Forgot your password?
typodupeerror
Spam

Suspect Arrested In Spamhaus DDoS Attack 95

Posted by Soulskill
from the distributed-denial-of-liberty-attack dept.
New submitter apenzott writes "According to the BBC, a Dutch citizen has been arrested by Spanish police who suspect he was behind the recent Spamhaus DDOS attack, one of the biggest such attacks ever. 'The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.' According to a press release from the Dutch Public Prosecutor (Google translation of Dutch original), the 35-year-old man's computers and other devices have been seized as evidence. The man will be transferred from Spain to the Netherlands shortly. 'Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and the way they have worked with us,' said a Spamhaus spokesman."
This discussion has been archived. No new comments can be posted.

Suspect Arrested In Spamhaus DDoS Attack

Comments Filter:
  • considering (Score:1, Insightful)

    by Anonymous Coward

    there was no copyright infringement, I'm surprised anything happened with this.

  • by soundguy (415780) on Friday April 26, 2013 @06:31PM (#43562457) Homepage
    I hope they hang this piece of shit up to dry and his scummy, criminal "hosting company" fades into history.
    • by BasilBrush (643681) on Friday April 26, 2013 @06:34PM (#43562499)

      I wonder just how much of the world's spam went through this scumbag. I'm hoping for a downturn in spam volume as this outfit is closed down.

      • by Ossifer (703813) on Friday April 26, 2013 @07:08PM (#43562719)

        I've already had a big downturn--the news item elicited me to investigate my settings, and I found I wasn't using spamhaus properly... Now I am... Kind of an analogue to the Streisand effect...

        • I was talking to some smalltime hosters and they were bitching about how much spamhaus was hurting them by blocking ip's they had rented out to these high paying east europeans... basically it was one long sales pitch FOR spamhaus because as a non-spammer and hosting with reputable companies, spamhaus is for me a savior and provides zero hassle.

          It is basically like listening as a non-smoker to smokers bitch about how all the anti-smoking laws are making their lives miserable. Wheee! So the laws do work aft

          • by HJED (1304957)
            That's actually incorrect if you are using shared hosting you tend to get hurt every now and then by spamhaus and other such lists as they block IP address not domain names. It is very easy for one user (who is then usually removed by the hosting company) to get a large number of domains blocked.
            I have domains hosted with Jumba an Australian hosting provider and whilst they seem to be constantly improving there security to stop this (to the point where it is extremely annoying) it still keeps happening a
            • Find yourself a better provider. Most people have never been blocked, and you've been collaterally damaged multiple times? Why would you stick with those cowboys?

              • Find yourself a better provider. Most people have never been blocked, and you've been collaterally damaged multiple times? Why would you stick with those cowboys?

                This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth. Where is he going to find a provider that doesn't use shared IPs? Please don't say "IPv6"--there are a host of other problems that go along with that "solution" to make it a non-starter.

                How about, instead, spamhaus takes a little care and due dilligence when it lists addresses? Maybe put in a system so that providers who are policing their environments can

                • This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth.

                  Then why, in the last 15 years of having a domain, have I never been blocked, hmm? When he's been blocked multiple times. Don't have an answer for that, do you? Idiot.

                  • This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth.

                    Then why, in the last 15 years of having a domain, have I never been blocked, hmm? When he's been blocked multiple times. Don't have an answer for that, do you? Idiot.

                    Stupid people usually have the least creative insults. Certainly, I doubt I'll be able to craft a response as pithy and intelligent as yours was childish and asinine, and I could certainly never hope to reach the level of condescension you seem to exist at.

                    But I might suggest you've simply been lucky. In truth, you have zero control over what other people choose to do with their hosting accounts on the shared server where yours is. And, in fact, contrary to your asinine, childish attitude, that somehow, it

                    • This advice is condescending and stupid....
                      Stupid people usually have the least creative insults.

                      Hoist on your own petard. Idiot.

                      I haven't been "lucky". I have a reputable ISP. I've had the service I can reasonably expect. Now of course it is possible to be unlucky, and get blocklisted. But not to be unlucky and get blocklisted as a regular occurrence, as the original poster had.

