Spam War Takes Out Blog Services
Posted by
Zonk
on Thu May 04, 2006 10:06 AM
from the lj-writers-use-ddos'd-icon dept.
from the lj-writers-use-ddos'd-icon dept.
munchola writes "Following on from the story about spammers attacking Blue Security's anti-spam system, CBR is reporting that Six Apart, which runs the popular LiveJournal and TypePad blogging services, has become a collateral victim. Six Apart told its millions of bloggers it had experienced 'intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com', before resolving the issue in the early hours of Wednesday. '[The spammers are] trying to rip apart the internet just to make our community stop fighting back against spam,' Blue Security's chief executive Eran Reshef said, adding that he knows who's behind the attack."
Related Stories
[+]
Your Rights Online: Details of the LiveJournal Account Hacks 246 comments
An anonymous reader writes "Brian Krebs of the Washington Post has written about the recent spate of
hijackings at Six Apart's popular LiveJournal service. Hundreds of journals have now been taken over by a
notorious group called 'Bantown' using a series of complicated cross-site-scripting vulnerabilities. Krebs details the recent security changes made by LiveJournal in response to the takeovers." From the article: "It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar JavaScript flaws on the LiveJournal site that could be used conduct the same attack. [Bantown] group members said they plan to turn their attention to looking for similar flaws at another large social-networking site. "
[+]
BlueSecurity Database Compromised? 375 comments
EElyn writes "Numerous users of Blue Security's anti-spam system now report of a new form of aggressive spam. An unknown group of spammers claim to have derived a way to extract the member email addresses of Blue Security group's anti-spam system, called Blue Frog. Blue Frog, a small tool which once installed on the user's computer, enables Blue Security to systematically flood a known spammer's website with opt-out messages; much to the headache of the spammer. Tens of thousands of users have already signed up, so can it really be true that spammers now possess this database? Or is this yet another frail attempt by spammers to intimidate the user?" Another reader sent the text of the letter; read more to see.
This discussion has been archived.
No new comments can be posted.
Spam War Takes Out Blog Services
|
Log In/Create an Account
| Top
| 315 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Guilty of what? (Score:1)
(http://slashdot.org/~eldavojohn/ | Last Journal: Tuesday October 16, @03:26PM)
What are they going to charge him with? Logjammin'? [logjammin.org]
I guess that isn't so funny if you've never seen The Big Lebowski [wikipedia.org].
Re:Guilty of what? (Score:4, Funny)
Is Blue Security going public with who's behind it (Score:2)
He should, so we can put on the pressure.
Re:Is Blue Security going public with who's behind (Score:5, Funny)
(http://www.brendansstudentloans.com/)
Fighting abuse with abuse is bad (Score:3, Insightful)
(http://205.205.253.95/Crackster | Last Journal: Wednesday September 22 2004, @09:57PM)
Swamping a spammer is not a good idea, because he can either redirect the attacks to an innocent third party, or simply pointless because they use stolen ressources, like trojaned computers that host illegal sites.
The best way to eradicate spammers would simply be to go after their clients.
Re:Fighting abuse with abuse is bad (Score:5, Interesting)
That hasn't worked yet. If you have some idea how that could be accomplished and effective against spam and spammers, please feel free to elaborate.
Blue security seems to be causing pain to spammers, enough to get a rise out of them at least. Aren't they actually reflecting the spam back to the source? I think that was their tactic.
If they are effective, that's a net positive in the spam fight.
Re:Fighting abuse with abuse is bad (Score:5, Interesting)
It seems blue security has been compromised by the spammers.
I can't see why blue security should be blamed- except for their security problem.
The problem is spam and spammers, and it is ludicrous to think otherwise.
I have been working on the spam problem for >10 years.
The problem is lax ISPs and network operators who don't pay attention to their mail. Who don't jump on the trojaned machines on their network that are causing >90% of the spam problem in the world.
I have had the same trojaned machine sending me the same spam every 15 minutes, from a school district. It took me days to finally get a shitty response out of the network operators there to get that machine shut down until it could be cleaned. They didn't seem concerned at all, it was like I was "bothering them" to ask them to stop that machine from spamming.
I bet it was sending 150,000 messages between the ones I received. Obviously a major problem. They couldn't care less.
Now THEY should have been DOS'd.
Ya know, several years ago I asked one of the principles of Akamai to get involved, to provide some of the bandwidth and hosting in a fault tolerant fashion, which they reportedly are in a unique position to provide on their monitored distributed network. Practically cannot be effectivedly DOS'd. They thought my proposal "interesting" but didn't want to get involved for the good of the internet, because they didn't want to attract attention from the bad guys.
