PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : [Full-Disclosure] Someone hacked anti-spam database. World bouncing email



Houser
27.08.2003, 17:10
Some time before 11:30 AM Eastern time, the anti-spam database
socks.relays.osirusoft.com run by osirusoft.com seems to have been hacked.
Possibly thousands of innocent system admins then found that email their
users sent out was being bounced by uses of this database, even though
they never spammed, and never ran a `socks` proxy, and were not in the
dialup database (the FTC uses this to protect their `uce [at] ftc.gov`
address!)
I found bogus responses back on innocent ip addresses that seems to have
been `stuffed` into osirusoft.com socks.relays RBL., or an * wildcard has
replaced the legit database.
(including the netscreen list at qorbit.net)
The TXT record that responds is: Please stop using relays.osirusoft.com
Looking at news:news.admin.net-abuse.email I see several warning about
using relays.osirusoft.com
This is not surprising, since they run the (popular or un-popular)
anti-spam database `spews` and have been under DDOS and hacker attack for
months.
What appears to have happened, is maybe dns cache poising, DNS hyjacking,
or maybe someone directly compromised the dns server and edited the
database (or one of their secondaries) or, aliens in green suits decided
to block all email to anyone using the socks, dialups (and maybe spews)
databases?
---
Osirusoft is not hacked, all indications simply point at Joe being tired of
having an outdated DNSBL list . Letting every single query return a positive,
labelling everything as listed, is the perfect way to get the needed attention,
especially since most Osirusoft users have been unaware of the ongoing DDos
attack.
This is old news in news.admin.net-abuse.email and
news.admin.net-abuse.blocklisting. No hacks, but intentional misconfiguration.
As it says, stop using relays.osirusoft.com as a DNSBL since it is outdated and
can`t be properly updated due to ongoing attacks from spammers.

mana
27.08.2003, 17:17
klick (http://210112.antispam.de/topic.php?&board=210112&id=343834&forum=11719956)

Antispam,
UIID: [ID filtered]
Antispam.de - Zeigen Sie Offensive!

Houser
27.08.2003, 18:01
Kommt jetzt auch auf Heise:
http://www.heise.de/newsticker/data/uma-27.08.03-000/
und wir lieben Heise weiterhin:
Heise stellt Strafanzeige gegen Spammer
http://www.heise.de/newsticker/data/hob-27.08.03-001/