Mailing List Archive: SpamAssassin: users

[Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Index | Next | Previous | View Threaded

scheidell at secnap

Nov 10, 2009, 12:29 PM

Post #1 of 18 (1569 views)
Permalink

[Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

if I reply to the mailing list and not you directly, you should reply to
the mailing list.

-------- Original Message --------
Subject: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist
Date: Tue, 10 Nov 2009 12:25:20 -0800
From: Ted Mittelstaedt <tedm [at] ipinc>
Organization: Internet Partners, Inc.
To: Michael Scheidell <scheidell [at] secnap>
References: <4AF8B90D.6040208 [at] ipinc>
<1257856143.17916.13.camel [at] mcdonalddj-dc>
<4AF98170.3080804 [at] ipinc> <4AF986AF.8040108 [at] secnap>

Michael Scheidell wrote:
> Ted Mittelstaedt wrote:
>>
>> How can I? From what I know about razor-revoke, it's the recipients
>> who are using razor and who get messages that razor tags as spam who
>> are the ones that run this.
>>
>> Their recipients who are saying that their messages are being marked
>> spam are comcast e-mail users. We aren't marking them as spam, we
>> don't use Razor, and after learning about what's happened to them,
>> it's doubtful that we ever will.
>>
> actually, from the perspective of cloudmark, it did what it was supposed
> to do.
> it protected the clients who use if from a compromised system.

However, it's false-positiving things, thus once the spamming
has stopped, it's now malfunctioning.

Most people would rather get 10 spams that the spam filter missed
than have 1 legitimate mail message marked spam. Granted, this
ratio falls off - people are more forgiving of false positives
the fewer times that they happen - but nobody wants all of their
incoming mail marked spam due to overly aggressive spam filters.

Keep in mind here that it isn't the SENDERS who are originating the
complaints - it's the RECIPIENTS. The Recipients are seeing all mail
from their corespondents at this company being marked spam, and
complaining to the senders - the senders (now) are not spamming, so
the recipients have, in my opinion, a valid complaint to make
against Comcast. It so happens the only recipients complaining that
this company is sending spam are the ones on Comcasts server. Nobody
else on the Internet, using any OTHER kind of spam filtering service,
is seeing their stuff (now) being marked spam.

Thus, in stacking Cloudmark up against all of the other blacklists
on the Internet, it's clearly a failure. Not because it blocked, but
because it didn't STOP blocking, when every other spam filter system
on the Internet was smart enough to stop blocking.

> getting on a blacklist is easy. anyone's, sorbs, barracuda, DCC,
> spamcop, anyones.
>
> getting off is hard.
>

Untrue. As I said, the first thing I checked was the public blacklists
and none of them had this customer listed. Getting off of these lists
is easy - you just stop spamming, and wait 24 hours or so, and your
off most of them, and the few your not off you just submit requests to
remove and they take you off.

> What you need to understand is that its really your clients fault for
> not taking care of the security issue BEFORE he had a problem.
>
> Sorry, but really, its your clients fault,
> and the world really needs to
> protect itself from botnets.
>

Michael, friend, you got things very wrong here.

If our clients were DELIBERATELY spamming, say they thought they
were going to send out a marketing mail or some such, then you would
be correct.

But they were not. They were simply using the largest software
company on Earth's products - Microsoft - like everyone else
in the world who has those products do.

I have a Mac G4 running OSX sitting on my desk here, next to my
Windows box. I also have a FreeBSD system running FreeBSD6 and
firefox 3 in the other room.

On either of those systems I could have done EXACTLY THE SAME THING
that the user at this client who got cracked into did - I could
have opened the same e-mails, gone to the same websites, etc. - and
I WOULDN'T have been cracked.

So, explain again why this was THEIR fault? Don't you think that
the botnet writer has just a tiny tiny bit of blame here? What about
the software developer being paid more money than God sitting up in
a nice comfortable office in Redmond who wrote that piece of shit
that our client was using, and included dozens of security holes
that are exploited by botnet writers, don't you think that HE
has just a tiny tiny bit of culpability?

Every other current production operating system on the face of the earth
doesn't seem to be regularly hijacked by spammers. So, why are you
going to give Microsoft a pass?

Why exactly is it that when a user of Microsoft Windows doesn't
apply patches that it's their fault when their system is cracked?
What exactly do you think a patch IS? If their system had been written
properly in the beginning it wouldn't need to be patched. If they
weren't logged in as administrator - which is necessary for Windows
desktop systems since most Windows software developers are shit-ass lazy
bastards who ignore the Microsoft directives about writing usermode
programs so they don't have to run as the root, I mean administrative,
user to get any functionality out of them - then even if they had been
cracked it would only be their profile trashed, and the bot wouldn't go
any further.

If you write software for Apple and you do it in such a way that
your MacOS X software requires root access to run, then if your
software gets ANY amount of visibility, you will get a call from
Apple politely trying to educate you, and if you ignore this then
they get nasty, and if you ignore that, then they publically speak
against your software - and then all the Apple users will stop
buying your shit, and you will be out of business.

What, you think Microsoft has LESS pull than Apple in this area,
and couldn't do the same thing?

In the last 3-4 years there's been less than 5 root-exploitable
holes in Apache - which is arguably the most popular UNIX program
ever, and is installed on the most Unix systems in the world -
yet Apache isn't even installed on all of them. I can't remember
when the last root-exploit came out for a program that is enabled
on FreeBSD out of the box - it might have been the Telnet
bug so many years ago.

Yet, every week there's DOZENS of security patches that MS releases
for XP and Vista and soon, Windows 7.

So, please save your moralizing. Microsoft is the richest software
company in the world, they get PAID REAL MONEY by everyone that uses
their crap - yet they can't produce a secure OS to save their lives.
By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all
ROUTINELY release os's that are not attackable by botnets. And Apple
used FreeBSD as it's base for Darwin - and they ALSO have no problems
in this regard either. Please, name 5 viruses that routinely attack
MacOSX.

