Spam Blacklist Targets Hijacked Telewest Customers 337
davidmcg writes "BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm. The Spam Prevention Early Warning System blacklisted the email addresses because a large number of the machines using them have been hijacked by spammers. Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."
Glad it's not my job... (Score:3, Funny)
I sympathise with them, I've tried banging my head against the wall before and it's not fun!
Re:Glad it's not my job... (Score:4, Insightful)
Re:Glad it's not my job... (Score:3, Insightful)
There may also be a problem with enforceability to the extent you are penalising someone for the actions of a third party; okay the user would have been okay had they kept all thei
Re:Glad it's not my job... (Score:2)
Re:Glad it's not my job... (Score:3, Insightful)
Yes. Just because the users ARE stupid, doesnt mean they should be allowed to BE stupid.
Try walking around town with a ghetto blaster playing some obscene music and see how quickly the police/someone from the public try to shut you up.
Re:Glad it's not my job... (Score:2)
Re:Glad it's not my job... (Score:2)
Re:Glad it's not my job... (Score:3, Insightful)
I don't know about difficulty of showing a loss - Lost customers, admin and helpdesk time due to spam listings adds up in a hurry. That SPEWS listing probably won't go away soon - the amount of time to get delisted tends to reflect the severity of the problem, and if they
Re:Glad it's not my job... (Score:2)
Re:Glad it's not my job... (Score:2)
Just have something where the user would have to enter their username/psw, and type-in some sort of obfuscated verification code from the website to re-enable their ports.
If the user re-enable
Re:Glad it's not my job... (Score:2)
Your suggestion for monitoring and throttling traffic if it's excessive might work. Few non-business users send more than 50 emails a day. Or the ISP could run a spam filter on outgoing traffic, looking for links to commonly spammed sites and common terms like V*agra.
Re:Glad it's not my job... (Score:2)
When I first got telewest the activity light on the front of the modem only lit up when I was accessing the net. These days the light never goes out as there are constant pings against my firewall all from the telewest IP range.
Oh and don't bother sending abuse any info about possible IP machines that have been infected as they do nothing with them. A number o
Re:Glad it's not my job... (Score:4, Insightful)
The real reason - they're just as lazy fucks/ignorant n00bs as their customers.
They keep singing the same old song, but its their customers that are causing the problem. Police them. Fixed IP. You're a zombie - you're gone. Let them sing "The Monster Mash" for all I care.
And the politicians/dickheads won't do anything because they are allowed to spam you (nice going guys - pass laws against spam, but include an exemption for yourself). Make politicians have a fixed IP (dr00l).
The best part about fixed IPs - if we bookmark them instead of doing a dns lookup, we couldn't have to worry about dns outages. Or stupid domain name wars. We do it with 10-digit phone numbers and 4-digit extensions - wtf can't we do it with a n 8-to-12 digit number on the net? Because the average user is STOOPID!
SPEWS did the right thing. Telewest fucked up.
Now if SPEWS would BLACKHOLE AOL, I'd notice a lot fewer probes. And while they're at it, maybe, as a public service, blackhole any site containing crapfloods from Maureen O'Gara.
Should point out.... (Score:5, Informative)
Telewest has had almost one million email address blacklisted by an anti-spam firm.
SPEWS does not block email addresses, it lists IP addresses. Its up to admins who use SPEWS to decide whether or not to use the listing to block email coming from those IPs.
If the users in those affected IPs use a legitimate email server, they can still send email to their hearts content. Only people running their own mail servers and direct-to-mx traffic would be affected.
Re:Should point out.... (Score:2)
GP is right, Parent is way off.
SPEWS (Score:5, Insightful)
SPEWS does not exist (TINS (there is no SPEWS)). SPEWS therefore cannot make announcements of any sort whatsoever, though they do have the Lumber Cartel (TINLC) to speak for them.
Good luck calling around (Score:3, Funny)
Re:Good luck calling around (Score:4, Interesting)
for a medium size ISP 16,000 machines spewing crap is a huge issue.
my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe
I run the AHBL [ahbl.org] and I am a firm believer in this. You are responsible for your car on the highway, you are responsible for the actions of your children if you have them, and you should be responsible for the damage your computer does to the public network. Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago.
