i already got 146.82.0.0/16 plonked at the firewall due to spam attacks from Global Crossing idiots. I wonder how much more i'll wack in the near future.
Oh well, they can join the rest of the asian spammers i've plonked at 202/8, 203/8, 210/7, 218/7, and 220/7. (Yes, i really do despise countries that dont care about their spam problems)
They harvested the spamtrap address i use here on slashdot and started to spam me. I've posted copies to NANAS if you dont believe me.
http://groups.google.com/groups?q=btfh.net+phant om &ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Searc h (be advised of the link munging, if you cant get it to pull up, go to groups.google.com and do a search for the terms btfh.net and phantom, and you'll find it.)
I promptly firewalled the/16 they're hosted on and sent out nasty grams to the hosting company in question.
the P4's archtecture (sp) is such that it is incredibly sensitive to cache misses due to its long pipeline (20 i believe). Thats why higher memory bandwidth and larger caches make such a huge difference on the P4. Where as the Athlons have a much shorter pipeline (12 i believe), the extra memory and cache dont help out as much.
simple, plonk the whole/24 into your firewall. Or if your a real Bastard, plonk 64.94.0.0/15 into your firewall. Internap owns that block who happens to be a major spam haus. Fuck two assholes for the price of one iptables rule:)
your dns blows dude:) Time to stop using win2k server's dns (which blows chunks, i know - i've run it in the past before i came to the light errr linux).
ironic you use the term hungarian conspiracy... During the Manhattan Project a large number of senior scientists on the project were hungarian and were known humorously as the hungarian conspiracy. Teller, Wigner, Szilard, and perhaps a few others were referred to by this name.
i agree that port 25 blocks ARE a pain to end users, it DOES cut down on the sobig attacks, and the dumb ass make money at home by spamming on your dsl/dialup connection. About a month or two ago cox cable blocked port 25 on their cable users, and since then, i've seen ZERO spam attempts from their network. Compare that to rr.com or attbi.com, which i've had to ban their entire network sans the real smtp servers at my firewall because of the massive worm and spam attempts.
theft of network resources is a crime in my opinion, and spam is theft of network resources. The penalty for such a crime is blacklisting. Support of spammers indirectly or directly is a crime punishable by blacklisting. As has been said many times, either smarthost, or dont support a spammy isp, or you face blacklisting.
but so what? its fucking aol after all. Does anyone really care if that huge child porn and overwhelming pop up add peddler blocks anything? Its not like you need anything useful from that worthless domain.
i've seen a LOT of kt7's where the caps on the motherboard begin to bulge at the top and eventually leak or explode, killing the board in the process. You might want to double check them. Its a well known problem, check google for references and the story behind it.
with all do respect, ecs motherboards are NOT very high quality. Do you think any motherboard thats 20-30 dollars less then Msi, Asus, etc, is going to be paticularly good? I've had to repair and replace enough ecs boards for clients to not trust them.
Crazies? I didnt know being a spam hating BOFH made you a crazy. Yes, i block ALL of south america. Dont like it? Too fucking bad, its MY box. When South america cleans up its act, i'll allow their mail again. Until them, let them eat the ether silence.
you know what, if you want to financially support criminals, thats your business. If you live in a crackhouse, even if you dont do drugs, people are gonig to NOT trust you, or in this case, trust your network traffic. If spews did die, you'd just end up on hundreds of private blacklists with zero chance of getting out of them. My current private blacklist is over 730 lines, and thats NOT counting the geographic blocks i am using, which is another 283 lines.
