BIGGEST DDoS ATTACK IN HISTORY hammers Spamhaus Anti-spam organisation Spamhaus has recovered from possibly the largest DDoS attack in history. A massive 300Gbps was thrown against Spamhaus' website but the anti-spam organisation was able to recover from the attack and get its core services back up and running. CloudFlare, the content delivery firm hired by Spamhaus last …
@handle - that's not necessarily the case. Spamhaus is the reason I can't use a desktop email server (which I started after an important ISP-server email disappeared into the blue costing me a large wad...with a desktop server, it gets delivered, or you get an error message...either way you know whether it got through).
They do have a very high-handed attitude...it's basically "fuck you if you don't like it; but you're not sending emails from that (ISP's) IP range". And it's not just spammers who are effected. I admit that I'm probably a minority here; but they did put a serious spanner in my day-to-day operations.
"your ISP's IP range gets listed if your ISP asks for it to be listed. or if the SPECIFIC IP has been used to spam repeatedly.
which part of that is hard to understand?"
Sorry, but that simply is not true. They will do blanket blacklists of IP ranges that THEY consider (based on outdated IP range lists) for example "dyncamic IP ranges". This is totally unrelated to any actual spam activity but they don't give a f'ing damn to adjust those lists to prevent from innocent/legitimate users being seriously effected by their listings. A lot of those ranges are not valid anymore because them have been re-assigned since "we are running out of IPv4 addresses"...
But to make it also clear, I do not condone the actions that some people have taken to get back at them. But SpamHaus and a couple other vigilante black list distributors need to make sure they are actually targeting the real bad guys and not just everybody else in "the neighborhood" as well...
They may well do, but what is the alternative? white list every single person who parks on an IP address, sends 10,000 spans and then switches off and moves on, with very little traceability?
The point is by REQUIRING email to go THROUGH a responsible authenticated relay someone is able to STOP ABUSE.
Its a bit like saying 'I have a Porsche that is capable of driving 140mph in safety up the M1, why am I not allowed to do it?' and the simple answer is, because plenty of people who are not able to do it safely or at all, need to be restricted to what they can in fact handle. Get yourself a race track, or rent someone else's.
And the answer for mail is the same, you wan run your own mail server? well get on a fixed IP address and run it. And preferably not with an ISP that is full of dorks sending penis enlargement pill adverts.
As I understand it, Spamhaus adds IP space either because spam originates there, or because it hosts web sites that are being promoted by spam (which in many cases may come from elsewhere such as botnets). They call this 'spam support'. Responsible hosts will generally clear out such spam support services. Some are clueless, and some actively decide to take spammers money in return for 'bullet proof' services - i.e. not pulling the plug for abuse of the AUP.
In such cases, Spamhaus can escalate blocks - effectively enlarging the range of IP space covered by a block to turn the screw on the host, because it starts to cover their legitimate business customers as well as the spammers on their network. The idea is that miscreant networks will find that they end up losing legitimate customers if they continue to provide service to illegitimate ones.
One can argue about whether such actions are justified, but ultimately it's up to any network to decide whether it wants to use Spamhaus's lists or not.
My personal opinion is that Spamhaus does an excellent job, and forcing networks to choose between legit business and spammers is fully justified. It's bad if it affects your company or personal email, but you should vent spleen at your network for whatever spam problem has caused Spamhaus to list them, rather than at Spamhaus.
It's difficult to run a mail server at home any more due to the lengths mail server administrators must go through to limit incoming spam. Dynamic IP? Sorry, my mail server won't accept your messages. R-DNS or MX doesn't resolve correctly? See ya. Listed on Spamhaus, SpamCop or Manitu? Not takin' your message. Oh yeah, send more messages my honeypots so my bayesian filter get even better....those addresses have been spread far and wide! Throw in a good dose of greylisting, backscatter protection and tarpitting and I manage to block *almost* all incoming spam (which currently makes up 57.5% of my servers' incoming messages). It really does make it rough for the "guy at home" trying to run a mail server though...nobody but the spammers to thank.
As for getting de-listed from Spamhaus...I've done it, shortly after switching providers a few years ago. It was not a huge deal, I contacted my ISP (again, you probably won't get much help from them with a "consumer" account...I didn't have problems since I have a business-class service) and it was resolved within a day.