                      If you've also been as "unlucky" as him, then you also have a shit ISP. And it may be making you cranky. Or perhaps considering this: "or somebody who reflexively reports all spam because they're, you know, pathetic and obsesse

                    • Or perhaps considering this: "or somebody who reflexively reports all spam because they're, you know, pathetic and obsessed" you are a spammer yourself, and that's why you're being a jerk.

                      LMFAO! "She's a witch!" If it makes me a jerk to expose your opinionated nonsense for the tripe it is, then so be it.

                      No, dipshit: I manage a very-large email hosting environment comprising >15,000 domains and >150,000 mailboxes. My public MXs accept roughly 2 million messages per weekday, and reject about 10 times that amount. I completely understand the problem of spam, to a depth that would leave you in tears if I could reveal it all to you in one breath.

                      My point here is this: Spam sucks, but a cert

                    • I have a reputable ISP.

                      Here's another meme from the "Your ISP sucks" asswipes: That somehow John Q. Air Conditioner Repairman Company has any idea how to tell if his ISP is "reputable" or not. They know nothing about email: They're buying a service and expect it to work, they have no frame of reference to even guess at the issues we're discussing here. ...And I'm an idiot ? Puh-lease.

                      Run along now, junior: Your 25-user exchange 2003 box is calling. I think your backup failed.

                    • I manage a very-large email hosting environment comprising >15,000 domains and >150,000 mailboxes.

                      So I guessed right. You are a spammer.

                    • As a developer, I'm quite amused at a spam hosting admin trying to be patronising. Maybe if you'd done better at school...

    • by Anonymous Coward

      I think mother nature already gave him justice, google for his photo

      • Holy mother of god.
      • by Anonymous Coward

        I think mother nature already gave him justice, google for his photo

        Oy my ... that's one hell of a unibrow. Doesn't he send out spam that specifically addresses that issue? He should click on some of them.

    • by gandhi_2 (1108023)

      An infected machine in my network got our company on the XBL the morning the DDOS started.

      But all I knew was I was blacklisted by spamhaus. Didn't know why.

      And couldn't find out for 3 days during the attack. Couldn't apply for de-listing either.

      And to top it all off, /. was too busy talking about sxsw to mention the ddos until it was over.

      Amazing times we live in, gentlemen!

      • by 1s44c (552956)

        Improve your setup. The only machines on my network that can send anything out to port 25 on the internet are dedicated mailers.

      • by Trolan (42526)

        Uhm... http://www.spamhaus.org/lookup/ [spamhaus.org] If you're in the XBL, it'll tell you which list comprising the XBL you're in. Usually that means the CBL, which has a fairly instant delist process for listings, unless the problem keeps coming back.

        • by gandhi_2 (1108023)

          Unless their whole domain is under DDOS.

          In which case you can't check the website or use the delist process!

      • You forgot to pay your protection money to the organization that allows you to send emails.
      • by dissy (172727) on Friday April 26, 2013 @08:56PM (#43563457)

        An infected machine in my network got our company on the XBL the morning the DDOS started.

        Please stop being lazy and inconsiderate, add the two firewall rules to your router to stop attacking the internet.

        Allow outbound dest port 25 from your mail servers IP.
        DENY outbound dest port 25 (from everything else)

        You wouldn't have that problem, that infection wouldn't be attacking all of our systems, and you wouldn't be making such stupid comments about a blacklist that rightfully listed you.

        • by gandhi_2 (1108023)

          An infected machine being seen talking to a botnet is enough to get you on the XBL.

          We were blocked for THAT. Not for any spamming. We DO block all port 25 except from the SMTP servers.

          Maybe instead of being an insulting douche, know what the fuck you are talking about.

          http://www.spamhaus.org/faq/section/Spamhaus%20XBL#37 [spamhaus.org]

          It turned out to be an infected machine on a WIFI AP. I learned to send the WIFI traffic out a separate WAN interface so it's problems didn't affect my smtp outbound ip.