Re:Good luck calling around (Score:4, Insightful)
In fact, i think it is sort of careless for ISPs to not at least monitor thier common ports for malicious activity. The added trafic from infections could be increasing bandwidth requirments as well as costing the ISPs more money in added equiptment. It just seems logical to try and keep costs down. Whats the chance that 1600 existing users are going to set up a mail server in about a month from each other and then flood the network with trafic that would appear to be comming from thousands of users? This should be spoted easily without some third party needing to get involved. My networks scan email and attachments comming and going at the server level and all it took was a couple of extra seconds to set up. Also snort lets me know of any wierd trafic pattern changes and i can check the difference in logs from several months ago if neccesary. It only take a couple of minutes a day. For this effort you get less people calling and complaining too.
Re:Good luck calling around (Score:2)
Why are the ISPs responsible for cleaning up the poop left by infections in MS Operating Systems???
Re:Good luck calling around (Score:2)
Re:Good luck calling around (Score:2)
Are you saying that there are 1.3 million positive hosts in the AHBL right now, or that over the past two years, you've had a combined total of 1.3 million hosts? There is a world of difference between these two situations, but
Re:Good luck calling around (Score:3, Insightful)
I expect the vast majority of telewest's customers are set up as per telewest's instructions as far as email goes i.e. they use telewest's smtp servers. If that is the case, their email is not blocked. It is only those who run an email server that will have a problem.
Not really a problem either, just make postfix (or whatever mta you're using) send mail via telewest's smtp server itself (relayhost directive). Those who run an email server will notice soon enough and take appropr
Re:Good luck calling around (Score:3, Interesting)
Yes, if that is what it takes to get their attention. Many ISPs adopt an "it's not my fault" approach to users abusing their networks, and anybody who runs any kind of mail server without taking steps to secure it is guilty of abuse.
Similarly, in this day and age, there is no excuse for users not to know that their machines have been zombied. The simple fact is that unless they are ru
Irresponsible to let infected machines stay online (Score:5, Interesting)
None of them had ever received that call from their providers (which could even be automated to some extent):
Re:Irresponsible to let infected machines stay onl (Score:2)
200 is not unusual, in some case you can multiply it by 10.
Re:Irresponsible to let infected machines stay onl (Score:4, Insightful)
Reinstall windows is the only thing that helps. After that the security software is a good thing.
However, having seen dozens and dozens of computers where the user was clueful enough to buy a security software, only to find out the system was already in a state where no security software will even install, I'm quite confident that most of these 0wned setups are already way beyond what F-Secure, Norton or the likes can do while installing.
And sadly reinstall windows can usually just get them owned again (recovery disks having no service packs, so the thing will get first Sasser-derivate into the system 30 seconds after the recovery install is done)
What computer manufacturers would really need to do is to ship everyone a free replacement recovery disc to get the system up with all patches. Funded by MS because it's their holey software. However, this would actually cost money, so instead people are left on their own.
Re:Irresponsible to let infected machines stay onl (Score:5, Interesting)
Have never seen one from a Verizon customer locally, though (RR and Verizon are pretty much the only two providers you see used around here.)
Re:Good luck calling around (Score:2)
These are home accounts, they shouldnt need external mail servers for *sending* mail. Yes, someone will probably complain and say they have a server at home which sends their email, thankyouverymuch, but I think a few people running servers on their home internet accounts is a good sacrifice for cutting spam..
Spam prevention good for me. (Score:2, Insightful)
On average I see one spam make it through my junk mail filter in thunderbird. I've set it up for my mom/dad/b
Re:Spam prevention good for me. (Score:2)
The problem is this spam is still being sent. DNSBL's are a tool to lower the mail processing load of mailservers which are inundated in junk. A had to drop $40,000 for a mail cluster last year because their smtp traffic had gone from 5000 messages an hour to almost 50,000 messages an hour. Their customers were inundated in spam and finally they put in blacklist [clis.com]
Re:Spam prevention good for me. (Score:2)
Re:Spam prevention good for me. (Score:4, Funny)
Just sit back and enjoy it, you fool!