You forgot to mention DKIM and SPF :-)
Difficult to get working, but can be done. Also, it helps if you choose an ISP which doesn't segregate its home and business IP addresses into different ranges. It's not supposed to be easy though.
One ISP I used in the past would only open port 25 once it had tested the configuration of your mail server to make sure it wasn't an open relay.
It's difficult to run a mail server at home any more due to the lengths mail server administrators must go through to limit incoming spam
I manage it. I'm not running it on a souped up Cray either. Just a Fit-PC2. 1.1GHz of Intel Atom goodness(*) with 1GB of RAM and Windows 7. On a typical day it gets several dozen spam mails sent to it and sometimes a week or two of someone attempting a dictionary attack. Seems to run fine for me. I'll concede that since we use disposable addresses 99.9% of the spam is sent to the bit bucket without ever reaching a users inbox but since I'm filtering by RCPT TO it still has to be downloaded.
Good old VPOP3.
(*)Stop laughing at the back. It consumes less than 10w of power an hour.
You mean it runs on just ten Watts. A Watt is a unit for the rate of use of energy. What you pay for are units of energy. You could have said 0.01 kw/h per hour ... perverse but correct.
BTW I run an Atom server as well, though I'm wondering if it should morph into a Rasberry Pi soon.
Sounds good, do you use it to send outgoing mails too? I run an SME server linux distro at home and have absolutely no problems with spam - yes, we get a few, but no more than with other providers. Having said that, I won't even bother to let it send mail out directly, as I'm using a BT dynamic address. And yes, I use a dynamic DNS service.
Don't you mean "it consumes less than 10w"? Sorry...
"@handle - that's not necessarily the case. Spamhaus is the reason I can't use a desktop email server (which I started after an important ISP-server email disappeared into the blue costing me a large wad...with a desktop server, it gets delivered, or you get an error message...either way you know whether it got through)."
No, Spamhaus is not the reason you can't use a desktop email server. Spamhaus doesn't prevent you from doing so; it simply lists your desktop email server for what it is, and other folks choose not to accept email from it.
Let's put the blame where it belongs. It is not Spamhaus' fault you can't do what you want; it's the SPAMMERS' fault you can't do what you want. I'm sure you're 100% legit and would never send unwanted commercial email, but for almost everyone else running desktop email servers--sometimes without their knowledge or consent--that is most decidedly not the case. The collective Internet has finally thrown up its hands and said "enough."
Spammers are why we can't have nice things. Blame them. They're the villains here.
It's about power and control. Spamhous have achieved a powerful position and can now effectively decide who can send email and who cannot. They must use this power responsibly. There used to be a time when SMTP was a system that forwarded email for anybody needing it. Those open SMTP servers have been secured due to abuse by spammers.
>It's about power and control. Spamhous have achieved a powerful position and can now effectively decide >who can send email and who cannot. They must use this power responsibly. There used to
Wrong on soooo many levels. Spamhaus publish an RBL. It's up to server owners and ISPs to decide whether they use it or not.
>Let's put the blame where it belongs. It is not Spamhaus' fault you can't do what you want; it's the SPAMMERS' >fault you can't do what you want. I'm sure you're 100% legit and would never send
Indeed. And while we are at it - all those mailservers that don't bother checking the SPF entries to see if an IP address is allowed to send mail for a domain - well - you are the ones causing me to get hundreds of bounce messages to my home domain because the spamming scum are forging emails that look like they are coming from my domain. And no, my server isn't cracked. No, my home machines are not running any worms or trojans. If the mail servers bother to check the source IP, they'll find it's a US IP address (mostly) and NOT AUTHORISED TO SEND EMAILS PURPORTING TO BE FROM MY DOMAIN!
Bah. It's almost enough to want to you nuke the source IP.
Exactly so.
If you want to control your mail, do what I did: get a virtaul server on a fixed IP address that is yours and yours alone, and set it up as an SMTP receiverer and (authenticated) relay and use it.
THEN when 70% of your incoming mail is from spambots, do what I also did, Configure it to use spamhaus and watch the spam reduce by a factor of 8.
You might also do as I did and monitor its logs to see what us being junked. I never found after a weeks worth of logs were picked through line by line ONE SINGLE email that was valid, rejected.
Compare and contrast google mail which routinely rejects mail I send to people on a mailing list t 'because there are too many recipients on the bcc: list' I.e. it is unable to tell whether a mail addressed to many people who are NOT mentioned in the To: line for privacy reason, is spam, or genuine desired mail.