          • by dissy (172727)

            I certainly do know what I am talking about. As for being insulting, short of a complete and utter mistake on the part of spamhaus for incorrectly listing you (I'm not going to pretend any automated system is perfect), most would agree I said nothing that wasn't deserved.

            Proper filtering would have prevented that unfortunate problem. It's not like I blamed you personally for the infection or made some stupid comment about windows or something.
            Just having an infection reaching out to a C&C server isn't

            • by gandhi_2 (1108023)

              Oh for fucks sake.

              I wasn't attacking Spamhaus. I think they are great.

              I was bemoaning the perfect storm that got me blocked for 3 days because of the block and DDOS.

              http://www.spamhaus.org/zen/ [spamhaus.org]

              We were blocked for XBL. Not SBL or CSS. It REALLY was because a machine was observed talking to a botnet C&C server.

              But it took me days to find out it was XBL and not because of spamming. I spent those days thinking it was because of spamming, wasting time chasing smtp ports and pooring over capture traffic for c

            • "most would agree I said nothing that wasn't deserved"

              You referred to his organization as "lazy and inconsiderate" for not doing things which they actually did do. That's pretty undeserved.

              • by dissy (172727)

                If he actually did any of those things, he wouldn't have ended up on the black list.
                I've repeatedly explained the lists do not work in the manor he has claimed.
                He even posted URLs that confirm everything I said.

                It's not my job to convince anyone otherwise, so I'm finished with that conversation.

    • by Seumas (6865)

      You said "hosting company", where I think you meant to say "spamhaus".

      In this case, everyone's a dick.

    • I hope they hang this piece of shit up to dry and his scummy, criminal "hosting company" fades into history.

      Are you talking about the guy running the hosting service that helped host Wikileaks, or the guy running the SpamWhores protection racket?

      • by soundguy (415780)
        Sell your computer immediately. You are too stupid to be on the internet without adult supervision.
    • Sometimes I wish we lived the Schlock Mercenary universe where people could be executed for grand spamming [schlockmercenary.com].
  • You mean the guy who ran stophaus and posted diatribes about the evil of blacklisting spam providers is behind it? I'm speechless.

    • by bfandreas (603438)
      Please let me join your absolute shock and amazement that the guy who gloated the most about this has been identified as the prime suspect.
      Also why was he nabbed in sunny Spain instead of being holed up in his SWAT-repellant yet slightly less sunny anti-everything bunker? Fighting the good fight against evil Spamhaus at the side of every Legitimate Businessman propably was a bit of a hassle? He must have brought a note from his mother as the dark dampness disrupted the punctuality of his often broadcasted
      • Re:shocker (Score:4, Informative)

        by 1s44c (552956) on Friday April 26, 2013 @07:57PM (#43563081)

        That bunker and the name 'cyberbunker' are just marketing. He doesn't actually have any presence in that bunker and hasn't for years.

        The guy is a lying con-man as well as a DDOS scumbag.

        • by bfandreas (603438)
          Did he get evicted from a bunker? Don't you need grenades, flamethrowers and lots of cannonfodder for this?
          The anecdote of him ignoring a stern knock at the door by the police is true even if the foto on the webpage is fake.
  • Ah, but not by the neck but by his gonads. More painful and less permanent.

    But on a more serious note, no one has the right to do a DDoS attack regardless of whether a good guy or a bad guy is being attacked (and spam and the phishing that comes with it is bad). This kind of private cyber warfare is only counterproductive in the long term. The Internet is only successful because of cooperation between parties. When there is distrust it stops working. Maybe the governments will figure *that* out one of t

  • Cyberbunker are trying to paint themselves as proponents of free speach [urbandictionary.com] (sic) and through some magic PR they've got Anon worked up into a frenzy. But I don't really equate being able to blast out pharma spam and hosting malware as a freedom that I cherish. Blocking traffic to and from 84.22.96.0/19 is pretty effective IMO.

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- Perlis's Programming Proverb #58, SIGPLAN Notices, Sept. 1982

Working...