On Jan 12, 2010, at 5:50 AM, Alan Burlison wrote: > Simon Phipps wrote: > >> I've notice a few subscriptions from "zeusmail.org" addresses to a list I >> moderate. I understand that whole domain to be a spam engine and have been >> advised elsewhere to block it. Should we have the same policy on >> OpenSolaris.org? > > Yes, I've just seen one now. Elaine has cleaned them out once already, I > think the next step is to entirely ban all subscriptions from that domain, > but our mail expert will know the best solution, so I'll defer to her ;-)
Well, about 1950 subscriptions from that domain came through ~2am PT. They've been removed. Although I come from a more academic background where I view banning an entire domain as an extreme measure, especially without anything truly actionable to warrant it, I remembered this morning that I punted a number of porn spam accounts sometime early last year which all had zeusmail.org addresses so I've set the MTA to discard all mail from that domain and, likely more importantly since it appears that they have adapted enough to mass-subscribe via the web interface, I have also banned the IP to all ports on our mail systems. I'll get SunCERT involved since it would appear that the IP is out of a hosting provider in Ohio with a suspiciously recent registration. There were a handful of zeusmail subs back in early November from a different block of IPs, but they all track back to ee.net. Oobleck:~ elaine$ whois 64.79.75.0 OrgName: eNET Inc. OrgID: ENET Address: 3000 East Dublin Granville Rd. City: Columbus StateProv: OH PostalCode: 43231 Country: US NetRange: 64.79.64.0 - 64.79.95.255 CIDR: 64.79.64.0/19 NetName: ENET-XLHOST-4 NetHandle: NET-64-79-64-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS1.EE.NET NameServer: NS2.EE.NET Comment: Abuse complaints to [email protected] RegDate: 2009-09-18 Updated: 2009-09-18 I am very concerned about the programmatic subscriptions via the web interface, however, since this could very quickly turn into a game of whack-a-mole depending on how determined they are to send us videos of various naked celebrities. So, I don't think this is quite yet solved, but at least this round is ours. e. e. _______________________________________________ website-discuss mailing list [email protected]