Spamhaus is the reason I can't use a desktop email server
Uhm, and the fact that many MTA admins, myself included, have turned on the demand for an associated PTR record before incoming mail is accepted has nothing to do with that ?
Sorry but I think you make a bogus argument; chances are very high your desktop MTA also wouldn't be able to drop mail to any of my servers, AOL's servers, Microsoft's Hotmail / Outlook servers (these also start to adopt the Sender Policy Framework btw) and most likely Verizon's.
Even without the help from Spamhaus. Simply because your IP most likely doesn't meet quite a few demands.
and it should be pointed out they are a commercial organisation. They have two companies registered, one is the charity, the other is the business - which is now very powerful and can dictate whoever remains online or not... ironically their profit-earning business (which is very lucrative) sends out huge data-streams, a lot of which are considered spam. :)
@moiety, if were trusting your ISP to handle any part of the sending, receiving or even whispering loudly about your email, when said email could have an, er, "large wad" riding on it, then consider it a salutary lesson that I should think many of us here have learned to our cost in our early days. ISP-provided mail services, even down to outgoing relays, are a horrible liability.
And WTF is a "desktop email server"? Serious question.
Exactly his point. I run a 'desktop' email server. Actually a Linux box but to send to AOL I have to set my smarthost to my ISP SMTP. Email arrives at peoples inbox much quicker if I send it directly from my server. I just need a way of redirecting only those that must go through my ISP.
You can certainly run a mail server on a desktop if you wish, but you'd do well to relay outgoing email from it through a smarthost which Spamhaus doesn't block, e.g. your ISP's smarthost, and which doesn't block you due to not knowing your address as one of theirs or if it can't authenticate you, or due to you sending more than the smarthost operator policy allows. It also helps greatly if you have a static IP address, or one which changes very, very infrequently for incoming mail. You'll have to ensure the incoming domain MX record is pointed at your IP address, preferably dynamically if you IP changes.
I've done this experimentally and successfully for small volumes for years, but I put my production email server and services for non-experimental work on a £15/month hosted virtual machine which has a static IP. I use the production email server as my own smarthost, and use authenticated SMTP from my home system to relay outgoing.
"Spamhaus is the reason I can't use a desktop email server"
Bull. You can most certainly run your own server to accept mail for your domain - I don't think there is anybody using ANY DNS RBL to filter where they send mail TO.
And for sending outbound email - if you cannot configure your email server to use a smart relay to another server, such as your ISP's server, then you probably aren't going to configure your mail server correctly in other areas, such as relaying spam.
The gold coins are closer to the nut than you apparently realize. I'm not saying that you can somehow remake the spammers into decent human beings. I'm saying that if you take away their "gold coins", then most of them would crawl under less visible rocks. That is why I think there should be a larger focus on breaking the spammers' business models at the downstream end, not upstream where Spamhous and Microsoft have been firing their big cannons.
The usual numeric analysis focuses on the small return ratio of the spammers, but we should think of it differently. The key ratio is the LARGE number of people who hate spam versus the SMALL number of suckers who feed the spammers. What we need are better tools to allow the large number of spam-haters more actively cut the spammers away from their small number of suckers and victims. Given how much value it would add to their email systems (and Yahoo should be especially desperate for value these days), I really don't understand why they don't integrate such tools into their email systems.
Let me pick a really trivial example, the spammers who are using link shorteners from LinkedIn and Twitter to route their suckers. They are obviously doing this because the links last long enough to reach some suckers, so the obvious countermeasure is to negate those links more quickly. (Actually, cutting the links would be less effective than redirecting them at some webpage that would educate or scare the suckers who have clicked on them.) The email system should have a mechanism to report the problem, perhaps even with an incentive if you're the first annoyed person to report the link.
Am I the only person who would like to feel I am personally making the spammers' miserable lives even more miserable? I don't think so--but it wouldn't take too many people like me with better spam-fighting tools to really cut the spammers.
"That is why I think there should be a larger focus on breaking the spammers' business models at the downstream end, not upstream where Spamhous and Microsoft have been firing their big cannons."
Fully agree with you there.
What we need are better tools to allow the large number of spam-haters more actively cut the spammers away from their small number of suckers and victims."