It wasn't 5 or 6 months before they were DOS'd and extorted.
EVERYONE is involved now. We are all being extorted by the spammers. If you cross them they will attack you, even if you just ask them to please stop spamming you.
The only possible answer is responsibility. Networks being responsible for what goes on over their network. Shut down spammers. Don't rent them servers. Don't sell them bandwidth. Jump on problems, even on weekends and holidays, and you have to do it FAST.
Nothing is going to stop spam completely, we can only increase the cost to spammers, and increase the costs for networks to sell to spammers. Make it uneconomical to have spammers as customers.
When the cheapest T-1 a spammer can find is $250,000 a month, spam will stop.
Re:Fighting abuse with abuse is bad (Score:5, Insightful)
(http://yakk0.org/)
Opting out is *NOT* abuse! (Score:5, Insightful)
(http://slashdot.org/~Spy+der+Mann/journal/ | Last Journal: Saturday November 10, @01:50AM)
4 of the 10 major spammers had already excluded the blue security list from their mass mailings, and their problem was solved. But this particular spammer, instead of complying, shut down Blue Security.
Just because Blue Frog causes A SIDE EFFECT of disminishing the bandwidth of the spammer's website, is not Blue Security's fault. (It is our LEGAL RIGHT to request for opt-out, and to keep requesting it UNTIL IT IS FULFILLED).
To say opting out is abuse, is nothing but legitimizing illegal (non CAN-SPAM complying) spam.
Re:Fighting abuse with abuse is bad (Score:4, Insightful)
War and drama asside: I keep waiting for someone to make this point but I'm not seeing it yet.
Spam is a solicitation to contact the advertised party in the hopes that you will give them money. Otherwise known as an advertisement. THEY CONTACT US. It's called the free market. In turn we all have the right to use the communication path they supply to request that they leave us alone.
Is it illegal to contact some company you see on a billboard or in a TV commercial? What absurdity! What is this world coming to where everyone gets sucked into DDoS drama at every chance? Blue Froggers are just doing business within the realm of the law. No stretching the rules. No sensationalism.
The only reason spammer servers crash is because they aren't prepared and are poorly designed. They have two options:
1. Seriously upgrade their infrastructure to handle whatever degree of responses their advertisements generate & hire more staff to process the hits their ad generates.
=or=
2. Seriously decrease their advertisements to be in line with their capacity to manage their generated trafic.
It's just economics and common sense. This DDoS talk is a waste of time - the Blue Frog client is much nicer to the spammers than they are to us. And this huge amount of anger directed at Blue Frog is proof that it bites into their freedom to be irresponsible.
They can keep their pill pushing sites - I don't care if there are suckers out there dumb enough to give them money. I just want them to stop bothering ME. They will never get one red hot cent from me. They WILL get endless trouble from me as long as they continue to disrespect my privacy.
All the best folks!
B.
Blame fest (Score:5, Insightful)
The spammer also launched a conventional bandwidth-consumption DDoS attack against bluesecurity.com. It was around this time that the company opened its new blog, which meant TypePad got whacked.
This blue security article has been running for a few days now and the site hasn't been responding any time I've tried recently.
Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?
A total slashdotting/digging/farking and general newsing all at once.
It was the same when word spread about google going down.
"OMG have you heard, google is dead?"
*CLICK* "Yer, its not working here either" *CLICK* *CLICK* *CLICK*
*CLICK* "Hey, its loaded here." *CLICK* "Oh crap, its broken again now.."
We are all guilty of assisting this DDOS attack. shame on us.
It will ease up once something else comes and takes our attention away from it.
Re:Blame fest (Score:5, Informative)
" Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?"
No. Here's what happened:
Believe me, TypePad gets Farked/Dugg/Slashdotted every day. They can handle the normal traffic spikes. This was deliberate, and it was well documented.
"We are all guilty of assisting this DDOS attack. shame on us."
A drop in the ocean. TypePad can absorb these sorts of things. Make no mistake: TypePad was taken down by a deliberate, coordinated DDOS attack.
Pistols at dawn. (Score:1, Funny)
Too bad dueling is dead.
Let the bloggers blog! Set my people free! (Score:2)
(http://www.komar.org/christmas/)
Kill the spammers (Score:5, Insightful)
Different take... (Score:2)
Spammers are taking over...its sad really. (Score:1, Interesting)
Two birds with one stone? (Score:5, Funny)
I can't see any down side to this, honestly.