Our clients retain outside expertise because THEY KNOW THEY ARE
BONEHEADS when it comes to software. And, your expecting boneheads
to actually see through the ten thousand tons of marketing BULLCRAP
that Microsoft's bowl movements dump on the business world every year,
claiming their stuff is so great, so secure, so all-fired-wonderful?

You say the world really needs to protect itself from botnets?
Jesus, I think the world REALLY needs to protect itself from
MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER
of responsibility for the piece-o-shit, holey as swiss cheese,
crapware that they stick up the collective ass of the world's
businesses every year.

I can almost excuse the botnet writers - they at least are
amoral sociopaths and are doing EXACTLY as I would expect criminals
to behave. But, Microsoft couldn't be more two-faced if every
one of their employees had eyes, ears, nose and a mouth on the
back of their heads. They EVEN HAD a secure security model -
remember NT 3.51? You know, the ONLY version of Windows where
ring 0 was separated from usermode programs? And they chucked
that out with NT4 when they pushed the video system into ring
0 so that crap-ass games could run faster. Who cares that
it allowed malware to take over the system.

Michael, get some perspective, please. Your blaming the victim.

> Eventually (based on how cloudmark updates their system), your clients
> ip will be removed from their database.
>
> MAYBE (like barracuda, sorbs) they might have a way to for an
> accelerated removal.
> (barracuda, you either pay per domain, or fight your way though to
> someone who will do it for you)
> spamcop will automatically remove in (7 days?) if no more spam.
> DCC is 30 days (if using the DCC reputation filter)
>
> asking SpamAssassin group how to get off of cloudmark's list will be
> useless.
>

I didn't. I asked:

"I have no experience with them and was wondering if anyone has bought
their SA plugin and can relate any good or bad experiences they have
with them."

Ted

> Ask cloudmark.
>
>
>
>
>> Ted
>
> _________________________________________________________________________
> This email has been scanned and certified safe by SpammerTrap(r). For
> Information please see http://www.spammertrap.com
> _________________________________________________________________________

--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

g.tomassoni at libero

Nov 11, 2009, 12:24 AM

Post #2 of 18 (1487 views)
Permalink

RE: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

> Michael Scheidell wrote:
>
> ...omissis...
>
> If our clients were DELIBERATELY spamming, say they thought they
> were going to send out a marketing mail or some such, then you would
> be correct.
>
> But they were not. They were simply using the largest software
> company on Earth's products - Microsoft - like everyone else
> in the world who has those products do.
>
> I have a Mac G4 running OSX sitting on my desk here, next to my
> Windows box. I also have a FreeBSD system running FreeBSD6 and
> firefox 3 in the other room.
>
> On either of those systems I could have done EXACTLY THE SAME THING
> that the user at this client who got cracked into did - I could
> have opened the same e-mails, gone to the same websites, etc. - and
> I WOULDN'T have been cracked.
>
> So, explain again why this was THEIR fault? Don't you think that
> the botnet writer has just a tiny tiny bit of blame here? What about
> the software developer being paid more money than God sitting up in
> a nice comfortable office in Redmond who wrote that piece of shit
> that our client was using, and included dozens of security holes
> that are exploited by botnet writers, don't you think that HE
> has just a tiny tiny bit of culpability?
>
> Every other current production operating system on the face of the
> earth
> doesn't seem to be regularly hijacked by spammers. So, why are you
> going to give Microsoft a pass?
>
> Why exactly is it that when a user of Microsoft Windows doesn't
> apply patches that it's their fault when their system is cracked?
> What exactly do you think a patch IS? If their system had been written
> properly in the beginning it wouldn't need to be patched. If they
> weren't logged in as administrator - which is necessary for Windows
> desktop systems since most Windows software developers are shit-ass
> lazy
> bastards who ignore the Microsoft directives about writing usermode
> programs so they don't have to run as the root, I mean administrative,
> user to get any functionality out of them - then even if they had been
> cracked it would only be their profile trashed, and the bot wouldn't go
> any further.
>
> If you write software for Apple and you do it in such a way that
> your MacOS X software requires root access to run, then if your
> software gets ANY amount of visibility, you will get a call from
> Apple politely trying to educate you, and if you ignore this then
> they get nasty, and if you ignore that, then they publically speak
> against your software - and then all the Apple users will stop
> buying your shit, and you will be out of business.
>
> What, you think Microsoft has LESS pull than Apple in this area,
> and couldn't do the same thing?
>
> In the last 3-4 years there's been less than 5 root-exploitable
> holes in Apache - which is arguably the most popular UNIX program
> ever, and is installed on the most Unix systems in the world -
> yet Apache isn't even installed on all of them. I can't remember
> when the last root-exploit came out for a program that is enabled
> on FreeBSD out of the box - it might have been the Telnet
> bug so many years ago.
>
> Yet, every week there's DOZENS of security patches that MS releases
> for XP and Vista and soon, Windows 7.
>
> So, please save your moralizing. Microsoft is the richest software
> company in the world, they get PAID REAL MONEY by everyone that uses
> their crap - yet they can't produce a secure OS to save their lives.
> By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all
> ROUTINELY release os's that are not attackable by botnets. And Apple
> used FreeBSD as it's base for Darwin - and they ALSO have no problems
> in this regard either. Please, name 5 viruses that routinely attack
> MacOSX.
>
> Our clients retain outside expertise because THEY KNOW THEY ARE
> BONEHEADS when it comes to software. And, your expecting boneheads
> to actually see through the ten thousand tons of marketing BULLCRAP
> that Microsoft's bowl movements dump on the business world every year,
> claiming their stuff is so great, so secure, so all-fired-wonderful?
>
> You say the world really needs to protect itself from botnets?
> Jesus, I think the world REALLY needs to protect itself from
> MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER
> of responsibility for the piece-o-shit, holey as swiss cheese,
> crapware that they stick up the collective ass of the world's
> businesses every year.
>
> I can almost excuse the botnet writers - they at least are
> amoral sociopaths and are doing EXACTLY as I would expect criminals
> to behave. But, Microsoft couldn't be more two-faced if every
> one of their employees had eyes, ears, nose and a mouth on the
> back of their heads. They EVEN HAD a secure security model -
> remember NT 3.51? You know, the ONLY version of Windows where
> ring 0 was separated from usermode programs? And they chucked
> that out with NT4 when they pushed the video system into ring
> 0 so that crap-ass games could run faster. Who cares that
> it allowed malware to take over the system.
>
> Michael, get some perspective, please. Your blaming the victim.