I've worked on developing anti-spam tools for some time. A problem here is that the primary motivation for doing so is to get a cleaner message stream without losing wanted messages. Putting spammers out of business has to be secondary to this primary objective. Spamhaus have done excellent research here also, which has led to prosecutions and jail terms. But the need to have a very low false positive rate means some false negatives inevitably get through, enough probably for the small proportion of suckers to support the spammer business model.
So I agree with what you are trying to achieve, but I think this probably needs to be recast as a social, educational and legal solution, because it probably can't be handled as a technical model without very major changes to the email model as it now exists. It might become possible to do more of the latter in the sense of requiring much higher authentication and reputation lookup standards when accepting SMTP over IPV6, and then everyone gradually letting IPV4 SMTP become marginalised before switching it off entirely.
"I've worked on developing anti-spam tools for some time."
I have another - possible - solution.
The crux of the matter is that spam is basically cost-free to the sender. Imagine an ISP or email service that would let a user send out, say, 5,000 emails a month for free. (That's an arbitrarily-chosen number, used for the sake of illustration.) After that allowance is exhausted, the user must pay - again, using arbitrarily-chosen figure - a penny for each additional 100 emails.
5,000 emails is a lot of email but many, many orders of magnitude less than what a spammer needs to send in order to make a profit.
Now imagine if several such ISPs allowed its users the option to only accept email from similar ISPs/email services. Spam would no longer be cost-free to the spammer, and spam sent from non-participating ISPs/email services would be immediately rejected. (Not even returned to sender; just consigned to the bit bucket.)
This is not a complete plan, obviously, (and Microsoft had the idea of charging a very nominal sum for sending emails quite a few years ago), but considering the huge number of spamming emails that must be sent in order to make any money for the spammer, I would think that this would seriously reduce and might even come close to eliminating spam.
let's see....
A DDOS attack this size takes time, effort and $$.
Spamhaus provides a service which hurts a rather infamous sector of the intarwebs, and seriously helps quite a number of operators to keep the headache down to a minimum.
This sector, by all accounts over the last two decades, has proven to be very profitable for people with the proper mercenary attitude.
Even the Big Ten of monopolists bad guys nowadays have not garnered enough ärger to get the fanatics up upon the Barricades for something this size. If Anonymous, or any other activist society could ever agree on [something] they might take a shot, but at the moment it simply isn't there.
If it isn't the "Good Guys" , then it's the Opposition. Occam's Razor, a close shave every time.
This post has been deleted by its author
both beaten by Auntie at 27 March 2013 Last updated at 13:03.
But it just goes to show what is going on out there and probably a sign of things to come. I wonder if my boss will be glad I insisted our DDoS solution to give protection against R-DNS attacks in addition to the usual Layer 3/4 and 7 attacks.
And there will have to be some re-writing of vendors material now. 300?! mighty big stuff.
In the scheme of human affairs there are great men who come along once a generation and change the course of history for the positive and then there is the human equivalent of gum stuck under a bus stop bench who peddle penis pills. The key function of society is to encourage the former and make life hell for the latter as much as possible. Keep up the good fight Spamhaus!
Thought you had to have control of your own DNS server to pull off this type of amplification attack but that is trivial anyway. Cloudfare will be able to write a nice rule to protect against this in the future.
Such a waste of a good attack, obviously someone got upset to the point of rage-ing hard!
Standard DNS has done us well but its time to move on and get rid of some of the known issues.
"Standard DNS has done us well but its time to move on and get rid of some of the known issues."
Spamhaus (and other RBL providers) are vulnerable to DNS attacks because they use a version of the DNS protocol. If I receive an smtp connection from 12.34.56.78 and want to know if this host is spamacious, I send a reverse-lookup request for that IP address to the Spamhaus servers; a positive response means that the address has been seen spreading spam so I can drop the connection without having to handle the message. Unfortunately because the protocol and ports are the same as DNS, the same attacks also work.
> I send a reverse-lookup request for that IP address to the Spamhaus servers;
Why do you do that? You just need to ask spamhaus about whether the IP is smelly (doesn't work with the larger and evasible IPv6, I would think). Knowing the symbolic name for that IP is uninteresting. Maybe a traceroute would be of interesting. If the trace shows you are vectoring into the vicinity of NETHER.REGION.ZONE and the IP's address name is HOUSE.WITH.TASTY.BEER.COM, your trust levels should drop....
