Re: RDJ "autoban"
Jonathan Nichols wrote: I'm still seeing this when I run RDJ manually. I'm not running it from cron and it's been disabled for weeks. yes, I emailed the address noted in the error. :) [11915] warn: config: failed to parse line, skipping: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON [11915] warn: config: failed to parse line, skipping: CONTACT: [EMAIL PROTECTED] The "autoban" feature was disabled on June 13th after we moved behind prolexic.com [11915] warn: config: failed to parse line, skipping: [11915] warn: config: failed to parse line, skipping: HTTP-EQUIV="Pragma" CONTENT="no-cache"> [11915] warn: config: failed to parse line, skipping: HTTP-EQUIV="Expires" CONTENT="-1"> [11915] warn: config: failed to parse line, skipping: The 0.1 second refresh issue was resolved first week of July iirc. Delete the effected files and re-run RDJ. -- SARE Webmaster [EMAIL PROTECTED] http://www.rulesemporium.com
Re: PDFInfo
Ed Kasky wrote: At 05:07 AM Friday, 7/13/2007, you wrote -=> On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated: How can I get the plugin? I have emailed the webmaster a couple of times but no response :( I haven't received a response either. FYI, I emailed a second time, nicely, and got a response after a few days. Well, the subject on your first email was not "PDFInfo Access", so you get tossed aside and dealt with last ;) There is more than 1 person answering these requests... so if you dont have an answer in a day or so, just yell.
Re: PDFInfo
Duane Hill wrote: On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated: How can I get the plugin? I have emailed the webmaster a couple of times but no response :( I haven't received a response either. Duane, We sent you the information on July 3rd, same day you requested it, and you tempfailed it. Jul 3 23:52:50 mx2 postfix/smtp[1979]: 5A56215C0E4: to=<[EMAIL PROTECTED]>, relay=smtpgate.yournetplus.com[162.42.148.126], delay=11, status=deferred (host smtpgate.yournetplus.com[162.42.148.126] said: 450 4.7.1 : End-of-data rejected: Service temporarily unavailable (in reply to end of DATA command)) July 4th Jul 4 00:21:28 mx2 postfix/smtp[3280]: 5A56215C0E4: to=<[EMAIL PROTECTED]>, relay=smtpgate.yournetplus.com[162.42.148.126], delay=1729, status=sent (250 2.0.0 Ok: queued as 8E88644A48C) Ball over.
Re: Rulesemporium
Ken A wrote: Mike Grau wrote: A little misinformation tossed to spammers isn't bad here. I hear there's a mirror in Afghanistan too. And by all means.. when you browse the site.. click the stop button in your browser between it's loading each image on each page, then click the start button again. It's tricky, but if you do it just right, you can browse the whole site before the IDS blocks you. The rulesemporium site is great, and much thanks goes to the ninjas who operate it and write the rules, forcing spammers to read harry potter books. Ken Yes, the rulesemporium site _is_ great. As are the rules themselves. That's why I'd like to use my browser and read just one page. Right now all I get (and this is my first attempt to browse the site since yesterday) is "Waiting for www.rulesemporium.com...". I'm not talking about rules_du_jour or sa-update or seeing how fast I can manually click stop or cycle through pages with my browser. I just want to go to the one page I have bookmarked. Isn't that the point of having a website? Allowing people to view your content? I'd say the DDOS is still very effective one way or another. My sympathies to the rulesemporium folks. I wish I could help, but I'm just some slob who wants to view their website. Still waiting ... Mike If your IP is blocked, for whatever reason, perhaps a proxy would help you until your IP is unblocked. http://translate.google.com/translate?u=http%3A%2F%2Fwww.rulesemporium.com%2F&langpair=fr%7Cen I bet the 'donate' link would help :-) Hmm, I doubt it, seeing that SARE has received 3 donations in 2007, $90 all total (yet 31k unique ips pull rules from the site every week.. ugh). Anyone want to sell us a VPS on a DDoS proof network for $90? ;) Maybe if we had a buck for every one of those IPs we could afford one. However, we're running on donated bandwidth/hardware from vr.org, and frontended by ddos mitigation services from prolexic.com... so really, I'm just glad the sites comes up at all. Without those guys it would be long gone. There has been discussion of taking down the public site, opening something new ( private access, invite only, acl by ip, etc), in hopes to avoid ddos and provide better services, more requent rule updates, and so on. We are trying our best to keep it alive, but there is only so much we can do with the limited time and resources we have. Speaking about lacking of resources... we need more good people who want to join SARE and contribute with rules, scripts, masscheckers, etc... anyone interested should email [EMAIL PROTECTED] Thanks, -- SARE Webmaster [EMAIL PROTECTED] http://www.rulesemporium.com
Re: Re: Rulesemporium
Daryl C. W. O'Shea wrote: Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. Thanks, -- SARE Webmaster [EMAIL PROTECTED] http://www.rulesemporium.com
Re: Spam PDF
Raymond Dijkxhoorn wrote: Hi! Jun 27 14:50:03 vmx80 MailScanner[4491]: Message l5RCnxP8019756 from 212.127.254.149 ([EMAIL PROTECTED]) to quicknet.nl is spam, SpamAssassin (not cached, score=24.191, required 5, BAYES_50 0.00, BODY_EMPTY 0.50, GMD_PDF_BAD_FUZZY 20.00, GMD_PDF_HORIZ 0.25, GMD_PDF_STOX 1.00, PROLO_NO_URI 0.01, RCVD_IN_WHOIS_BOGONS 2.43) Where did those GMD rules come from? Will be announced lateron. Until its publicly released, you can request it with a simple email to us, see http://www.rulesemporium.com/plugins.htm#pdfinfo Do not reply here, as I only digest, and I expect that subject hardcoded so I can filter properly ;)