« Salon interviews the bearded one! | Main | Putting the cap on a bad day »

The day I banned half the internet

Being an administrator for Talk About Comics can be an exhausting experience. This morning, I awoke with a weird feeling of premonition, like a disturbance in the Force or something. I thought to myself "It's going to be one of those days when I start off motivated to do real work done, but this motivation will be defeated the moment I log on because there will be another spam attack on Talk About Comics." And Nostra-Dijkhuis was right again. There were already several complaints, both in the Trouble Ticket forum and elsewhere, about casino and other spams, following the same modus operandi as the attack that gave me so much trouble two weeks ago. Then, as now, old threads were resurrected with postings from Guests duko, bugi and wlulax_60, containing off-topic messages (variants from a small pool of standard texts) with a URL randomly inserted mid-sentence. They were once again posted from a wide range of IP addresses, in disparate ranges, but with about half of them belonging to one Internet Provider, Telefonica. When I logged on, Fearless Leader, who really has much more important things to do like paying me, hyping the Modern Tales sites and inventing new things to conquer the world with, had already deleted 120 of them. But they were still trickling in at a steady pace.

Once again, I set about neutering the spams by feeding the URLs to the Word Censor Filter, then banning the IPs from which they were posted, then deleting the messages themselves. I was frustrated to find that wildcards in the ban list didn't work the way I expected them to. But I've figured it out now. But even with wildcards for the third and fourth blocks of the IP addresses, I'm hitting the ban list often, and it really does feel like I'm banning half the internet, or at least most of Spain.
The process took hours of productive time away from me, in which I did things that were the opposite of fun. I am not a violent man, but I have some interesting ideas about how the appearance of the person behind these spams can be improved.

However, it would be better if I just channeled my anger towards something more public-spirited. The best thing I can think of is that the world needs to be warned against Telefonica. I googled for more info about spam coming through them, and the evidence is pretty damning. From The Abusive hosts blocking list:

The AHBL is blocking nearly all of Telefonica De Espana IP space currently. This is because of the ever increasing amount of spam and illegal 419 coming from rima-tde.net IP space.

TDE does not seem to care one way or another about the abuse and illegal activities coming from their network, and has not responded to any abuse or spam complaints, nor have they seem to have dealt with any of their customers.

In order for TDE netspace to be delisted, the following must occour:

* TDE must contact admins@2mbit.com and inform us of how they plan to clean up their network, and how they are currently cleaning up their network. If you are an end user, DO NOT CONTACT US. We are only interested in hearing from TDE themselves at this point.

* TDE must terminate their users which are sending spam and 419 scams and not just move them to another netblock to avoid the blocking.

* TDE must agree to continue to police their networks and deal with abuse in a timely fashion (72 hours or less).

Once TDE has compiled with the above, TDE netspace will be delisted. However, should it become known that TDE is ignoring complaints, or playing games with the spam fighting community, their netspace will be relisted and not removed for a minimum of 6 months.

[...]

This block would not be necessary if TDE actually made even the slightest effort to clean up their network - which they have yet to do.

Update - April 26th, 2004
...
TDE contacted us by e-mail and we were told by them that the cause of all of the 419 scams and spam was from the scammers operating out of Internet Cafe locations, and that they were working with the police to try and stop the problem.

However, when asked why TDE does not just block outgoing port 25 on their dynamic clients, we received no reply. We also asked that TDE provide us with details on exactly what their dynamic ranges are, so that we could better tune our blocks, and they have yet to get back to us on that either.

The only reason why we have resorted to this broad of a block is because TDE has not shown any effort to work with us to isolate the problem, and we continue to receive thousands of 419/spam attempts daily by Rima-TDE netspace to our own mail servers and other mail servers we monitor or run.

(Emphasis mine)

The Forum linked from the site makes for interesting reading as well:

I happen to be one of their users and I must say Telefonica not only ignores requests for fighting spam, they also ignore us. Did you know that most Telefonica's users have to run our own SMTP engine to send emails because the one they operate is completely useless? I was sick of having my mails lost with not even a "delivery failure" notification. I was tired of mails taking more than a week (!) to be delivered. So I, and most other users, decided to install SMTP servers on our own PCs.

In other words, their service is so bad that their users install their own replacements, with good odds that they will be leaky as an open sewer. That's like painting a target on your arse and bending over. These customers would be better off with a different ISP, and so would the rest of us.

This is about email spam, but the picture is pretty clear. TDE is not interested in doing something about abuse, and is doing a disservice to its clients and to the net at large. Noone who has a site or server to keep clean and functional should have any doubts about blocking/banning their IP ranges wholesale.

Comments (3)

Tempus:

I feel your pain...

Might consider treating yourself to this wonderful satire tee-shirt regarding the fine art of tracing spammers and dealing with them..

http://bofhcam.org/co-larters/tracing-spammers/index.html

No I'm not spamming for them, it's just I hate spammers too, I spend a bunch of time reporting them to their ISP's etc (www.spamcop.net is a wonderful thing...) My wife turned me onto that shirt, and it's just TOO cool for anyone that has to battle spammers...

If only there was a way to set phpBB so only logged-in users could post messages with URLs...

I thought there was, actually. But I've only heard of it and haven't investigated.

About

This page contains a single entry from the blog posted on July 23, 2004 8:30 PM.

The previous post in this blog was Salon interviews the bearded one!.

The next post in this blog is Putting the cap on a bad day.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34