> Spamhaus (and other RBL providers) are vulnerable to DNS attacks because they use a version of the DNS protocol.
I think someone is confused, not sure it's me.
No, it is you.
What the blacklists do is use the Reverse DNS request as a well-defined protocol for sending a query to obtain more information about the IP address. Under no circumstances does the RBL supplier actually provide Reverse DNS information, merely whether or not they have reason to believe the IP address is associated with spam.
So rather than asking "who is 12.77.1.2?" expecting the answer "HOUSE.WITH.TASTY.BEER.COM", the DNS query to Spamhaus returns "Contains Processed Pork" or "dunno, never 'eard of 'im".
I see.
But that is not actually a "reverse DNS" (nor inverse DNS), it's just DNS, i.e. "interrogate a database at spamhaus, which happens to be a DNS database": You query some record (maybe a TXT) for e.g. "88.77.12.12.isbad.spamhaus.org", which is answered by the spamhaus DNS server exclusively.
No delegation via the arpa domain or anything.
How do you implement these kinds of rules? You need to get them far enough upstream so that your links don't get saturated, but the further up you go the more reluctant the admins become of doing any filtering.
As for spamhaus itself using dns this or that, it's wholly irrelevant to whether they'd be vulnerable to this attack or not. They'd be just as vulnerable to this attack if they had 0 computers, 0 servers and 0 services on offer on their line.. their line would still get saturated by the traffic.
"Thought you had to have control of your own DNS server to pull off this type of amplification attack"
Nope. Just send requests.
Ir should be mentioned that running open DNS servers has been regarded as bad practice for as long as running open mail relays has. I locked mine down nearly 20 years ago when I found an organisation leeching off 'em instead of running their own one.
That actions such as these prove once again that DDoS attacks should never be recognized as free speech.
Or perhaps someone can explain the protest aspect here, esp. given that we're dealing with a non-profit organisation here which most likely can now look forward to a massive increase in its monthly bill due to extra traffic.
DDoS is lame IMO, plain and simple.
"And it points out the flaws in using a 30+ year old network protocol no matter who well designed it was originally. Still the successor is big pile of shit in many ways imho."
As with ICMP attacks this can be mitigated by incorporating throttling into the NS server code. No legit IP wil be making more than 1 request per second for the same information for starters, and very few will be making hundreds of requests per second, thanks to long-established caching algorithms.
The hard part is getting people to actually implement fixes/tweaks.
That won't work in this case as the attack was distributed. Even if you limit requests to 1 per second, the attack contacted SEVERAL THOUSAND of them at once in a barrage. Think of it like this. You tell a few of your buds you're having a party. Each of them tells a bunch of THEIR friends; next thing you know, you don't have a refrigerator (or perhaps house) big enough to accommodate the party.
> That won't work in this case as the attack was distributed.
The attack spoofed Spamhaus IP addresses so although the requests came from multiple sources, to the DNS servers it would appear that they all came from the same small group of IPs so response throttling would have worked.
"Loud speech" as in someone repeatedly yelling, "spam, spam, spam..."
I wonder if there might be a need for a list of open DNS servers which people could use to populate a block-list?
I sometimes wonder at such silliness. A bank or shop might lose money in a DDOS event, but if you don't get an updated open-relay list for a few hours, are you really going to hurt, or change providers?
It's not a not-for-profit outfit... they have a very lucrative business going, and hiding behind their not-for-profit marketing is great stuff for ignorant news outlets:
Spamhaus Logistics Corp. - that's registered in the seychelles
The Spamhaus Project Ltd - this is the not-for-profit one registered in the uK
Spamhaus Technology Ltd. - a UK commercial company - this is the data services part
The Spamhaus Whitelist Co. Ltd. - Jersey
The Spamhaus Foundation - lichtenstein
There's a reason the founder spends his time living in Monaco (a tax haven) and his companies are registered in countries which are also considered tax havens.
I've heard this claim so many times, and yet, I can't convince myself that it is true. Let's say MAE-East gets vaporized. A whole bunch of BGP geeks feel a stirring in their trousers, and the network reconverges on new routes. Or does it? Have there been real, documented incidents where major chunks of the net infrastructure went offline and yet the Internet survived?
I don't really buy it either. All the testing is modeled so no one reallyknows what would happen. All I can say is things like the DDoS being discussed happen & it slows everyone down & all the infrastructure is still there. If significant portions were gone I can't imagine it would show well.
