 
Wed, 12 Jan 2005 14:40:11 -0700
|
At 01:41 PM 1/12/2005, Paul Karagianis wrote:
>Once I had time to check the logs it appeared to me that around 60% of the WWW
>activity was being done by a single user (217.84.47.170 -
>pD9542FAA.dip.t-dialin.net),
known spam friendly service http://tinyurl.com/475wp
don't waste time complaining to t-dialin. I'd suggest a blanket ban on
exchanging packets with their space entirely
>I changed the access on that particular list from "Public" to "Private" (which
>immediately solved the performance issue) and a few hours later the
>automaton went
>away. Today I'm seeing similar behavior from 84.133.52.168 against
>another list,
>which I've also changed from "Public" to "Private". Meanwhile,
>155.69.5.235 seems
>to be going through the lists alphabetically pulling the indexes and I'm
>assuming
>it will start hammering some list soon too.
Thanks for the heads up. I hadn't seen traffic from there before, but I'm
now blocking that new range at my firewall. You should block the entire
/16 unless you have a legitimate reason to expect traffic from
Singapore. Singnet is a known spam friendly host. The other major problem
children over there are VSNL.NET.IN, SEED.NET.TW, and TELKOMADSL.CO.ZA I
have yet to have a response to an abuse complaint from any of them (except
for vsnl that kept trying to get me to change where I sent abuse reports
after they were added to SPEWS, but who still didn't terminate their spammers).
Lookup 155.69.5.235 (unresolved) in 20+9 Zones
AS: <http://openrbl.org/link/155.69.5.235@radb>155.69.0.0/16
<http://openrbl.org/link/3758@as>AS3758<http://openrbl.org/link/sg@country>
SingNet UNKNOWN
Net <http://openrbl.org/link/155.69.5.235@netgeo>155.69/16
<http://openrbl.org/link/155.69.5.235@arin>NTUNET1<http://openrbl.org/link/sg@country>
<http://openrbl.org/link/acm.org@abuse>@acm.org
Results: Positive=1, Negative=27, Timeouts=1 (2005-01-12 21:35:09 UTC)
>Anybody else know what's really going on?
> -Kary
Spammers actively hunt for public accessible lists precisely for the
reasons you suspect. You just can't have public accessible archives. I
wonder how many people would subscribe to a list with an honest disclosure
that read "we have this list configured with public archives to facilitate
spammer harvesting of subscriber addresses." My primary client with
listserv lists has an absolute prohibition on public archives, to the
extent that if a list is configured public the people running the list will
be thrown off the service for violating their anti abuse policies. I would
suggest that site administrators go through and change anything that
permits public access to messages or anything else. It is just too risky.
Yes, there is a downside. I spent some time with the owner of a list
yesterday helping him to configure himself so that he could review his own
archives and subscriber list. Novices need more training to use a secure
list. However, that is no justification not to run a secure list.
You might even consider going one step further, and make the lists semi
moderated. On some of my lists that are open to public subscription, I set
new subscribers to moderated by default, and turn them loose only after a
couple of posts have convinced me that they aren't spammers. I learned
that one the hard way.
--
Charles Oriez [log in to unmask] 39 34' 34.4"N / 105 00' 06.3"W AIM
ID caoriez
We could certainly slow the aging process down if it had to work its way
through Congress. ~W.C. Fields
|
|
|