Besides, if you insist on using a spammy isp, there's a solution: smarthosting. Smarthosting in the smtp context is where someone who isnt blacklisted agrees to act as relay for you, so all your outbound smtp traffic is sent from a non blacklisted address. Its fairly cheap, and solves the problem for everyone involved.
funny, i've found blacklists to be hugely effective (if you use the right ones). I refuse to use content based spam filters due to the high cpu overhead, and the fact i'm still wasting the bandwidth to accept their crap in the first place.
well its your server,and your right to do with it whatever you want. On a practical note, if your not using SOME sort of dnsbl, you will get flooded with spam. I run a mail server that has about 50 or so users over about 5 domains, and we get an average of 200-300 spam attempts per day. Between agressive firewalling and using a combination of 10 or so dnsbl's, the actual spam we get is about maybe 3-5 per week, with no loss of legit email (we whitelist people as needed).
When sobig went off, we were getting hammered. Apparently a bunch of dumb ass spammers had harvested my slashdot spamtrap addy, and then got infected with sobig, so my spamtrap addy was getting thousands of bounces. I tried larting the various email servers (almost all of whom were in europe), but after most of them blew me off, i start agressively firewalling the offending ip ranges. I plan to leave them in the firewall for a few weeks or so until sobig is truely dead, then i'll unblock em.
believe it or not, i agree with you. My users are involved with me as far as the spam blocking policy goes around here, and with a few tweaks and tune, we've struck a great balance between blocking spammers and blocking legit mail. What we currently do now is redirect all of the blocked ranges into a dedicated spam trap machine. If i accidently do block a friendly, i'll see their mail hit the spam trap, where i can then redirect it to the right user, and correct the firewall to not block them in the future. True spam that goes to the spam trap is reported to NANAS and spamcop, which helps the spammers get blocked even more;)
I fight spam in the US by not supporting spam friendly isps. I fight spam by reporting what little spam i do get (thanks to heavy and agressive filtering / blocking) to both spamcop and NANAS and sending out LARTS to the spamhosters as well.
because i religously check my logs and look at the names i am bouncing. Domain names like optindeals.com, dynamic-dialup-some-ip.pacbell.com, etc etc. Also, i often redirect a bounced ip into my spam trap and inspect the messages. They're always spam.
I've seen a LOT of people here who are glad that osirusoft is down because they've got listed along with the spammers in the past. I think they are missing the point on why they got listed and I will attempt to explain the philosophy of the more militant blacklists like Spews, Osirusoft, etc.
Many mail admins (including myself) consider spam to be network abuse and liken it to a criminal offensive. Simply blocking the IP of the spammer itself has been shown to not work very well or for long as the spammer jumps to a different ip addy, often in a different/24 then he was orginally in.
In response to isp's shuffling the spammer around, more agressive blacklisting was done by the above mentioned blacklists. This instantly got a lot of the isps to pay attention and clean out their spammers. It also pissed off a lot of "innocent" users as well.
I say "innocent" because technically they are not pure white innocent, but more of a gray color innocent, because directly or indirectly, they ARE supporting spam. How so? Imagine the following.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal. And his landlord (isp) (who is also your landlord) knows he is a terrorist and continues to willingly provide housing from him. In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Now what do you do? Do you keep paying the landlord and supporting terrorism indirectly? Or do you move out and get a better landlord ?
Thats why you guys are on blacklists. Its not that you've done anything directly wrong, but your supporting spammy isps. The quickest way to find out if your isp is a spam haus, go here. http://www.spamhaus.org/sbl/isp.lasso
spews didnt go down. Osirusoft went down. Osirusoft merely provides a spews feed in addition to Joe Jared's own listings. Sadly, agressive blacklists like spews are needed to put pressure on spam friendly isps like qwest, cw, xo, etc. If you host with them, your giving money to criminals. Would you be upset if you got arrested along with all the islamic terrorists if you were simply providing them housing and shelter? Of course not, providing support to criminals is a crime in itself. And funding a spam haus is a blacklistable offense. I had to move my mail server off ATT some time ago for that very reason, and i sure as hell dont blame the blacklists, i blame ATT and their fucking spammers.