I have few sites running webalizer. Webalizer is a tool to generate daily and monthly statistics about site accesses. None of these statistics show a Mac OS client among the top 15 User Agents. This is why botnet writers only care to write for the MS OSes: they are the most spread one. MacOS X invulnerability to botnets is less than proven and, given that most desktop computer users don't have any knowledge of what's going on behind their own monitor, I believe a botnet could gain access to a Mac OS X system as easily as it can to a MS one.

So, to me the victims actually are the culprit because probably they did allow a botnet to install into their systems. It doesn't matter if they are running Appl€, M$ or even a Sinclair system... They are (probably) computer-ignorant computer users who allowed a botnet to install an run and they probably wouldn't even care to remove the botnet if their peer didn't check their mail against some BLs.

This list is generally not interested in M$ vs Appl€ wars.

Giampaolo

>
> ...omissis...
>

tedm at ipinc

Nov 11, 2009, 5:34 PM

Post #3 of 18 (1476 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Giampaolo Tomassoni wrote:
>> Michael Scheidell wrote:
>>
>> ...omissis...
>>
>> If our clients were DELIBERATELY spamming, say they thought they
>> were going to send out a marketing mail or some such, then you
>> would be correct.
>>
>> But they were not. They were simply using the largest software
>> company on Earth's products - Microsoft - like everyone else in the
>> world who has those products do.
>>
>> I have a Mac G4 running OSX sitting on my desk here, next to my
>> Windows box. I also have a FreeBSD system running FreeBSD6 and
>> firefox 3 in the other room.
>>
>> On either of those systems I could have done EXACTLY THE SAME THING
>> that the user at this client who got cracked into did - I could
>> have opened the same e-mails, gone to the same websites, etc. - and
>> I WOULDN'T have been cracked.
>>
>> So, explain again why this was THEIR fault? Don't you think that
>> the botnet writer has just a tiny tiny bit of blame here? What
>> about the software developer being paid more money than God sitting
>> up in a nice comfortable office in Redmond who wrote that piece of
>> shit that our client was using, and included dozens of security
>> holes that are exploited by botnet writers, don't you think that HE
>> has just a tiny tiny bit of culpability?
>>
>> Every other current production operating system on the face of the
>> earth doesn't seem to be regularly hijacked by spammers. So, why
>> are you going to give Microsoft a pass?
>>
>> Why exactly is it that when a user of Microsoft Windows doesn't
>> apply patches that it's their fault when their system is cracked?
>> What exactly do you think a patch IS? If their system had been
>> written properly in the beginning it wouldn't need to be patched.
>> If they weren't logged in as administrator - which is necessary for
>> Windows desktop systems since most Windows software developers are
>> shit-ass lazy bastards who ignore the Microsoft directives about
>> writing usermode programs so they don't have to run as the root, I
>> mean administrative, user to get any functionality out of them -
>> then even if they had been cracked it would only be their profile
>> trashed, and the bot wouldn't go any further.
>>
>> If you write software for Apple and you do it in such a way that
>> your MacOS X software requires root access to run, then if your
>> software gets ANY amount of visibility, you will get a call from
>> Apple politely trying to educate you, and if you ignore this then
>> they get nasty, and if you ignore that, then they publically speak
>> against your software - and then all the Apple users will stop
>> buying your shit, and you will be out of business.
>>
>> What, you think Microsoft has LESS pull than Apple in this area,
>> and couldn't do the same thing?
>>
>> In the last 3-4 years there's been less than 5 root-exploitable
>> holes in Apache - which is arguably the most popular UNIX program
>> ever, and is installed on the most Unix systems in the world - yet
>> Apache isn't even installed on all of them. I can't remember when
>> the last root-exploit came out for a program that is enabled on
>> FreeBSD out of the box - it might have been the Telnet bug so many
>> years ago.
>>
>> Yet, every week there's DOZENS of security patches that MS releases
>> for XP and Vista and soon, Windows 7.
>>
>> So, please save your moralizing. Microsoft is the richest software
>> company in the world, they get PAID REAL MONEY by everyone that
>> uses their crap - yet they can't produce a secure OS to save their
>> lives. By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID,
>> and all ROUTINELY release os's that are not attackable by botnets.
>> And Apple used FreeBSD as it's base for Darwin - and they ALSO have
>> no problems in this regard either. Please, name 5 viruses that
>> routinely attack MacOSX.
>>
>> Our clients retain outside expertise because THEY KNOW THEY ARE
>> BONEHEADS when it comes to software. And, your expecting boneheads
>> to actually see through the ten thousand tons of marketing
>> BULLCRAP that Microsoft's bowl movements dump on the business world
>> every year, claiming their stuff is so great, so secure, so
>> all-fired-wonderful?
>>
>> You say the world really needs to protect itself from botnets?
>> Jesus, I think the world REALLY needs to protect itself from
>> MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER of
>> responsibility for the piece-o-shit, holey as swiss cheese,
>> crapware that they stick up the collective ass of the world's
>> businesses every year.
>>
>> I can almost excuse the botnet writers - they at least are amoral
>> sociopaths and are doing EXACTLY as I would expect criminals to
>> behave. But, Microsoft couldn't be more two-faced if every one of
>> their employees had eyes, ears, nose and a mouth on the back of
>> their heads. They EVEN HAD a secure security model - remember NT
>> 3.51? You know, the ONLY version of Windows where ring 0 was
>> separated from usermode programs? And they chucked that out with
>> NT4 when they pushed the video system into ring 0 so that crap-ass
>> games could run faster. Who cares that it allowed malware to take
>> over the system.
>>
>> Michael, get some perspective, please. Your blaming the victim.
>
> I have few sites running webalizer. Webalizer is a tool to generate
> daily and monthly statistics about site accesses. None of these
> statistics show a Mac OS client among the top 15 User Agents. This is
> why botnet writers only care to write for the MS OSes: they are the
> most spread one.