Re:Spam prevention good for me. (Score:4, Informative)
Overreated? You have lots of people working on solving the spam problem for you. LOTS of effort goes into maintaining those blacklists your provider uses to provide an acceptable spam level for you, and you find it meets your needs.
The only reason you think it might be overrrated is that you are not realizing what an effort is being put forth for you.
Re:Spam prevention good for me. (Score:2, Insightful)
One way or the other, you are paying for the spammer's delivery, even if you have managed to filter it out to the point its personal impact is minimal. We all pay for the spammer's stupid get-rich-quick schemes. Spam is still an evil scourge, even if we don't see it thanks to the efforts of many.
Re:Spam prevention good for me. (Score:3, Informative)
easydns (not his isp) is doing the mail filtering and relaying for him.
so he pays for bandwidth, and pays for dns hosting + mail goodies.
Bandwidth is only usd for what gets by the filter.
If you are hosting a domain for yourself this is a good way to keep the bandwidth costs down.
So... whats out of the ordinary for this? (Score:4, Insightful)
So... ISP allows spam zombies to run free on its network, anti-spam firm overreacts by putting entire network on blacklist.
Is this really out of the ordinary? Weren't they doing this to US ISPs like Comcast until they started disconnecting zombie PCs?
Is there anything really out of the ordinary here?
Re:So... whats out of the ordinary for this? (Score:2)
If I recall correctly, Comcast's primary method of blacklist prevention is that they don't allow outbound port 25 access from end-user machines, everyone has to go through their SMTP server; Comcast doesn't get blacklisted because machines on their network can't spam. It's a very effective method to prevent traditional spam, one Telewest may want to adopt. As for disconnecting zombie PC's, Comcast does this very r
Re:So... whats out of the ordinary for this? (Score:4, Interesting)
The current way of spamming is not to use Port 25 ... the spam-bots run the spam out through the ISP's mail server, JUST LIKE THE CUSTOMERS! A spam-bot sending 100-500 emails an hour, 24x7, doesn't sound like much until you figure out how many spam-bots Comcast has. I get spam from comcast ... enough spam that I whitelisted a couple of people and /dev/null the rest.
Hmph (Score:5, Insightful)
Nothing to see here, move along.
Re:Hmph (Score:5, Informative)
This is true... my UK ISP, Nildram, simply blocks port 25 outbound for all machines unless certain conditions are met. Very few home users will have any need for this as they will use Nildram's mail server outbound, so only compromised machines which already run smtp services (and have previously passed the open proxy test) can become an issue - a tiny proportion.
With simple solutions like these, this should be a non-newsworthy item. However, with useless bastards like TeleWest not bothering to do this and permitting unfettered port 25 outbound, it is newsworthy, if only for name-and-shame reasons. Assuming you live in the UK and give a shit, of course ;-)
J.
Re:Hmph (Score:2, Interesting)
Responsibility (Score:3, Interesting)
FTFA: One hijacked PC on the Telewest network was sending out more than 100,000 e-mail messages per day, he said.
In cases like these if the offending computer is cleaned with (insert time frame here) then perhaps some negative reinforcement should be considered. fines etc???
Re: (Score:2)
Almost a million addresses? (Score:3, Interesting)
Somehow I have a bit of trouble believing this. How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it? Or an email with such software in it? Or even call users and tell them they have an issue?
I don't think they've done jack crap myself. And anything they have done is some token gesture to salvage their image.
Re:Almost a million addresses? (Score:2, Interesting)
You're first two suggestions would likely expose Telewest to possible litigation. I can imagine users blaming Telewest if the software they were sent managed to screw up their computer in a way that resulted in data lost.
You're third suggesti
Re:Almost a million addresses? (Score:2)
I think the protecting factor here is that they tell you to buy from someone else or use what they packaged for you. If it was a requirment to use thier stuff then i could see the litigation. If it is j
Re:Almost a million addresses? (Score:3, Insightful)
Erm... Not as easy as you would have us believe. Firstly, the software has to be sourced, secondly, the licences have to be checked (they could get into trouble, for example, if they gave a CD containing 'free for home use' software to a business), the CD has to be produced and then it has to be distributed to the customers. If the
Re:Almost a million addresses? (Score:2)
Isn't that what Mr. Gotti and Mr. Capone thought too?