if i did business in those countries, i'd do selective white listing. Since i dont, I plonk the entire countries and be done with it. Every mail admin will blacklist what he needs to nuke as needed . As far as american spam, you should see my firewall, its LOADED with entries for XO, CW, level3, qwest, etc. I terminate all spammers, be it foreign or domestic. And if the network they come from is just a spam network, then the whole network goes, be it American or foreign
if one country bombards me with spam, and i get no legit traffic from that country, then that country gets introduced to my firewall. The mail and network admins in brazil DO NOT respond to abuse complaints. I do not do business in Brazil. Ergo, its a simple solution to plonk 200.0.0.0/8 port 25 into my firewall and be done with it.
Dont like it? Then be part of the solution and start fighting network abuse in your country. Or you can whine like the rest of the plonked spammers and watch a boatload of mail admins nuke south america. There was an informal poll held in NANAE (network.admin.net-abuse.email) on how mail server admins block all of 200.0.0.0/8. And dozens if not hundreds of people replied they do block all of it. How long before it becomes thousands of networks block your country for spam abuse?
our business here uses bl.spamcop.net and they did not require any sort of payment, though i did donate to them after using it and finding it to be excellent.
why should i allow abusive traffic into my network? Its my network, my server, my rules. And the sad truth is, FAR too much spam comes from asia and south america. And their network admins DO NOT RESPOND to complaints at all. A lot of mail admins who dont need asia traffic or south american traffic often block out of hand most of 202.0.0.0/7 and all of 200.0.0.0/8. When South America and Asia clean their network abuse problem, I'll clean out my firewall spam blocks.....until then, they can eat the ether silence.
Slashdot Mirror
i already got 146.82.0.0/16 plonked at the firewall due to spam attacks from Global Crossing idiots. I wonder how much more i'll wack in the near future.
Oh well, they can join the rest of the asian spammers i've plonked at 202/8, 203/8, 210/7, 218/7, and 220/7. (Yes, i really do despise countries that
dont care about their spam problems)
They harvested the spamtrap address i use here on slashdot and started to spam me. I've posted copies to NANAS if you dont believe me.
t om &ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Searc h
/16 they're hosted on and sent out nasty grams to the hosting company in question.
http://groups.google.com/groups?q=btfh.net+phan
(be advised of the link munging, if you cant get it to pull up, go to groups.google.com and do a search for the terms btfh.net and phantom, and you'll find it.)
I promptly firewalled the
the P4's archtecture (sp) is such that it is incredibly sensitive to cache misses due to its long
pipeline (20 i believe). Thats why higher memory bandwidth and larger caches make such a huge difference on the P4. Where as the Athlons have a much shorter pipeline (12 i believe), the extra memory and cache dont help out as much.
simple, plonk the whole /24 into your firewall. Or if your a real Bastard, plonk 64.94.0.0/15 into your firewall. Internap owns that block who happens to be a major spam haus. Fuck two assholes for the price of one iptables rule :)
your dns blows dude :) Time to stop using win2k server's dns (which blows chunks, i know - i've run it in the past before i came to the light errr linux).
;3dcenter.org. IN A
For the record and the karma, dig shows...
dig 3dcenter.org
DiG 9.2.2rc1 -> 3dcenter.org
global options: printcmd
Got answer:
HEADER opcode: QUERY, status: NOERROR, id: 33775
flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
QUESTION SECTION:
ANSWER SECTION:
3dcenter.org. 86400 IN A 217.160.135.91
AUTHORITY SECTION:
3dcenter.org. 86400 IN NS ns18.schlund.de.
3dcenter.org. 86400 IN NS ns17.schlund.de.
