back to article Spamhaus DDoS blamed on shady Russian hosts, not Anonymous

Anti-spam organisation Spamhaus has recovered from a denial of service attack over the weekend. Initially though, Spamhaus may have been attacked in response to its warning that a WikiLeaks mirror called WikiLeaks.info was being hosted by a Russian bullet-proof hosting outfit, called Webalta, that also played home to phishing, …

COMMENTS

This topic is closed for new posts.
FAIL

It's Do Svidaniye

Which actually makes your by l ine even more amusing.

Oh and it's also tovarishch.

0
0
Anonymous Coward

Are you sure?

I think it's 'dasvidaniya', which is yet more amusing.

0
0
Silver badge
Coat

It depends

It could be that you are shouting over the Oder-Neisse Grenze from the eastward side.

Anorak and Kalash, please.

0
0
Silver badge

I wonder how many gig/sec it was

That they actually noticed it. Surely they aren't new to DDoS attacks?

0
0
Grenade

PITA

Spamhaus are a right royal pain in the a**. They seem to have removed the need to pay for removing your static IP's from their block list as they think they are dynamic ? or have they ?

I am sure that they use their position to extort payments from other legitimate mail hosts or force them to use multiple authenticated SMTP relays to work around the issue.

In this day and age of endpoint mail scanning and filtering why do people still use them ?

0
4
Welcome

Simple effective and accurate

I use spamhaus DNSBLs because they help me to get rid of most of my spam with virtually zero false positives. I did once get into one of their blacklists once due to being included wrongly within a Spamhaus (SH) aggregated feed from another provider that considered my mailhost spammy due to a strange Sendmail HELO header that wasn't really evidence of spam at all. But I got out manually and fast after a reboot without having to pay anyone anything. Can't make omelets without breaking eggs I guess, that's the nature of the security/reputation business.

I also don't blame them for charging badguys and incompetents who require SH to provide services in a manner that costs SH something, though I understand most of SHs income comes from large ISPs and other large mail providers for supplying high volume information feeds. SH charge nothing for providing the same information on an as needed basis to small email operators like me.

Content mail scanning and filtering gets rid of some more spam but really isn't as reliable as the SH DNSBL, as content filtering giving me too many FPs for rejection. Content filtering is OK for putting into a spam folder which is checked for FPs once a week, but origin reputation rejection by the MTA keeps the spam folder small enough to be worth manually checking the subject headers and senders occasionally. SH help me reject several hundred spams a week currently.

0
0
FAIL

So much wrongness

I have never known Spamhaus to demand payment for a removal, and have always found them easy to deal with on the (very) odd occasion when I've needed to request one on behalf of a client.

Yes, there are organisations that require payment, organisations which I therefore refuse to use.

Spamhaus do not, which makes me wonder about your motivation for suggesting they do.

0
0
Thumb Down

You obviously don't run an email server then?

If you did then you would appreciate the work that Spamhaus does. Endpoint email scanning is simply not good enough - it's too late by then!

1
0

@Leeroy

Spamhaus have *never* charged for delisting. You might be thinking of SORBS.

Additionally, these blocklists don't actually do *any* blocking - that's up to the mail server admins that make use of the lists.

0
0
WTF?

SpamHaus grr

You have to be kidding right? I run a commercial email operation and in 2004 SpamHaus nearly put me out of Business, I'm a beleiver in ethical email and use several DNSBL's but if SpamHaus was on fire I wouldn't cross the road to P**s on them.

They incorrectly placed my mail servers IP in the dynamic block list it took me 8 weeks to get a reply 8 WEEKS for just a reply, there is no come back, no nothing I mean how can anyone do something like that. If you have a service that other people use to block mail then have the decency to respond to requests in a timely fashion and by timely I mean less than 24 hours, NOT 8 weeks. I was able to prove my IP wasn't dynamic, no nothing not even a sorry we screwed you over. In the end I had to contact every mail admin for the domains that were blocking us and then get them to white list me; in all it probably took me 3 or 4 weeks of work and nearly destroyed my business and most probably took a couple years off my life, nice one SpamHaus........

0
0
FAIL

Wasn't the first DDoS against Spamhaus

Won't be the last - and wasn't even a big one. Spamhaus has a full cloud infrastructure setup when things get hot and it had to use it for several months some years back.

Spamhaus has a lot of _very_ well connected network friends whose version of the LOIC is the Orbital Anvil Delivery System(OADS) - "We refuse to route packets to or from your network, across our backbone/through our internet exchange"

Such shunning events are a last resort and usually only last a few hours before the hosting networks see the sense of not hosting spammers/spam supporters and those who attack antispam resources. Russians make take somewhat longer to get the message. I believe one Ukrainian network needed to be disconnected for a day or so before it decided that advertising routes for stolen netblocks was bad for business....

1
0
Happy

Orbital Anvil Delivery System(OADS)

Developed in tight collaboration with ACME, I suppose?

0
0
FAIL

Wow, the brains on that bunch

Let's get this right:

1) Spamhaus calls Heihachi group spammers, thugs and thieves.

2) Heihachi group consider options: A, to deny it, or B, to attack and prove Spamhaus correct.

3) They choose option B and attack Spamhaus, gaining a bigger audience and confirming what Spamhaus said to be true.

Massive Fail

2
0
This topic is closed for new posts.

Forums