Washington Post Blog Shuts Down 75% of Online Spam 335
ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?
Recomment (Score:5, Informative)
"Brian - Well done, and well reported. For the user who asked about reporting news versus creating news, you misunderstand Krebs's reporting. Like most good reporters who write big stories, he either got tips or analyzed data regarding spam and cyber-security. It probably was a combination of both. If he determined from his research, reporting and analysis that this data was coming from one place, he did not create a story by informing the spam host's business partners. Rather, he sought comment from them about this site, and they took action. What Krebs reported is not a big a story as Watergate, but what do you think Woodward & Bernstein did? Wait for a press release? A regulatory filing? No, they took one news event, worked backwards from it, and determined that something big was going on -- just like a spammer. Then they wrote about it, just like Krebs did. When Henry Blodget on Silicon Alley Insider wrote that The New York Times Co faces several possibilities for survival, he did not tap into a planned news event. He analyzed a balance sheet and made conclusions. Much of the news that comes out is because beat reporters see connections and draw conclusions that are not opinion, but reasoned and accurate viewpoints based on evidence out there that resists coalescing into a larger news event because most of us don't get it. That's why we have journalists, and this is a great example of that. And now for the full disclosure: I'm Robert MacMillan. I am a reporter at Reuters who covers the journalism business, and I worked at washingtonpost.com for many years with Brian. I sat right across from him so I know what he eats for lunch. Posted by: easymac | November 11, 2008 9:45 PM "
Re:Slashdot can shut down spammers, too (Score:3, Informative)
The days when Slashdot could shut down a site with proper hosting are long since past. Imaging it could shut down a whole ISP is preposterous.
Re:BS. Not by volume. (Score:5, Informative)
RTFA. The ISP in question hosted the control points for the botnets which generated the spam. They didn't need crazy bandwidth, just solid hosting.
Re:is it morally right to DDoS spaming ISPs? (Score:3, Informative)
This was not a DDoS. They simply convinced their upstream providers to cut them off.
This is perfectly legal(*) and moral, but is most cases completely impractical (upstreamers don't want to loose the revenue stream, downstreamers can always find a new upstream, etc).
Of course it is also very susceptible to abuse as it is the digital age's equivalent of old-world shunning.
(*) There may be contractual obligations and penalties for such actions but perhaps the downstreamer's bad behavior might contractually dissolve those obligations (it depends on the contract).
Re:Not Just Spam (Score:3, Informative)
False. ISPs are Not common carriers. They have never applied for that distinction within the courts, and so they remain private-owned businesses. Therefore they are liable for actions committed.
Re:Not Just Spam (Score:3, Informative)
Except that ISP's are NOT common carriers in the USA.
http://yro.slashdot.org/article.pl?sid=05/06/27/1510219 [slashdot.org]
Now, please stop promoting nonfactual bullshit.
Spam graph way down (Score:3, Informative)
Re:Not Just Spam (Score:2, Informative)
"internet service providers are protected by common [lectlaw.com] carrier [wikipedia.org] laws"
That's pretty damn close. If they are protected by "common carrier laws" then they are "common carriers" in effect, if not actual name.
Spamcop shows a big dip.. (Score:5, Informative)
This shows a dramatic reduction in spam [spamcop.net] as of yesterday 4PM EST.
Will be interesting to watch it climb back up....
Re:ISPs are clueless? (Score:5, Informative)
Because Hurricane Electric is operated by a boatload of fucking imbeciles. As someone who had cage/rack space (as a form of 2nd data centre) from them for numerous years, I can assure you their operational methods are quite possibly the worst (particularly in the Bay).
It comes as no surprise that "HE had no idea this was happening". They have no idea what's happening on their network at any time.
Imagine calling them because your network port is showing 30-40mbit/sec incoming traffic, destined to IPs that aren't even in your netblock (but are assigned to another HE-hosted company), and having two engineers tell you "that's impossible". You provide them tcpdump pcaps, and they tell you "those can't be real". The issue mysteriously gets resolved 72 hours later, and no one calls you back to tell you what the problem was. When you inquire, you're told "a customer had a misconfigured load balancer", which just induces even more questions about their network setup.