That being said though, if significant portions of the infrastructure were gone there would be much larger things to concern oneself with than backups, games and cat videos....
"But the whole point of the design of the Internet is that it does this sort of self-repairing rerouting. It was designed to survive chunks being taken out by a fricking nuclear bomb, for crissakes!"
No, the Internet was not designed that way. The protocols were. You can build a very weak and dangerous building with the best quality steel.
What's reverse DNS got to do with it?
This is reflected DNS which a UDP problem that fills your pipes and is nothing to do with someone killing your own DNS servers (although they may well be inaccessible as a result). It's a bitch to protect against and relies on poorly configured third-party DNS servers and really it's only a problem that either those server owners (fat chance) or carriers can do anything about unless you're a web monster with a large and distributed infrastructure.
The attack blocked Spamhous's pipes (as you say) by redirecting lots of DNS traffic (zone files) to them from open DNS servers. This blockage meant that Spamhaus were not able to respond to 'spam queries' from customers. The spam queries are in the form of a reverse dns (not used as a reverse dns but using the same protocol/structure etc). Hence the reference to reverse dns.
This post has been deleted by its author
This post has been deleted by its author
I've never really understood why ISPs make it so easy to spoof packets. You generally know what blocks of IP addresses you should have coming in on what lines. If some miscreant is injecting packets with spoofed source IP addresses ISPs should block them.
It wouldn't take much for the ISPs to filter out these packets coming in from their customers.
Peering links might be more difficult, but if the packets weren't allowed in in the first place would be a start.
The only downside I can see is overhead of filtering, which is surely insignificant compared with all the shit the government wants to add, and stopping people surreptitiously bonding multiple uplinks, which I wouldn't think was too common nor something most ISPs wanted to encourage.
Thanks Tim,
That's a good posting, basically saying exactly what I've been saying for years.
The difficulty isn't technical so much as getting all the players to act together. I, perhaps naively, wouldn't think the payback period for the investment in ingress filtering would be very long. When these things happen they cost the Internet industry a lot of money. The problem is no one has a stick to beat them into submission. I remember a discussion with an old colleague years ago about responding to attacks and he was saying the only time he'd been able to get ISP to respond quickly to problems was when he was running the networks covering the World Cup, he commented that all he had to do was threaten to throttle their connections and then publish which ISP were having their links slowed down, and all of a sudden the ISPs became extremely cooperative.
It's been just over a decade since I gave up trying to get ISPs and NSPs to filter "wrong" packets from egressing their networks (or ingressing from customer ones)
The uniform response was "our routers can't handle the load"
I understand (from those still carrying the torch) that's still the uniform response.
Companies have zero concience. They don't care if their customers are abusing the networks, as long as they get paid - and the only way to make them care is to make it hurt - a lot. In that respect it's actually easier to train an amoeba. At least those have some semblence of "memory"
This post has been deleted by its author
Why is the CyberBunker website running about as successfully as if it were the target of an enormous DDoS, and Spamhaus's website loading almost instantly? Weird. I'd've thunk at least el Reg would do a quick check before pushing out the same PR everyone else is publishing so excitedly.
Meanwhile, black helicopters en-route to www.pcmag.com/article2/0,2817,2417142,00.asp
Also, background:
webcache.googleusercontent.com/search%3Fq%3Dcache:3mqT64NVF2AJ:cyberbunker.com/web/spamhaus.php%2B%26cd%3D1%26hl%3Den%26ct%3Dclnk
This post has been deleted by its author
Fixeded the linkses did I?
http://webcache.googleusercontent.com/search?q=http://cyberbunker.com/web/spamhaus.php
Also:
http://webcache.googleusercontent.com/search?q=cache:http://cyberbunker.com/web/cityhall.php
http://webcache.googleusercontent.com/search?q=cache:http://cyberbunker.com/web/swat.php
Don't click on all three at one, or Google will lock you out of the cache for a while :-(
Buggered if I know.
We run a forum where people can post queries. With spammers in mind, the board is set to block anything that looks like a URL within the message.
So we get posts that read something like this
WKXRPFL asks
Penis pills I to agree with your postabilityness penis pills
... which posts are deleted before anyone but our moderator sees them. Apart from being a pita, WTF is the point?