You never heard of http://en.wikipedia.org/wiki/Morris_worm then?

Way fewer systems back than than MacOS X systems on the Internet today.

We definitely have critical mass of non-Windows systems for a virus to
spread among them.

> MacOS X invulnerability to botnets is less than
> proven

First, what affects users is deployed bots, NOT how vulnerable the
system is.

Second, I was talking about every other OS than Windows - that
isn't just MacOS X, it's Linux and FreeBSD and Linux certainly has far
greater installed base than MacOS X. I'm not sure why your wanting to
cast this as a Mac vs PC thing, because it's not - it's a Windows vs
the rest of the world, thing.

You are also highly misinformed about botnets. All a bot needs is
a critical mass of systems on the Internet to spread. Those systems
do not need to be every system on the Internet, they do not need to
be the most spread system.

I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
yet there were far fewer of them than OSX today.

When MacOS X came it out pretty much put all the anti-virus writers
that wrote Mac-only AV software out of business, and the ones
that wrote dual-Windows/Mac AV software mostly dropped their Mac OS
AV products. And today there's far, far more MacOS X systems online
than there ever were System 9 Macs online.

The AV software today that runs on MacOS X, like for example ClamAV,
is exclusively used to scan for WINDOWS viruses. That AV software
also builds and runs perfectly on FreeBSD, SunOS and Linux, as
well as the other commercial Unixes.

Bots don't exist for Linux/FreeBSD/OpenBSD because those
bot writers have repeatedly tried to write bots for them
and FAILED, simple as that. And as for MacOS X, there's been only
a small handful of security breaches - the most publicized ones
are the ones that the PWN to OWN Zero Day contest disclosed - and
there's NO bots in the wild that take advantage of any of
those holes. NONE of the PWNtoOWN contests resulted in an owned
Linux system, for that matter.

For crying out loud, the bot writers built a botnet out of
NON-WINDOWS-ROUTERS because the manufacturer-supplied firmware
is so crappy on them. Apparently you never heard of Network Bluepill?

http://en.wikipedia.org/wiki/Psyb0t

http://arstechnica.com/business/news/2008/01/wireless-router-security-flaws-could-fuel-viral-outbreak.ars

Note that BluePill spreads through holes in the http server on
these routers. That's because while these systems run BusyBox
Linux, they don't run Apache as a webserver (it's too big) and
BusyBox stripped all user-auth stuff out of Linux to shrink it
down, so once your on one of these routers, your root.

If you think that the bot writers aren't periodically
attempting to write Linux/FreeBSD/MacOS X bots, your
very naieve. They have been trying for a decade, getting
nowhere, and only succeeding on a Linux version that stripped
out all security. For the record, the PWNtoOWN contest vulnerability was
in Flash, not MacOSX, that vulnerability certainly existed BEFORE the
Zero Day contest, yet was never exploited by a botnet - obviously
because the bot writers realized that it was more complex
to exploit than the contest made it appear to be.

> and, given that most desktop computer users don't have any
> knowledge of what's going on behind their own monitor, I believe a
> botnet could gain access to a Mac OS X system as easily as it can to
> a MS one.
>

Dream on. Obviously your a pro-Windows person and anti-Linux
person and you cannot tolerate your image of Windows being torn down.

Fact: Most spam that comes from botnets comes from bots on rooted
WINDOWS systems. Deal with it. Claiming Unix is vulnerable in
the lab is a waste of time.

> So, to me the victims actually are the culprit because probably they
> did allow a botnet to install into their systems. It doesn't matter
> if they are running Appl€, M$ or even a Sinclair system...

Sinclair doesn't have critical mass and never did.

Your simply blaming the victim. Let me spell it out more simply.
The cause of this are the virus writers, enabled by incompetent
Microsoft programmers who leave hundreds of holes in Windows,
and enabled by Microsoft Corp's corporate culture that "Security
is Somebody Else's Problem", and funded by the spammers who
are mostly organized crime syndicates, nowadays.

The victims are the consumers who spend hard-earned cash on their
Windows systems, expect them to work properly, and have no
interest in spamming anyone.

> They are
> (probably) computer-ignorant computer users who allowed a botnet to
> install an run and they probably wouldn't even care to remove the
> botnet if their peer didn't check their mail against some BLs.
>

Those computer-ignorant users are the ones funding your paycheck.
If they knew what they were doing they wouldn't need you. Try
having a bit more respect for them.

You might consider this, that if you could get more of them
"computer-ignorant computer users" switched to Linux or MacOS X
then we wouldn't have as many vulnerable systems, because
Mickeysoft in Redmond might actually see a reduction of the
number of semitrucks full of cash that pull into their office
every day, and as a result might get serious about security
in their OS.

When Vista Home by default sets up the operator account as
Administrator, and to auto-login, with NO password, that's not being
serious about security.

> This list is generally not interested in M$ vs Appl€ wars.
>

May I ask how you were appointed list spokesperson? Just curious.