Imagine a co-location provider that does not use vlans or any form of layer 2 segregation between customers, relies on out-of-country ISPs to provide connectivity between them and large tier-1 ISPs (specific example: peering with Telia -- a Swedish ISP that does not have a US-based NOC -- exclusively to gain access to AT&T's network), and has no form of failover redundancy, specifically on their core routers (they did have redundancy at the switch level). I'm absolutely convinced their Fremont data centre had a single public-facing router.
Their main Cisco GSR would crash/lock up for 10-15 minutes at time, before rebooting on its own or being administratively power-cycled. "What is happening with your network? No inbound or outbound packets make it to their dest" "We have an open case with Cisco" "Why was there no failover?" "We've an open case with Cisco". 2 months later, repeat. "Is this the same issue as 3 months ago?" "We believe so" "And why have you not replaced the hardware?" "We've an open case with Cisco". This issue went on for THREE YEARS.
Then there's their UPS/power situation: twice during a single year their Fremont data centre lost power for 6-7 full minutes at a time. Both times, it was caused by "unexpected problems during maintenance"... but they supposedly have back-up gas generators, and tote photos of them on their web site.
Then there's the cages. The cages are enclosures which should be 4-post, and are intended to be 4-post, but are front-mounted 2-post (and by front-mounted I don't mean telco style!). Generic, non-managed power strips are shoved into the cages, intended for you to use (rather than a 1 or 2U SNMP-managed PDU at the top of the rack). The cages are not deep enough for full-length servers, which results in full-length boxes blocking said power strip AC outlets. 42U rack, but only 6 or 7 AC outlets usable (unless you spaced your servers in a peculiar way, wasting about 1/3rd of your entire rack).
One word: ghetto.
When you consider all of the above, no one in their right mind should be surprised they were hosting a kiddie porn/spam/shady customer. "Build it and they will come".
Re:Spamcop shows a big dip.. (Score:5, Informative)
More importantly: http://www.spamcop.net/spamgraph.shtml?spamweek [spamcop.net]
This shows the difference between today and the rest of the last week. The month version looks largely the same... Spikes every day until today, which is low.
Re:Spamcop shows a big dip.. (Score:2, Informative)
Over here in Brussels I just checked my spam-assassin set up.
It looks like 200 spam emails from Midnight to 16h00 yesterday compared with 77 spam emails same period today.
(Spam-assassin is great. It lets a few emails slip by but I can't recall any false-positives ever, and that is important for me!)
Re:is it morally right to DDoS spaming ISPs? (Score:4, Informative)
This is no vigilante justice. Someone noticed things that are (usually) contract terminators, notified the hosting provider, who then exercised their rights that were reserved in the contract between them and the customer.
There was no justice, only contract fulfillment.
Re:Not Just Spam (Score:5, Informative)
This is why
The CAN-SPAM Act is directed at the commercial entities that actually create the message, not the service providers who happen to be the medium.
as the actual medium as it's put is already constitutionally protected from being liable. So although ISP's are not common carriers in the US, the law is virtually identical for the considerations discussed within the article.
Re:Not Just Spam (Score:3, Informative)
They have never applied for that distinction within the courts
[Yawn] This is getting old. One doesn't 'apply' for common carrier status. One engages in a line of business that the regulators and courts determine to be a common carrier. Often in spite of the complaints of the organization in question.
See the second paragraph here [wikipedia.org].
Re:Not Just Spam (Score:3, Informative)
Re:Not Just Spam (Score:3, Informative)
What I'm saying is that since the majority of the country voted for the candidate who wants to make the government everything for everyone the idea of using self-initiative and being self-reliant must be obsolete.
It's like trading in your Volvo for a Jaguar. Sure the Volvo was sturdy and dependable, but it was also boring, and didn't attract the chicks. The Jaguar is way cooler, and makes you more popular and successful with women, but you have to take it to the shop every week because it constantly breaks down. This country moved one more step from being a Volvo to being a Jaguar.