Re: RDJ "autoban"

2007-08-02 Thread SARE Webmaster 

Jonathan Nichols wrote:
I'm still seeing this when I run RDJ manually. I'm not running it from 
cron and it's been disabled for weeks.


yes, I emailed the address noted in the error. :)


[11915] warn: config: failed to parse line, skipping: AUTOBAN: Over 
500 *.cf requests in 48 hours period - Check your CRON
[11915] warn: config: failed to parse line, skipping: CONTACT: 
[EMAIL PROTECTED]


The "autoban" feature was disabled on June 13th after we moved behind 
prolexic.com




[11915] warn: config: failed to parse line, skipping: 

[11915] warn: config: failed to parse line, skipping: HTTP-EQUIV="Pragma" CONTENT="no-cache">
[11915] warn: config: failed to parse line, skipping: HTTP-EQUIV="Expires" CONTENT="-1">

[11915] warn: config: failed to parse line, skipping: 


The 0.1 second refresh issue was resolved first week of July iirc.

Delete the effected files and re-run RDJ.

--
SARE Webmaster
[EMAIL PROTECTED]
http://www.rulesemporium.com

Re: PDFInfo

2007-07-13 Thread SARE Webmaster 

Ed Kasky wrote:

At 05:07 AM Friday, 7/13/2007, you wrote -=>

On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:

How can I get the plugin? I have emailed the webmaster a couple of 
times

but no response :(


I haven't received a response either.


FYI, I emailed a second time, nicely, and got a response after a few 
days.




Well, the subject on your first email was not "PDFInfo Access", so you 
get tossed aside and dealt with last ;)  

There is more than 1 person answering these requests... so if you dont 
have an answer in a day or so, just yell.

Re: PDFInfo

2007-07-13 Thread SARE Webmaster 

Duane Hill wrote:

On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:


How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(


I haven't received a response either.



Duane,

We sent you the information on July 3rd, same day you requested it,  and 
you tempfailed it.


Jul  3 23:52:50 mx2 postfix/smtp[1979]: 5A56215C0E4: 
to=<[EMAIL PROTECTED]>, 
relay=smtpgate.yournetplus.com[162.42.148.126], delay=11, 
status=deferred (host smtpgate.yournetplus.com[162.42.148.126] said: 450 
4.7.1 : End-of-data rejected: Service temporarily 
unavailable (in reply to end of DATA command))


July 4th

Jul  4 00:21:28 mx2 postfix/smtp[3280]: 5A56215C0E4: 
to=<[EMAIL PROTECTED]>, 
relay=smtpgate.yournetplus.com[162.42.148.126], delay=1729, status=sent 
(250 2.0.0 Ok: queued as 8E88644A48C)


Ball over.

Re: Rulesemporium

2007-07-11 Thread SARE Webmaster 

Ken A wrote:

Mike Grau wrote:


 A little misinformation tossed to spammers isn't bad here. 
I hear there's a mirror in Afghanistan too. And by all means.. when 
you browse the site.. click the stop button in your browser between 
it's loading each image on each page, then click the start button 
again. It's tricky, but if you do it just right, you can browse the 
whole site before the IDS blocks you. 


The rulesemporium site is great, and much thanks goes to the ninjas 
who operate it and write the rules, forcing spammers to read harry 
potter books.


Ken



Yes, the rulesemporium site _is_ great. As are the rules themselves. 
That's why I'd like to use my browser and read just one page. Right 
now all I get (and this is my first attempt to browse the site since 
yesterday) is "Waiting for www.rulesemporium.com...".


I'm not talking about rules_du_jour or sa-update or seeing how fast I 
can manually click stop or cycle through pages with my browser. I 
just want to go to the one page I have bookmarked. Isn't that the 
point of having a website? Allowing people to view your content? I'd 
say the DDOS is still very effective one way or another. My 
sympathies to the rulesemporium folks. I wish I could help, but I'm 
just some slob who wants to view their website.


Still waiting ... Mike



If your IP is blocked, for whatever reason, perhaps a proxy would help 
you until your IP is unblocked.
http://translate.google.com/translate?u=http%3A%2F%2Fwww.rulesemporium.com%2F&langpair=fr%7Cen 


I bet the 'donate' link would help :-)



Hmm,  I doubt it, seeing that  SARE has received 3 donations in 2007,  
$90 all total  (yet 31k unique ips pull rules from the site every week.. 
ugh).  Anyone want to sell  us a VPS on a DDoS proof network for $90?   ;)


Maybe if we had a buck for every one of those IPs we could afford one.   
However, we're running on donated bandwidth/hardware from vr.org, and 
frontended by ddos mitigation services from prolexic.com... so really, 
I'm just  glad the sites comes up at all. Without those guys it would be 
long gone.


There has been discussion of taking down the public site, opening 
something new ( private access, invite only, acl by ip, etc), in hopes 
to avoid ddos and provide better services, more requent rule updates, 
and so on. We are trying our best to keep it alive, but there is 
only so much we can do with the limited time and resources we have.


Speaking about lacking of resources... we need more good people who want 
to join SARE and contribute with rules, scripts, masscheckers, etc...   
anyone interested should email [EMAIL PROTECTED]


Thanks,

--
SARE Webmaster
[EMAIL PROTECTED]
http://www.rulesemporium.com

Re: Re: Rulesemporium

2007-07-10 Thread SARE Webmaster 

Daryl C. W. O'Shea wrote:
Loren 
Wilton wrote:

Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>>

On 07/09/2007 04:01 PM the voices made Joe Zitnik write:

I can't get here:
http://www.rulesemporium.com/rules
Is rulesemporium having issues again?


I can rarely get there (via a browser). So rarely the site is almost 
useless.



I've been having intermittent issues getting there from home for a
while.  Last time it happened, the site was down.  I still can't get
there


Hum.  I just tried again, and didn't have any problems this time either.
Guess I'm lucky.


Perhaps you are.  I get "500 Server closed connection without sending 
any data back" or "500 Can't connect to www.rulesemporium.com:80 
(connect: timeout)" at least once an hour out of three queries an hour.




Ok, so the word is that the telia link is saturated with traffic from 
the ddos yet..   I'd like some traceroutes to www.rulesemporium.com for 
anyone that is having problems.


The issue with the html found in rulesets (the "0.1 refresh" page) 
should be cleared up.  If anyone is seeing this, please let me know 
immediately.


Thanks,

--
SARE Webmaster
[EMAIL PROTECTED]
http://www.rulesemporium.com

Re: Spam PDF

2007-06-27 Thread SARE Webmaster 

Raymond Dijkxhoorn wrote:

Hi!


Jun 27 14:50:03 vmx80 MailScanner[4491]: Message l5RCnxP8019756 from
212.127.254.149 ([EMAIL PROTECTED]) to quicknet.nl is spam,
SpamAssassin (not cached, score=24.191, required 5, BAYES_50 0.00,
BODY_EMPTY 0.50, GMD_PDF_BAD_FUZZY 20.00, GMD_PDF_HORIZ 0.25, 
GMD_PDF_STOX

1.00, PROLO_NO_URI 0.01, RCVD_IN_WHOIS_BOGONS 2.43)



Where did those GMD rules come from?


Will be announced lateron.



Until its publicly released, you can request it with a simple email to 
us, see http://www.rulesemporium.com/plugins.htm#pdfinfo


Do not reply here, as I only digest, and I expect that subject hardcoded 
so I can filter properly ;)