Ted

> Giampaolo
>

>
>> ...omissis...
>>
>
>

kremels at kreme

Nov 11, 2009, 6:12 PM

Post #4 of 18 (1472 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote:
> I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
> yet there were far fewer of them than OSX today.

Er… that is simply not true. Not in anyway.

As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm).

--
Strange things are afoot at the Circle K

scheidell at secnap

Nov 12, 2009, 5:33 AM

Post #5 of 18 (1475 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Ted Mittelstaedt wrote:
> Giampaolo Tomassoni wrote:
>
> Dream on. Obviously your a pro-Windows person and anti-Linux
> person and you cannot tolerate your image of Windows being torn down.
>
I seriously doubt Giampaolo is 'pro-windows', and your argument started
with me, thinking that somehow I was pro windows.

I run a 100% Freebsd shop for servers, I am the official ports
maintainer for the freebsd SA port, surly you can't say I am pro-windows.
/* disclaimer.. I use razor, which is NOT cloudmark, and the razor
plugin for SA does NOT 'blacklist' ip addresses
my desktop does run mac osx.. with clamav, because there ARE worms for
mac osx
*/

put your head in the sand, obviously you aren't getting enough money to
pay you to fix your clients computers.
if you want to blame MS, then don't deal with any clients who use MS.
if you want to help your clients, then set up a good update/fix/ scan/
patch, audit policy.

not our fault, its your client.

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

tedm at ipinc

Nov 12, 2009, 10:36 AM

Post #6 of 18 (1471 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

LuKreme wrote:
> On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote:
>> I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
>> yet there were far fewer of them than OSX today.
>
>
> Er… that is simply not true. Not in anyway.
>
> As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm).
>
>

It IS true. Obviously you were one of the lucky younger folks who
never had to do much admining of Macs. I've admined networks with
Macs on them since the Mac Toaster came out.

Symantec Antivirus for MacOS (pre-OSX) when it was still available was
up to several hundred for MacOS Classic. Heck, one of the first
Apple viruses was Leap-A - it infected Apple IIs back in 1982.

Trust me, I used to work at Symantec - they NEVER sell a product that
they can't make money on, not for long, anyways. If Mac Classic was
as virus resistant as you think it was, Symantec would have never
got into that market.

MacOS Classic was particularly bad since so many of them were in
classroom lab environments - when 1 got a virus, they all would
since apple filesharing considered everything on the Appletalk network
a trusted system.

Keep in mind of course that few Mac Classic systems were on the Internet
past 2003. Classic's Internet days didn't last much more than 5-6
years, the most common vector for MacOS Classic system viruses to
spread was infected files shared on floppies or downloaded from BBS
systems.

Everything changed when MacOS X came. Last year, Macworld found a
grand total of 49 infected MacOS X systems - yep, that's 49 in
the entire history of MacOSX. But, don't get too puffed up about it,
the winner of the Zero Day Mac cracking contest has repeatedly warned
that there are more than enough Macs out there for a Mac bot to be
self-sustaining.

And, I still think there's only been less than 10 Linux viruses, all of
them laboratory curiosities only.

Ted

hoogendyk at bio

Nov 12, 2009, 10:55 AM

Post #7 of 18 (1466 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Ted Mittelstaedt wrote:
> LuKreme wrote:
>> On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote:
>>> I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
>>> yet there were far fewer of them than OSX today.
>>
>> Er… that is simply not true. Not in anyway.
>>
>> As I recall, there were a total of 31 viruses for System 7 and one
>> CD-ROM worm for System 8/9 (Autostart Worm).
>
> It IS true. Obviously you were one of the lucky younger folks who
> never had to do much admining of Macs. I've admined networks with
> Macs on them since the Mac Toaster came out.
>
> Symantec Antivirus for MacOS (pre-OSX) when it was still available was
> up to several hundred for MacOS Classic. Heck, one of the first
> Apple viruses was Leap-A - it infected Apple IIs back in 1982.
>
> Trust me, I used to work at Symantec - they NEVER sell a product that
> they can't make money on, not for long, anyways. If Mac Classic was
> as virus resistant as you think it was, Symantec would have never
> got into that market.
>
> MacOS Classic was particularly bad since so many of them were in
> classroom lab environments - when 1 got a virus, they all would
> since apple filesharing considered everything on the Appletalk network
> a trusted system.
>
> Keep in mind of course that few Mac Classic systems were on the Internet
> past 2003. Classic's Internet days didn't last much more than 5-6
> years, the most common vector for MacOS Classic system viruses to
> spread was infected files shared on floppies or downloaded from BBS
> systems.
>
> Everything changed when MacOS X came. Last year, Macworld found a
> grand total of 49 infected MacOS X systems - yep, that's 49 in
> the entire history of MacOSX. But, don't get too puffed up about it,
> the winner of the Zero Day Mac cracking contest has repeatedly warned
> that there are more than enough Macs out there for a Mac bot to be
> self-sustaining.
>
> And, I still think there's only been less than 10 Linux viruses, all of
> them laboratory curiosities only.

I don't know about Linux viruses; BUT, I do remember less than ten years
ago when it was virtually impossible to build a Linux box with a hot
online connection, because you would get hacked before you could even
download the patches. I had a friend who built his system and got hacked
several times before he decided he needed to download patches ahead of
time and build it all in an off line environment. That gave him enough
time to go through all the patches and lock down procedures before he
put it online. He still got hacked again at least once after that.

I also heard stories of my son doing battle with hackers who had gotten
into his Linux system.