ADDITIONAL SECTION:
ns17.schlund.de. 86400 IN A 195.20.224.120
ns18.schlund.de. 86400 IN A 212.227.123.14
ironic you use the term hungarian conspiracy... During the Manhattan Project a large number of senior scientists on the project were hungarian and were known humorously as the hungarian conspiracy. Teller, Wigner, Szilard, and perhaps a few others were referred to by this name.
i agree that port 25 blocks ARE a pain to end users, it DOES cut down on the sobig attacks, and the dumb ass make money at home by spamming on your dsl /dialup connection. About a month or two ago cox cable blocked port 25 on their cable users, and since then, i've seen ZERO spam attempts from their network. Compare that to rr.com or attbi.com, which i've had to ban their entire network sans the real smtp servers at my firewall because of the massive worm and spam attempts.
theft of network resources is a crime in my opinion, and spam is theft of network resources. The penalty for such a crime is blacklisting. Support of spammers indirectly or directly is a crime punishable by blacklisting. As has been said many times, either smarthost, or dont support a spammy isp, or you face blacklisting.
but so what? its fucking aol after all. Does anyone really care if that huge child porn and overwhelming
pop up add peddler blocks anything? Its not like you need anything useful from that worthless domain.
i've seen a LOT of kt7's where the caps on the motherboard begin to bulge at the top and eventually leak or explode, killing the board in the process. You might want to double check them. Its a well known problem, check google for references and the story behind it.
with all do respect, ecs motherboards are NOT very high quality. Do you think any motherboard thats 20-30 dollars less then Msi, Asus, etc, is going to be paticularly good? I've had to repair and replace
enough ecs boards for clients to not trust them.
Crazies? I didnt know being a spam hating BOFH made you a crazy. Yes, i block ALL of south america. Dont like it? Too fucking bad, its MY box. When South america cleans up its act, i'll allow their mail again. Until them, let them eat the ether silence.
you know what, if you want to financially support criminals, thats your business. If you live in a crackhouse, even if you dont do drugs, people are gonig to NOT trust you, or in this case, trust your network traffic. If spews did die, you'd just end up on hundreds of private blacklists with zero chance of getting out of them. My current private blacklist is over 730 lines, and thats NOT counting the geographic blocks i am using, which is another 283 lines.
Besides, if you insist on using a spammy isp, there's a solution: smarthosting. Smarthosting in the smtp context is where someone who isnt blacklisted agrees to act as relay for you, so all your outbound smtp traffic is sent from a non blacklisted address. Its fairly cheap, and solves the problem for everyone involved.
funny, i've found blacklists to be hugely effective (if you use the right ones). I refuse to use content based spam filters due to the high cpu overhead, and the fact i'm still wasting the bandwidth to accept their crap in the first place.
well its your server,and your right to do with it whatever you want. On a practical note, if your not using SOME sort of dnsbl, you will get flooded with spam. I run a mail server that has about 50 or so users over about 5 domains, and we get an average of 200-300 spam attempts per day. Between agressive firewalling and using a combination of 10 or so dnsbl's, the actual spam we get is about maybe 3-5 per week, with no loss of legit email (we whitelist people as needed).
When sobig went off, we were getting hammered. Apparently a bunch of dumb ass spammers had harvested my slashdot spamtrap addy, and then got infected with sobig, so my spamtrap addy was getting thousands of bounces. I tried larting the various email servers (almost all of whom were in europe), but after most of them blew me off, i start agressively firewalling the offending ip ranges. I plan to leave them in the firewall for a few weeks or so until sobig is truely dead, then i'll unblock em.
believe it or not, i agree with you. My users are involved with me as far as the spam blocking policy goes around here, and with a few tweaks and tune, we've struck a great balance between blocking spammers and blocking legit mail. What we currently do now is redirect all of the blocked ranges into a dedicated spam trap machine. If i accidently do block a friendly, i'll see their mail hit the spam trap, where i can then redirect it to the right user, and correct the firewall to not block them in the future. True spam that goes to the spam trap is reported to NANAS and spamcop, which helps the spammers get blocked even more ;)
I fight spam in the US by not supporting spam friendly isps. I fight spam by reporting what little spam i do get (thanks to heavy and agressive filtering / blocking) to both spamcop and NANAS and sending out LARTS to the spamhosters as well.
because i religously check my logs and look at the names i am bouncing. Domain names like optindeals.com, dynamic-dialup-some-ip.pacbell.com, etc etc. Also, i often redirect a bounced ip into my spam trap and inspect the messages. They're always spam.