So, Telewest shouldn't be held accountable for such a situation going completely haywire? If they just want to smoke their own servers that's fine with me, but when their users spew millions of messages per hour to the global mail infrastructure it's their damn responsibility to clean up their act.
Assume a chemical plant, which is a security hazard, but which the owners won't clean up,
Re:Almost a million addresses? (Score:2)
Re:Almost a million addresses? (Score:2)
Re:Almost a million addresses? (Score:2)
Telewest (AKA Blueyonder) sent one out to all subscribers about a year ago... it was a little tin box with a first aid symbol on the top with a CDROM inside... absolutely useless and unnecessary to me as I run Linux ;)
I suppose I could open it up tonight and report back with what's actually on the disk... unless any other Telewest (AKA Blueyonder) user is able to check during
easy fix for this crap (Score:4, Insightful)
Re:easy fix for this crap (Score:2)
Re:easy fix for this crap (Score:2)
SBC also gave me five public ip adresses then thier lower level techs decided i couldn't have a domain pointed to them in the dns. A few demands to talk thier supervisors cleared that one up too. The dns guys told me to call them direct or i
Re:easy fix for this crap (Score:2)
Also if you are manageing you domain server you can actualy change the ports you use. You can also find port redirecters that with allot you to send to port 89900 and then they relay it to port 25. I belive these are free too. Or they w
Re: (Score:2)
Re:easy fix for this crap (Score:2)
2. The poster specified that users should be able to unblock port 25 if they want to. Blueyonder could make this a part of their portal along with the existing account settings.
Re:easy fix for this crap (Score:2, Interesting)
Re:easy fix for this crap (Score:2, Interesting)
You can use this as an antispam measure, just send a zero window or hold an ack for test and if the sender continues to blow data
I miss the old days (Score:4, Insightful)
It's a good thing we have such secure consumer operating systems, or this could turn into a real problem!
Telewest faced usenet death penalty 3yrs ago (Score:5, Interesting)
Self help solution (Score:4, Interesting)
SPEWS isn't a firm (Score:5, Insightful)
Email Addresses? (Score:5, Informative)
Re:Email Addresses? (Score:2)
So I think you've been a bit pedantic.
Re:Email Addresses? (Score:2)
And yes, I'm speaking from experience. *sends malicious wishes towards spamming ex-client*
Re:Email Addresses? (Score:3, Informative)
p.s. I am SPEWS [iwethey.org]
Is blocking port 25 really useful? (Score:3, Interesting)
Comment removed (Score:5, Informative)
Helpful Explanation for non-admin types ;-) (Score:2)
In fact, as smtp works on a 'store-and-forware' principle, most real people send their emails to their ISPs smtp server (eg
Re:Is blocking port 25 really useful? (Score:2)
Pay and you are removed from the list (Score:2, Interesting)
Interesting: The company won't say who they are. [admins.ws] They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law.
Re:Pay and you are removed from the list (Score:2, Insightful)
Re:Pay and you are removed from the list (Score:2)
My experiences with Telewest (Score:3, Interesting)
So awhile ago I switched to using their own mail servers and now I'm getting even more blocked. Argh!
Broadband providers will actually have to start taking responsibility for this sort of thing and disconnect zombie infected clients. Not just for the good of the Internet as a whole but so their OWN customers don't jump ship to a small DSL provider to avoid this irritating blacklist nonsense.
Interestingly a couple of years ago, or so, they cut me off because they eroneously claimed that my mail server was relaying. It wasn't, it never was. They refused to take my calls and sort it out and I had no option to cancel the service and write a letter of complaint to their management. I spent another six months on a DSL provider before running back, tail between legs. Maybe they've taken the view that enforcing these tests (which are necessary, I will admit, although they did seem inept at it) costs them customers like me - users of their highest and most expensive tier of service? But surely the biggest problem is zombies on family PCs via the basic service?
Note: Other than that, Telewest/Blueyonder is by far and away the best broadband service I have used. Never any evidence of contention and it's many times more reliable than any DSL service (and I've tried six) with pretty much bugger all down time.
Re:My experiences with Telewest (Score:2)
Interestingly, blueyonder *do* have a suitable clause in their Ts&Cs, or at least did when I signed-up (~3.5yrs ago), that security was the user's problem and that they may well disconnect idiots. I really wish they'd acted on it more.