Self-hosting (Score:3, Informative)
(http://www.intelligentblogger.com/ | Last Journal: Monday August 27, @11:47AM)
While Blogger eventually added a captcha to solve the problem (after being non-responsive to support requests), it left a bad taste in my mouth. It was at that point that I decided to go self-hosted. I've never looked back. For the cost of a cheap hosting provider, you can setup a Wordpress installation that looks better, is more feature-rich, and automatically queues suspcious messages rather than allowing them to pass through. So while my site could be DDOSed if it was specifically targetted, it can't be overloaded with spam or used to take down other bloggers.
Shifting attack (Score:2, Interesting)
(Last Journal: Wednesday November 07, @10:09AM)
"He's trying to rip apart the internet just to make our community stop fighting back against spam," Blue Security's chief executive Eran Reshef said of the spammer he believes launched the attack.
LiveJournal and TypePad found themselves suffering the brunt of the attack when Blue, which says it has been targeted by a "top four" Russian spammer, redirected the front page of its website to a blog hosted at TypePad's data center.
Reshef said Blue replaced the front page of its site with the TypePad blog to keep its users up to date with events, and disagreed with commentary that said Blue acted irresponsibly by passing the DDoS burden to Six Apart.
"We didn't offload any DDoS," he said. "That's like blaming the victim of a crime."
Since they were apparently in contact with this dirtbag, didn't they see this coming? Perhaps they were just being well-intentioned by shifting their front page to a blog with information for their users, but since they don't host the blog, that seems like dirty pool. Spammers are not known for being the most easy-going people in the world and sure he made threats about a DDoS. Seems a bit iffy. It could all be above board but without more info, who knows?
I find it interesting that they supply spammers with the addresses of their clients, so the spammers can avoid emailing them. Wouldn't a spammer get that info when they get bombarded by unsubscribe requests? Seems like handing the fox the keys to the henhouse while you slip off for a brewski.
Re:Shifting attack (Score:5, Informative)
(Last Journal: Friday September 14, @02:22PM)
Also, the spam reports that are sent out are sent from a proxy type email address. My normal address wouldn't show up, but username@reports.bluesecurity.com is where it would come from.
Personally, I see nothing wrong with sending 1 unsubscribe request per piece of spam I get. BlueSecurity has just automated this method so I don't have to take the time, and they also handle escalation to the proper authorities if the situation isn't resolved.
If the spammer perceives getting 1 unsubscribe request per spam he sends a DDOS attack then I would think the best course of action would be not to send to those people. Heck, we are the ones who wouldn't buy anything from them anyway.
Also, based on what I have read in the blog itself (when it was still accessible) it was a user in the comments that suggested redirecting the site and error pages to the blog so users would at least have some clue what was going on. It's likely they took the advice without contemplating the potential outcome.
Re:Shifting attack (Score:4, Insightful)
(http://clintonhawk.net/)
hahaha (Score:1)
Everyone keep's knocking blue... (Score:5, Insightful)
(http://www.spadez.net/ws)
So, do you have any better suggestions, if not then I kindly ask you to ommit your views until you can add something to the cause.
Just post these guys' addresses and photos... (Score:2)
For those of you Blue Frog users... (Score:3, Interesting)
(http://slashdot.org/~Spy+der+Mann/journal/ | Last Journal: Saturday November 10, @01:50AM)
The next step is automating the process, perhaps making a new version of Blue Frog that doesn't rely on a centralized server. Do that, and we'll regain our mailboxes.
Let's not forget guys... (Score:2)
(http://slashdot.org/~Spy+der+Mann/journal/ | Last Journal: Saturday November 10, @01:50AM)
That most DDOS attacks right now are done using botnets. If we should blame someone (besides our mediocre congress), it's Microsoft for having such a weak security in their desktop OS. And for not updating pirated copies [slashdot.org], which are used as botnets too!
Tucows DNS attack? (Score:1)
(http://grahamrobinson.com/)
Cheers,
Graham
Backbone Subversion (Score:1)
Breaking point (Score:3, Insightful)
Go open source (Score:2, Interesting)
(http://somejunkwelike.com/wordpress/ | Last Journal: Friday March 05 2004, @04:46PM)
Take them out (Score:2, Insightful)
500 000 is nothing (Score:2)
I've not heard of BlueSecurity before, but after those stories, I'm signing up with them. I urge anyone who wants to help fight against spam and vandalism on the Internet do the same.
After all, when noone can take care of a problem for you, it's time to step up and solve it yourself.
Stop Being Cute About This (Score:2)
Stop being cute about this and just tell us who. Information in power, and you're only facilitating this person's ability to continue to hide until you unmask him/them.