--
---------------

Chris Hoogendyk

-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk [at] bio>

---------------

Erdös 4

tedm at ipinc

Nov 12, 2009, 11:15 AM

Post #8 of 18 (1470 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Chris Hoogendyk wrote:
>
>
> Ted Mittelstaedt wrote:
>> LuKreme wrote:
>>> On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote:
>>>> I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
>>>> yet there were far fewer of them than OSX today.
>>>
>>> Er… that is simply not true. Not in anyway.
>>>
>>> As I recall, there were a total of 31 viruses for System 7 and one
>>> CD-ROM worm for System 8/9 (Autostart Worm).
>>
>> It IS true. Obviously you were one of the lucky younger folks who
>> never had to do much admining of Macs. I've admined networks with
>> Macs on them since the Mac Toaster came out.
>>
>> Symantec Antivirus for MacOS (pre-OSX) when it was still available was
>> up to several hundred for MacOS Classic. Heck, one of the first
>> Apple viruses was Leap-A - it infected Apple IIs back in 1982.
>>
>> Trust me, I used to work at Symantec - they NEVER sell a product that
>> they can't make money on, not for long, anyways. If Mac Classic was
>> as virus resistant as you think it was, Symantec would have never
>> got into that market.
>>
>> MacOS Classic was particularly bad since so many of them were in
>> classroom lab environments - when 1 got a virus, they all would
>> since apple filesharing considered everything on the Appletalk network
>> a trusted system.
>>
>> Keep in mind of course that few Mac Classic systems were on the Internet
>> past 2003. Classic's Internet days didn't last much more than 5-6
>> years, the most common vector for MacOS Classic system viruses to
>> spread was infected files shared on floppies or downloaded from BBS
>> systems.
>>
>> Everything changed when MacOS X came. Last year, Macworld found a
>> grand total of 49 infected MacOS X systems - yep, that's 49 in
>> the entire history of MacOSX. But, don't get too puffed up about it,
>> the winner of the Zero Day Mac cracking contest has repeatedly warned
>> that there are more than enough Macs out there for a Mac bot to be
>> self-sustaining.
>>
>> And, I still think there's only been less than 10 Linux viruses, all of
>> them laboratory curiosities only.
>
> I don't know about Linux viruses; BUT, I do remember less than ten years
> ago when it was virtually impossible to build a Linux box with a hot
> online connection, because you would get hacked before you could even
> download the patches. I had a friend who built his system and got hacked
> several times before he decided he needed to download patches ahead of
> time and build it all in an off line environment. That gave him enough
> time to go through all the patches and lock down procedures before he
> put it online. He still got hacked again at least once after that.
>
> I also heard stories of my son doing battle with hackers who had gotten
> into his Linux system.
>
>

Keep in mind that those were not the Linus-written Linux programs, those
were programs like Telnet, Sendmail, etc. which predated both Linux, the
GPL, and GNU in many cases - and Linus merely took those programs and
applied his license to them.

I think the OpenBSD people in particular would object to people saying
that one of their boxes with Sendmail compiled on it, that was hacked
into, was insecure. FreeBSD likely as well.

Once Linus's clue phone rang and he changed the load defaults to
have all those programs disabled during installation, Linux stopped
having those problems.

MacOS X is a bit different animal because Apple only pulled over the
FreeBSD kernel and NeXT code when they created Darwin - and they have
done their best to remove or disable the good Unix utilities, and
replace them with their irritating GUI ones.

When you have a program like Flash that is insecure and is a vector
for bots and viruses to infect an OS, it's not really accurate to claim
that the OS is insecure just because it got hacked as a result of
Flash - incidentally, both MacOS X and Windows have been compromised
as a result of loading Flash on them.

Ted

jhardin at impsec

Nov 12, 2009, 11:31 AM

Post #9 of 18 (1470 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On Thu, 12 Nov 2009, Ted Mittelstaedt wrote:

> Chris Hoogendyk wrote:
>>
>> I also heard stories of my son doing battle with hackers who had
>> gotten into his Linux system.
>
> Keep in mind that those were not the Linus-written Linux programs, those
> were programs like Telnet, Sendmail, etc. which predated both Linux, the
> GPL, and GNU in many cases - and Linus merely took those programs and
> applied his license to them.
>
> I think the OpenBSD people in particular would object to people saying
> that one of their boxes with Sendmail compiled on it, that was hacked
> into, was insecure. FreeBSD likely as well.
>
> Once Linus's clue phone rang and he changed the load defaults to have
> all those programs disabled during installation, Linux stopped having
> those problems.

Ted, I think you're attributing far too much to Linus here. The distro
maintainers decide which service daemons they include and set their
initial startup policies. Linus just developed the kernel.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If "healthcare is a Right" means that the government is obligated
to provide the people with hospitals, physicians, treatments and
medications at low or no cost, then the right to free speech means
the government is obligated to provide the people with printing
presses and public address systems, the right to freedom of
religion means the government is obligated to build churches for the
people, and the right to keep and bear arms means the government is
obligated to provide the people with guns, all at low or no cost.
-----------------------------------------------------------------------
34 days since President Obama won the Nobel "Not George W. Bush" prize

tedm at ipinc

Nov 12, 2009, 11:44 AM

Post #10 of 18 (1467 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Michael Scheidell wrote:
> Ted Mittelstaedt wrote:
>> Giampaolo Tomassoni wrote:
>>
>> Dream on. Obviously your a pro-Windows person and anti-Linux
>> person and you cannot tolerate your image of Windows being torn down.
>>
> I seriously doubt Giampaolo is 'pro-windows', and your argument started
> with me, thinking that somehow I was pro windows.
>
> I run a 100% Freebsd shop for servers, I am the official ports
> maintainer for the freebsd SA port, surly you can't say I am pro-windows.

And I wrote a book about FreeBSD:

http://www.freebsd-corp-net-guide.com/

so can we stop comparing dick sizes and get back to the discussion?

