Amazon's EC2 Having Problems With Spam and Malware 103
jamie pointed out a story about the recent problems Amazon's EC2 service has been having with malware and spam. "EC2 space is now actively blocked by Outblaze, and has been listed by Spamhaus in their PBL list [...] However as Seth Breidbart noted in the comments, 'note that Amazon will terminate the instance. That means that the spammer just creates another instance, which gets a new IP address, and continues spamming.' True enough -- as described, instance termination simply isn't good enough."
Re:So what is EC2? (Score:5, Informative)
Re:I'd RTFA but... (Score:5, Informative)
My thoughts exactly. Luckily, Brian Krebs at the Washington Post wrote about this in his Security Fix blog [washingtonpost.com].
Re:Terms of Service (Score:5, Informative)
Actually, tough luck to vendor who allowed the fraudulent transaction. The credit card companies themselves typically have very little (any?) responsibilities when it comes to fraudulent transactions. It's entirely up to the vendor to do the proper verification prior to billing a transaction, as far as I know.
The problem is that these small fraudulent transactions are typically more expensive to track down than they are to write off. If someone racks up a $1,000 bill on the ec2 cloud with a stolen card, the credit card company isn't out a dime, and the vendor (in this case Amazon) isn't likely to spend much time finding and prosecuting whoever is using the stolen card because it's expensive and time consuming to do so. Sure, maybe some ip addresses will be blocked and cards added to blacklists (temporarily?) but that doesn't stop the next guy from doing the same with a new stolen card.
Re:Terminate accounts not instances? (Score:2, Informative)
I remember when PayPal did that when I opened my account back in 2000. I'm not sure if they still do that, but it certainly is a solution. It adds significant time, infrastructure (auto mailing facilities, employees, machines, etc) -- which all boil down to cost. I didn't like waiting the 4 or 5 days for my secret pin to arrive. On the other hand, if I applied for an account and either my pin didn't work or I never received it and I had to go through it multiple times, I'd probably start looking at other solutions.
Re:Death Penalty (Score:3, Informative)
Your suggestion is equivalent to throwing knife makers in prison because some of their customers misuse the product.
Actually, it's more like going after gun dealers who don't go through standard procedures before selling a gun. If you held the companies responsible, believe me there would be more initiative to prevent spamming. That, and it's not tough to nail companies that ship a large amount of placebos and claim them to do things they don't.
Re:Terms of Service (Score:2, Informative)
They'll dispute all the illegal $1000 charges by EC2 which would cost Amazon a hefty chargeback fee for each transaction reversed.
And possibly Amazon suffers other actions. Due to unjustifiable $1000 'surcharge' running afoul of consumer protection laws.
You and I may think spam's bad, but that's not going to convince a court that Amazon's justified in charging someone $1000 to send a few hundred emails.
PBL is the wrong blacklist to whine about (Score:5, Informative)
Ah, the PBL. That's where your argument falls to pieces.
From http://www.spamhaus.org/pbl/index.lasso [spamhaus.org] :
PBL IP address ranges are added and maintained by each network participating in the PBL project, working in conjunction with the Spamhaus PBL team, to help apply their outbound email policies.
So, your ISP told Spamhaus that mail shouldn't be coming from the range your IP address is in. Not Spamhaus making a trite, petty and vindictive block for the fun of it. Not some blacklist deciding in error to block a whole /24 full of static addresses with REAL rDNS records for most of it because they found a couple of zombied machines with vaguely generic-looking PTRs in it. This is a case of the people you pay for connectivity telling Spamhaus that the rest of the world should not accept mail from your IP address or others near it until further notice - they're being good neighbours, and are to be applauded.
If you have a static address you can poke a hole in the PBL for it pretty easily - *you* can provide that further notice:
A feature of the PBL is the elimination of 'false positives' with a server-identifying and automatic removal mechanism for single IP addresses. This allows end users with static IP addresses within a larger dynamic pool, and legitimate mail server operators, to assert that in their opinion their IP addresses are a trustworthy source of email and to automatically remove (suppress) their IP addresses from the PBL database. Safeguards are built in to prevent abuse of this facility by spammers (and particularly by automated bots).
Do your research. The PBL is pretty damn useful, and you probably qualify for free use. If you have an unfiltered postmaster address on your domain (you do, don't you?) the smart thing would be to start blocking with it but make sure the rejection contains something like "Rejected: $IP_ADDRESS listed in Spamhaus PBL ( http://lookup-urlip_address/ [lookup-urlipaddress] ) - please contact postmaster@whineyblacklisthater.org for assistance if required" - you'll find that the "false-positives" for it are almost invariably from people who don't know what the PBL is and want to do their own thing, regardless of the practicalities the rest of the world has to face. Why should I or anyone else accept mail from somewhere your own ISP or their upstream provider has said I shouldn't?
Re:slashdot users smoke crack (Score:3, Informative)
Why do all the antispam nazi's solutions ignore the collateral damage to innocent by standers? "They should educate themselves" "they should switch providers" they scream. Black lists do nothing but break the system. I'd rather get all the spam than have important mail bounce. Just last week I had a mission critical email bounce because of some lame blacklist. This email not getting to its recipient would have basically ruined my life. Its a good thing I have the ability to send mail from more than once source.
If you formulate your mails the same way you usually formulate your posts on Slashdot [slashdot.org], I'm really not surprised, Mr. Fr0sti P1ss GNNA.