Gaming search engines, maybe? Inverse bayesian filtering, or something? IE, instead of putting normal text in your spam to make the filters think it's legit, you put spam in everyone else's normal text to make the filters think that *spam* is legit?
I'm pretty sure I've seen spamvertisments for 'SEO' services which work by pumping massive numbers of comments with certain keywords out into the wild, and thereby skew the results of relevancy results. But that's really not much more than a chin-scratching "I wonder if this does this..." supposition.
I have to assume there's some purpose for it; people craven enough to achieve things by those methods are rarely industrious enough to do the work without some kind of financial gain in the offing.
There's a school of thought that says it may be used as stegenographic cover for various activities.
This usually comes from the same school of thought whih suggests Robert McNamara, Alex Plutonium and Serdar Argic's(*) rant-filled missives may have contained coded messages to intelligence operatives.
And which also suggests that all those pictures of Claudia Schiffer in alt.binaries.pictures.erotica contained encrypted text files detailing a lot of nazi-linked information the West German government would have preferred wasn't public.
(*)It's been a couple of decades. I may have mixed the names up.
And which also suggests that all those pictures of Claudia Schiffer in alt.binaries.pictures.erotica contained encrypted text files detailing a lot of nazi-linked information the West German government would have preferred wasn't public.
Oh come on! Everyone knows that rumour was started by some blokes in the CIA to give themselves an excuse to download the lot and study them very carefully, while getting paid to do it.
Netflix fine and Lovefilm too, At the same time!!!
Call me cynical but seems like a great publicity stunt for all involved???
but well done to the hard working admins slaving to fix everything, thanks guys and gals
don't SPAM me over this :-D
coat already taken and left the building
Well, I don't want to condone DDoS as a tactic under any circumstances, but....
Spamhaus is famous for their high-handed and arrogant attitude in blocking whole IP address ranges for the most trivial of reasons. If this DDoS attack exposes how many cheapskate hosting services rely blindly on their spam-and-a-lot-of-other-legitmate-traffic filtering services, then it has actually done the internet a service.
as I can't be on top of things all the time, and have twice had client PCs with virus/botnet get me blacklisted. Clean the virus/botnet off and submitted to be delisted and within no time back to emailing. The slight headache it caused was nothing compared to the headache of spam and other crap filling up my users' inboxes. Sure it is painful/impossible to create an inhouse outgoing mail server on my ip address because of anti-spam, but once again not painful enough to have no anti-spam at me end. As well, it was nice to have the email blocked at the other end when the PCs were infected, as it would have been more of an embarrassment having our customers getting lots of crap email from our PCs (that and both time it tipped me off that a PC on my network had a virus/botnet running on it).
Thanks spamhaus, spamassassin, and the other anti-spam I have layered on my incoming server to stop the crap coming in.
Got to be said that in the world of RBLs Spamhaus is by far the most reasonable to deal with.
Because to be fair accidents happen -- clients provide mailing lists that are pure junk; some ISPs have junk filters on hair triggers -- and when the rules change.. god help us. Our provider moved the main mail server to a new machine one weekend, same name, new IP. Everything bounced -- a tried and trusted internet machine with a long history of not supplying crap changed.
No longer could I send emails with the clients email addresses in the from like I'd done for the previous 7 years without issue. It was then I discovered that interesting league of gentlemen who promised to "sort it"
These are not the real vigiiantes who will never lift the block, regardless. These guys are the "trusted mail" providers whose sales pitch is along the lines of a protection racket.
Dealing with these services the conversations about getting the block lifted get positively threatening:
"Well if you subscribed to our service your mail would never be blocked -- we wouldn't want it to happen again would we sir."
Some members on the forum http://www.anon-hackers.com/r/1 were planning this attack and carried it out, go over there if you want to find out more information but i do know that there are some guys over there who are really clever and their attacks are very powerful.
Lazy journo's, this whole thing is bogus ! The only people aware of the attack (allegedly the worlds largest by some distance) were the three media seeking companies named. Just stop, pause for breath and engage your brain, if this attack was as described don't you think someone else, somewhere would have been affected ? The CEO of media darling Cloudflare reckoned it was nuclear in its size and power, well when was the last time someone let off a nuclear weapon/bomb without it being detected ????
Its all self serving nonsense and it reflects badly on the companies behind it and the chimps simply regurgitating the same nonsensical propaganda.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