> they eroneously claimed that my mail server was relaying. It wasn't, it never was.
I blocked their scanner with an icmp-admin-pro
Re:My experiences with Telewest (Score:2)
Thats possibly exactly what SPEWS want to happen.
"Hey, our custimers are leaving us."
"Darn, we'll have to cut the zombies off."
Re:My experiences with Telewest (Score:2)
Undoubtedly but I contrasted that with the fact that their last effort on cracking down on this sort of thing (in the case of mail relay), they got wrong and it lost them a customer. So Telewest may be wary of pissing anyone off too.
Re:My experiences with Telewest (Score:2)
J.
Re:My experiences with Telewest (Score:2)
After six different providers on both business and domestic tarrifs, I don't make this statement lightly.
Old news (Score:2)
Re:Old news (Score:2)
You (or Telewest) have them confused with some other DNSBL.
Email addresses? (Score:2)
SPEWS blocks IP address ranges, i.e. netblocks, as the article very clearly states.
The article is *all* wrong (Score:2)
What's really happened is that TeleWest, like many other cable and dsl providers, has had t
Solution? (Score:2)
Start
Shut-Down
Restart in MS-DOS
c:\format c:
Lazy maintainers (Score:2)
Re:SPAM prevention for me ... (Score:2)
Re:SPAM prevention for me ... (Score:2)
Re:SPAM prevention for me ... (Score:2)
Re:SPAM prevention for me ... (Score:2)
Until one of them forwards an email, CCing to all their friends, suddenly an awful lot of people have your address and it gets picked up from somewhere.
I have had to educate several people about (the existence of) BCC
You can't run, you can't hide... (Score:5, Insightful)
Wait until one of those PEOPLE gets a virus or trojan on their PC and your address is harvested. Or they forward you - and 600 other people - a joke. Or god forbid they post it on their website as part of their friends list, or what have you.
Try having an email address like bob@some.tld. Try hosting a domain and forwarding root@, webmaster@, postermaster@, abuse@, et cetera to your account. Spammers have lists of simple and obvious usernames that they send to every domain they can think of hoping for hits.
I want the public at large to be able to contact me in some instances, so I publish my email addresses unobfuscated. I have 'bob@some.tld'-style email addresses. I forward root@ (and et cetera) to my other accounts for my domains. I couldn't hide even if I wanted to hide.
If you run your own email servers, take a look at this advice [slashdot.org]. Since the time I took the advice (a couple months ago) I have received *one* spam and that was appropriately tagged as spam and filtered into my spam folder. As far as I can tell there haven't been any false positives.
(I realize the irony in my use of a gmail address for my slashdot account, but that's not about spam. That's about a whole different issue: anonymity.)
Re:BBC news crawling, posting cache of site. (Score:3, Informative)
Re:port 25 (Score:2, Informative)
I am a Telewest customer, but I do not use their mail services (MS Exchange!!!) so this would affect me. However, my email provider allows me to connect to an alternative port (IIRC 2525). I believe this is quite common. GMail uses some non-standard port too.
BTW, Telewest is probably one of the best ISPs in the UK. Reasonably priced and they have no bandwidth c
Re:Who actually uses SPEWS!? (Score:2, Informative)
Re:Who actually uses SPEWS!? (Score:2, Informative)
Re:No serious admin should use spews bl (Score:4, Informative)
I do agree one should be careful of choosing a blocklist to use. SPEWS is one of the most aggressive. It does not fit everyone's needs.
SPEWS does not block whole of China. Only the network providers that do not act on spam complaints. Exactly like the SBL does.
Next time before you insert your foot in your mouth, do some fact checking first.
Re:No serious admin should use spews bl (Score:3, Insightful)
Re: (Score:3, Insightful)
Re:maybe they should not have ignored their proble (Score:3, Informative)
Example, I had a long term hosting reselling client, he had sites relevant to the local area he lived in at the time, mostly some sites based around Oregon, etc and they were all perfectly legitimate sites. He had never relayed any spam via my servers.
After a couple of years this fellow had taken to working with some of the big spammers, he was doing this elsewher