> /* disclaimer.. I use razor, which is NOT cloudmark, and the razor
> plugin for SA does NOT 'blacklist' ip addresses
> my desktop does run mac osx.. with clamav, because there ARE worms for
> mac osx
> */
>
> put your head in the sand, obviously you aren't getting enough money to
> pay you to fix your clients computers.

As I already stated...

> if you want to blame MS, then don't deal with any clients who use MS.
> if you want to help your clients, then set up a good update/fix/ scan/
> patch, audit policy.
>
> not our fault, its your client.
>

You know, back in 2000 when I published that book I used to think the
way you did - that if I could but just get those dumb Windows customers
to realize that it's their choice of operating system that is providing
the buco bucks to support Microsoft's lazy ass, and perpetuating the
problem with viruses, that they would all have a flash of insight and
immediately stop funding the Evil Empire, and MS would disappear in a
cloud of smoke, and life would be wonderful in the computer industry again.

Then, I grew up. Seriously.

I understand your POV - that when people choose to buy Windows, they
choose a bug-ridden, filthy piece of sheit OS, and it's their choice
of that which creates the environment to allow these evil scammers and
spammers to proliferate and torture the rest of us. Thus, it's
their fault, and screw them and the OS they rode in on.

However, your never going to get those people to stop using Windows
and start using something better like FreeBSD, until you and your
aliases lose that attitude.

These buyers of Windows don't know a security hole from a bung-hole.
All they care about is being able to surf the web/watch hulu/run
their business/send an e-mail/etc. Most of them don't even have a
choice anyway - when they go into the store, and see the Dell
sitting there with Win 7 preloaded costing $399 on sale, and
right next to it the same system Dell sitting there with Linux
preloaded costing $499, and never on sale, it doesn't take a
rocket scientist to realize that the $499 system is nothing more
than a token that Dell throws out to make the claim that they
do actually offer Linux preloads. And the reason the retailer is
willing to take a hit on his markup on the $399 Dell and not on
the $499 Dell is because he sells 1000 of those a month, and 20 of the
Linux Dells a month. So, the customer buys the cheaper machine
and cha-ching, another $30 goes off into the wormhole to the Microsoft
vault.

Microsoft has organized the computer industry so that they have a
guaranteed revenue stream. They are as much a marketing company
as a software company - they are, in fact, exactly like CocaCola
in this regard. They have it fixed so that even the people who
are planning on wiping their shit off the hard drive of the new
computer before even booting it up, pay them something. That is
the reality of it - and expecting the average user to buck this
trend is frankly asking way, way too much.

If your shopping for a new car, and I told you to buck the trend
and spend $10K more money for an all-electric car that has 3
wheels and a top speed of 35mph and isn't licensed to go on the
highway, just because the automakers who produce gas-burners are
evil, would you do it? Of course you wouldn't. Yet your attitude
towards the average user is EXACTLY the same. You blame them for
propping up MS, I blame you for destroying the planet when you
drive a gas burner to your Save The Whales conventions.

If you ever want FreeBSD, or Linux or any non-Windows system to
grow, the ONLY way is to understand that the average Windows-running
user is a victim from the moment he walks into the computer store
and plunks down his cash for a machine. He's just looking for
solutions. Give them to him, and he will do whatever you tell him
to. The Linux people found that out which is why Ubuntu is kicking
ass in the distribution game, even though it's not as good as Debian.
And, we here found that out which is why SA is the most popular content
filter out there.

Ted

PS, if your really the SA porter, thanks for your effort!

tedm at ipinc

Nov 12, 2009, 11:46 AM

Post #11 of 18 (1466 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

John Hardin wrote:
> On Thu, 12 Nov 2009, Ted Mittelstaedt wrote:
>
>> Chris Hoogendyk wrote:
>>>
>>> I also heard stories of my son doing battle with hackers who had
>>> gotten into his Linux system.
>>
>> Keep in mind that those were not the Linus-written Linux programs,
>> those were programs like Telnet, Sendmail, etc. which predated both
>> Linux, the GPL, and GNU in many cases - and Linus merely took those
>> programs and applied his license to them.
>>
>> I think the OpenBSD people in particular would object to people saying
>> that one of their boxes with Sendmail compiled on it, that was hacked
>> into, was insecure. FreeBSD likely as well.
>>
>> Once Linus's clue phone rang and he changed the load defaults to have
>> all those programs disabled during installation, Linux stopped having
>> those problems.
>
> Ted, I think you're attributing far too much to Linus here. The distro
> maintainers decide which service daemons they include and set their
> initial startup policies. Linus just developed the kernel.
>

Your absolutely right, of course. Cheap, (but fun) shot.

Ted

scheidell at secnap

Nov 12, 2009, 12:22 PM

Post #12 of 18 (1468 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

Ted Mittelstaedt wrote:
>
>
> PS, if your really the SA porter, thanks for your effort!

easy enough to verify:
<http://www.freebsd.org/cgi/ports.cgi?query=scheidell&stype=maintainer>

--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

uhlar at fantomas

Nov 13, 2009, 12:12 AM

Post #13 of 18 (1448 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On 12.11.09 13:55, Chris Hoogendyk wrote:
> I don't know about Linux viruses; BUT, I do remember less than ten years
> ago when it was virtually impossible to build a Linux box with a hot
> online connection, because you would get hacked before you could even
> download the patches. I had a friend who built his system and got hacked
> several times before he decided he needed to download patches ahead of
> time and build it all in an off line environment. That gave him enough
> time to go through all the patches and lock down procedures before he
> put it online. He still got hacked again at least once after that.
>
> I also heard stories of my son doing battle with hackers who had gotten
> into his Linux system.

hmmm, I don't remember this last >12 years working with debian.
However we are highly off-topic and should stop this discussion or move it
on a different place.
--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

richard at buzzhost

Nov 13, 2009, 12:38 AM

Post #14 of 18 (1443 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote:
> On 12.11.09 13:55, Chris Hoogendyk wrote:
> > I don't know about Linux viruses; BUT, I do remember less than ten years
> > ago when it was virtually impossible to build a Linux box with a hot
> > online connection, because you would get hacked before you could even
> > download the patches. I had a friend who built his system and got hacked
> > several times before he decided he needed to download patches ahead of
> > time and build it all in an off line environment. That gave him enough
> > time to go through all the patches and lock down procedures before he
> > put it online. He still got hacked again at least once after that.
> >
> > I also heard stories of my son doing battle with hackers who had gotten
> > into his Linux system.
>
I think you may have your Windows -v- Linux mixed up and this kind of urban myth
belongs in the battles that go on in the COLA Flame Wars (that often surface around
the release of a new Windo$e)

Caveats such as week passwords, open ports and advertising insecure services
are the domain of poor administration and understanding - they are not Operating
System dependent.

