:Hangin's too good for him

[gandhi_2]

Unless their whole domain is under DDOS.

In which case you can't check the website or use the delist process!

Re:Hangin's too good for him

[gandhi_2]

An infected machine being seen talking to a botnet is enough to get you on the XBL.

We were blocked for THAT. Not for any spamming. We DO block all port 25 except from the SMTP servers.

Maybe instead of being an insulting douche, know what the fuck you are talking about.

http://www.spamhaus.org/faq/section/Spamhaus%20XBL#37

It turned out to be an infected machine on a WIFI AP. I learned to send the WIFI traffic out a separate WAN interface so it's problems didn't affect my smtp outbound ip.

Re:shocker

[bfandreas]

Please let me join your absolute shock and amazement that the guy who gloated the most about this has been identified as the prime suspect.
Also why was he nabbed in sunny Spain instead of being holed up in his SWAT-repellant yet slightly less sunny anti-everything bunker? Fighting the good fight against evil Spamhaus at the side of every Legitimate Businessman propably was a bit of a hassle? He must have brought a note from his mother as the dark dampness disrupted the punctuality of his often broadcasted latest bowel movement.

Let me be your complete lack of surprise situated just north of your favourite kidney.

Re:shocker

[1s44c]

That bunker and the name 'cyberbunker' are just marketing. He doesn't actually have any presence in that bunker and hasn't for years.

The guy is a lying con-man as well as a DDOS scumbag.