SixApart should sue them (Score:3, Interesting)
(http://www.codemonkeyramblings.com/)
Blue Security are idiots (Score:2, Insightful)
First, these idiots set up an "anti-spam" service whose response to abuse is...abuse.
Second, they use a fraudulent corporate name. (Use Google and search Usenet.)
Third, they locate themselves on a network also happens to house one of the scummiest spammers on the planet.
Fourth, they decide to redirect an incoming attack at an innocent third party.
The only surprising thing is how many morons have actually DEFENDED these idiots.
Recommendations:
1. Permanently blacklist their domain(s).
2. Firewall off their network.
Tucows services still recovering from DDoS (Score:3, Informative)
Ha! All of Tucows services, including the managed dns and email defense services were completely down most of yesterday. The managed DNS service is still impaired until the new IPs of ns1.mdnsservice.com and ns2.mdnsservice.com propagate (they just this morning changed the TTL to 1200 secs %-).
status.tucows.com
Managed DNS Service Degraded Performance - restore time is currently unknown Beginning at approximately noon Wednesday May 3rd the Tucows network was under a severe DDOS attack. To stop the attack, we have changed the IP addresses of the servers. If you are using IP addresses in order to connect to MDNS, you will have to update your records. Also, any nameserver with a long TTL should be updated in order to use the new info. Next Update Time:15:20 UTC, 04 May 2006",/i>
bluesecurity.com domains (Score:1)
(http://evilloop.com/ | Last Journal: Thursday November 08 2001, @11:27PM)
To Stop Spam (Score:2, Insightful)
People could stop clicking, but that is unlikely to happen. Especially in America, people are always looking for the easier path: be it cheaper medication, promises of enhanced "performance," tales of rapid weight loss while sitting on your couch, or the constant get-rich-quick scheme.
If people actually thought... yes, used higher brain functions... they may realize that it is virtually all just BS.
It could also be that the general masses don't realize that everytime they click on a link or reply to an email, someone is making money. And that is a problem with awareness of how the internet works. Most seem happy to just know that it works.
Just not trying hard enough (Score:2, Funny)
Why not... (Score:2, Insightful)
redirct the domain name to 127.0.0.1(taking up to 24-48 hours to update) as one of the other posters posted...
Why I ask is because where I work we had a similar problem and sence I maintain our web server we had no choice but to unpluge the network cable. Waited 5 minutes and pluged it back in and vwala! no more DOS.
My best guess was that as soon as the DOS'er saw that our site was "down" they/it thought that there task was completed.
It is almost( but not quite the same) as if some one took a ethernet cable and created a loop on the same pair of switchs. (i.e. two switches are connected to each other. Then some random idiot looks at them and plugs in a spare cable in to both, creating a network loop.)
BlueSecurity on holiday? Unacceptable (Score:4, Insightful)
(http://www.animats.com)
This is a 24/7 business. A serious online service vendor can't have company holidays. Least of all in the security business.
Blue Security's Blog (Score:2)
(http://wfpearson.blogspot.com/ | Last Journal: Monday May 01 2006, @08:29PM)
Netcraft Article on DDoS [netcraft.com]
My original article on the attack 4/1/06 [blogspot.com]
The DDoS started with invalid PHP requests. I think the spammer is using a combination of methods to disable Blue Security now, but that's just an assumption. The question is, how long are spammers going to focus their efforts on the counter attack? Using their resources to attack Blue Security means less resources to send profitable spam. The spammer wants me to unregister from Blue Security's site, but at the same time, disabled it. Don't get me wrong, I'm not about to cave in to extortion. Right now I'm happy to have Gmail intercepting spam so others don't have to deal with it. I guess you can say I and the rest of the Blue Security community are drawing fire for the rest of ya'll.
Bluesecurity DNS entries are poisoned (Score:1)
awright ... fess up... (Score:3, Funny)
So which of you scumbags is responsible for this.
community.bluesecurity.com back online? (Score:1)
It loads, but the forums are missing.
Spammers = Mafia? (Score:1)
(http://sg1archive.com/)
My froggie can't join the pond :( (Score:1)
Re:Don't let Blue Security fool you... (Score:1)
Claiming that Six Apart should take legal action against Blue Security because criminals were attacking Blue Security is absurd. It's like blaming the rape victim for getting raped.
All us Frog users have been desperate for news about our pals at Blue Sec. I appreciate the effort they took to get word out to us. The fact that the spammers then directed their attack towards SixApart shows just how desperate and belligerent they are. They are greedy godless bastards. And their actions shall undo themselves.
What will the emo kids do? (Score:2)
(Last Journal: Tuesday August 07, @01:18PM)
Re:Staged by BlueSecurity for publicity (Score:1)