I've seen a LOT of people here who are glad that osirusoft is down because they've got listed along with the spammers in the past. I think they are missing the point on why they got listed and I will attempt to explain the philosophy of the more militant blacklists like Spews, Osirusoft, etc.
/24 then he was orginally in.
Many mail admins (including myself) consider spam to be network abuse and liken it to a criminal offensive. Simply blocking the IP of the spammer itself has been shown to not work very well or for long as the spammer jumps to a different ip addy, often in a different
In response to isp's shuffling the spammer around, more agressive blacklisting was done by the above mentioned blacklists. This instantly got a lot of the isps to pay attention and clean out their spammers. It also pissed off a lot of "innocent" users as well.
I say "innocent" because technically they are not pure white innocent, but more of a gray color innocent, because directly or indirectly, they ARE supporting spam. How so? Imagine the following.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal. And his landlord (isp) (who is also your landlord) knows he is a terrorist and continues to willingly provide housing from him. In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Now what do you do? Do you keep paying the landlord and supporting terrorism indirectly? Or do you move out and get a better landlord ?
Thats why you guys are on blacklists. Its not that you've done anything directly wrong, but your supporting spammy isps. The quickest way to find out if your isp is a spam haus, go here.
http://www.spamhaus.org/sbl/isp.lasso
spews didnt go down. Osirusoft went down. Osirusoft merely provides a spews feed in addition to Joe Jared's own listings. Sadly, agressive blacklists like spews are needed to put pressure on spam friendly isps like qwest, cw, xo, etc. If you host with them, your giving money to criminals. Would you be upset if you got arrested along with all the islamic terrorists if you were simply providing them housing and shelter? Of course not, providing support to criminals is a crime in itself. And funding a spam haus is a blacklistable offense. I had to move my mail server off ATT some time ago for that very reason, and i sure as hell dont blame the blacklists, i blame ATT and their fucking spammers.
if i did business in those countries, i'd do selective white listing. Since i dont, I plonk the entire countries and be done with it. Every mail admin will blacklist what he needs to nuke as needed . As far as american spam, you should see my firewall, its LOADED with entries for XO, CW, level3, qwest, etc. I terminate all spammers, be it foreign or domestic. And if the network they come from is just a spam network, then the whole network goes, be it American or foreign
if one country bombards me with spam, and i get no legit traffic from that country, then that country gets introduced to my firewall. The mail and network admins in brazil DO NOT respond to abuse complaints. I do not do business in Brazil. Ergo, its a simple solution to plonk 200.0.0.0/8 port 25 into my firewall and be done with it.
Dont like it?
Then be part of the solution and start fighting network abuse in your country. Or you can whine like the rest of the plonked spammers and watch a boatload of mail admins nuke south america. There was an informal poll held in NANAE (network.admin.net-abuse.email) on how mail server admins block all of 200.0.0.0/8. And dozens if not hundreds of people replied they do block all of it. How long before it becomes thousands of networks block your country for spam abuse?
our business here uses bl.spamcop.net and they did not require any sort of payment, though i did donate
to them after using it and finding it to be excellent.
why should i allow abusive traffic into my network? Its my network, my server, my rules. And the sad truth is, FAR too much spam comes from asia and south america. And their network admins DO NOT RESPOND to complaints at all. A lot of mail admins who dont need asia traffic or south american traffic often block out of hand most of 202.0.0.0/7 and all of 200.0.0.0/8. When South America and Asia clean their network abuse problem, I'll clean out my firewall spam blocks.....until then, they can eat the ether silence.