Exempting organised spam gangs and their infrastructure, it's probably fair to say that
most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets
when I see it happening :-)

hoogendyk at bio

Nov 13, 2009, 4:58 AM

Post #15 of 18 (1432 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

richard [at] buzzhost wrote:
> On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote:
>
>> On 12.11.09 13:55, Chris Hoogendyk wrote:
>>
>>> I don't know about Linux viruses; BUT, I do remember less than ten years
>>> ago when it was virtually impossible to build a Linux box with a hot
>>> online connection, because you would get hacked before you could even
>>> download the patches. I had a friend who built his system and got hacked
>>> several times before he decided he needed to download patches ahead of
>>> time and build it all in an off line environment. That gave him enough
>>> time to go through all the patches and lock down procedures before he
>>> put it online. He still got hacked again at least once after that.
>>>
>>> I also heard stories of my son doing battle with hackers who had gotten
>>> into his Linux system.
>>>
> I think you may have your Windows -v- Linux mixed up and this kind of urban myth
No mixup. Firsthand observations. It's also the reason the department I
moved to around that time chose OpenBSD for its network related boxes
(firewalls, filtering bridges, etc), rather than Linux. There were too
many kernel exploits being turned up for Linux around that time. Again,
we're talking historical. We are just now converting old boxes to Linux
with IPTables as we replace them, mostly due to aging hardware finally
failing.

> Caveats such as week passwords, open ports and advertising insecure services
> are the domain of poor administration and understanding - they are not Operating
> System dependent.
But they are in the realm of distributions. If an OS or distribution has
all that configured and open by default, then they are part of the
problem. Those distributing Linux learned that much more quickly than
Microsoft, but they were still part of the problem back in that time frame.

> Exempting organised spam gangs and their infrastructure, it's probably fair to say that
> most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets
> when I see it happening :-)
These days, yes, it is definitely Windo$e boxes and botnets as you say.
Linux has largely become much more secure. However, you do still see
periodic posts on LinuxQuestions.org from people whose systems have been
compromised asking for help. Nobody is totally safe.

As someone else has said, we are way off topic. I had resisted
responding to any of the exchanges, but could not ignore being told I
had it mixed up or that this was just an urban myth. I'd just as soon
drop it now. I actually do have a massive internet botnet targeting my
servers across three departments right now. I've blocked thousands of IP
addresses, but I have to do it carefully, because my own users travel
and make mistakes with their logins.

--
---------------

Chris Hoogendyk

-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk [at] bio>

---------------

Erd�s 4

hamann.w at t-online

Nov 13, 2009, 9:26 AM

Post #16 of 18 (1434 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

>>
>> Caveats such as week passwords, open ports and advertising insecure services
>> are the domain of poor administration and understanding - they are not Operating
>> System dependent.
>>
>> Exempting organised spam gangs and their infrastructure, it's probably fair to say that
>> most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets
>> when I see it happening :-)
>>
Hi,

myabe you should see it... :(

During the last month I recorded 1993 distinct IPs that were participating
in a distributed ssh attack - some of them changed, disappeared, and came back after a while,
so they seem to be mostly static addresses.
Starting Nov 1st, I implemented p0f on the server.
Out of the login attempts coming from this fairly huge amount of bots, a total of 4 events were attributed
to Windows XP an W98, abd a small percentage was classified as unknown by p0f
(these could be some special routers / gateways)
Where IPs looked like machines in a computer center, I occasionally had a closer look and found
newly created sites, machines perhaps not intended to run a plain webserver at all, and
sites inviting to log into plesk / confixx / whatever
One admin admitted that they were hacked through login guest / pass guest

Wolfgang

me at junc

Nov 13, 2009, 9:30 AM

Post #17 of 18 (1435 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On fre 13 nov 2009 18:26:07 CET, wrote
> One admin admitted that they were hacked through login guest / pass guest

and this is a real hack :)

--
xpoint

martin at gregorie

Nov 13, 2009, 10:01 AM

Post #18 of 18 (1435 views)
Permalink

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist] [In reply to]

On Fri, 2009-11-13 at 17:26 +0000, hamann.w [at] t-online wrote:

I've only used Red Hat flavours of Linux since RH 6.2 so I can't speak
for other distros, but here's my experience.

> Where IPs looked like machines in a computer center, I occasionally
> had a closer look and found newly created sites, machines perhaps not
> intended to run a plain webserver at all, and sites inviting to log
> into plesk / confixx / whatever
>
Up to the early Fedoras it was well known that a fresh install didn't
have a default firewall configured, so only a fool would do an install
and configure the network with an active LAN connection unless he was
behind a perimeter firewall or a NAT router.

> One admin admitted that they were hacked through login guest / pass
> guest
>
That could not have happened with any RedHat distro I've used for two
good reasons: (1) the installer does not create a guest login and (2)
root does not have a default password.

However, I have seen Unices and workalikes, such as Vos, that did set up
a standard set of user accounts with shells and a default password that
was used for all of them including root.

Martin

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads