Hi,

I've recently got a dedicated server at CyberWurx datacenter (the server is not through them, it's just co-located there), but I've just found out that all my IPs are listed in SPEWS SPAM database :(.

Apparently most of CyberWurx IPs are listed there.

Does any of you have dedicated server at CyberWurx datacenter?
Did you have any problems with IPs listed for SPAM?

I've found only good reviews for CyberWurx and their datacenter and I'll appreciate if you share your experience with them too.



Thanks,

Peter

I have 4 servers at CW, and yes, they are all on Spews. It appears spews decided to blacklist 5 C-Classes that belong to CyberWurx, and unfortunately all my servers are on them.

This is a recent problem, only happened 2-3 days ago, and CW said they are working on it but since its going to be hard to get off spews they want to move me to another IP block. I'm not sure if I will go ahead and move yet.

There are a lot of datacenters that have 'problems' with Spews. However, I wouldn't really consider a Spews listing a problem anymore. Basically any client that Spews once had, has left for a blacklist that actually -- well, works. Spews has been known to blacklist whole class C's due to just a few reports, which is rather ridiculous. Even if that datacenter then kicked those few people that caused the spam reports, Spews very rarely removes listings now.

A Spews listing would be something that I would basically put on the back burner. Now if you're blacklisted in Spamhaus, then I might push for some answers from the datacenter.

Actually most of it is on level 0, which means it's not listed and level 2 which (according to the spews faq) may include inadvertent blocking... Most appliances will block level 1 only by default.

They will assign a clean IP if you request. ;)

Originally posted by inogenius
Spews has been known to blacklist whole class C's due to just a few reports, which is rather ridiculous.

They've been 'known' to based on 'just a few' reports? Can you provide a specific example?

Spews' method is to start with the spamming IP (singular) and gradually increase the listing if the spamming continues. The most common exception is when known spammers pick up entire /24s or greater right off the bat.

Even if that datacenter then kicked those few people that caused the spam reports, Spews very rarely removes listings now.

Completely false. Spews constantly removes/updates listings.

A Spews listing would be something that I would basically put on the back burner.

That's some pretty reckless advice you're handing out, inogenius. Spews is widely deployed - only a complete fool would ignore their listing.

-B

Originally posted by devioustrap
IThis is a recent problem, only happened 2-3 days ago, and CW said they are working on it but since its going to be hard to get off spews they want to move me to another IP block. I'm not sure if I will go ahead and move yet.

Just an FYI - although the particular problem you're experiencing only happened within the last few days, cyberwurx has had large chunks of their space listed for years.

-B

Originally posted by TMX
only a complete fool would ignore their listing.

Some will argue that only a complete fool would use Spews as a blacklist on their servers.

Originally posted by Stormhosts
Some will argue that only a complete fool would use Spews as a blacklist on their servers.

I Second that.

Originally posted by Stormhosts
Some will argue that only a complete fool would use Spews as a blacklist on their servers.

Be that as it may, the fact remains that it is widely deployed, and as such has the potential to cause problems for those listed.

-Bob

Do you feel it is still widely deployed though? I got the impression that Spews users have died down now. A couple of years back on WHT, Spews was mentioned a lot but these days I dont seem to read or hear much at all about it.

Thanks for all responses guys.

Originally posted by UltraUnixNET
They will assign a clean IP if you request. ;)

Aren't prety much all CyberWurx IPs blacklisted on SPEWS?
I talked to my provider, and they said that this is the case.


Thanks,

Peter

Originally posted by poncho2000
Thanks for all responses guys.



Aren't prety much all CyberWurx IPs blacklisted on SPEWS?
I talked to my provider, and they said that this is the case.


Thanks,

Peter


See my entry a few posts above. Leve 0 means not-listed.

Thanks!

Originally posted by VapoRub
I Second that.

I'll have a cup of that too, please.

Originally posted by TMX
Be that as it may, the fact remains that it is widely deployed, and as such has the potential to cause problems for those listed.

-Bob
Maybe that was the case a few years ago. Surely it is not anymore, especially after they decided to blacklist nearly every IP on the internet in attempt to get back at the people DDOS'ing them, or whatever their reasoning is. That's what I call foolishness.

Likewise, I never said to ignore a blacklisting from Spews. Rather, I said I wouldn't put it as your top priority. If you got listed in a legitimate, and decently respected agency, then it's something you're likely going to want to work on right away. Spews however I would say is nothing more than "when or if you get around to it."

Originally posted by idologic_dh
See my entry a few posts above. Leve 0 means not-listed.

Thanks!

Thanks,

I saw your post but how do you know what level certain IP falls under?
For example this report, how do you find the levels there:

http://spews.org/html/S1025.html

Is the level the number listed before the IP range?



Thanks,

Peter

Originally posted by poncho2000
Thanks,

I saw your post but how do you know what level certain IP falls under?
For example this report, how do you find the levels there:

http://spews.org/html/S1025.html

Is the level the number listed before the IP range?



Thanks,

Peter
Correct. The number listed in front of the IP Range is the listing level that it is under.

Thanks,

The general consensus seems to be "Don't bother with SPEWS".
Does any of you has IPs listed in SPEWS? Do you get many complaints from customers for bounced emails due to SPEWS listings?

My IPs have level 2 SPEWS listings, is that a reason for concern? Would you switch providers or request a set of clean IPs if your IPs have level 2 SPEWS listings?


Thanks everybody for sharing your experiences and opinions,

Peter

Originally posted by inogenius
Maybe that was the case a few years ago. Surely it is not anymore, especially after they decided to blacklist nearly every IP on the internet in attempt to get back at the people DDOS'ing them, or whatever their reasoning is. That's what I call foolishness.


Please get your facts straight...

SPEWS never blacklisted everyone on the planet. Osirussoft did.
Many used the list published by Joe Jared over his DSL line at Osirussoft. Joe finally had enough and put a record in that blacklisted everything and everyone. The list that Osirussoft publised contained the L1 stuff from SPEWS in addidtion to Joe's contributions. Everyone using the list at Osirussoft got burned by Joe; not SPEWS.

Ugh, lord how i hate spews.

We were using spews on our IRC network to filter out botnet's, proxy abusers, etc. It did stop a few proxy kiddies, but we found we were blocking out something like 500 real, legit, users due to some of the massive ban blocks (like, most of brazil is filtered or something retarded like that :P)

But ya, i just use a few other lists, seem to work fine.

~Francisco Dias

Originally posted by inogenius
Maybe that was the case a few years ago. Surely it is not anymore, especially after they decided to blacklist nearly every IP on the internet in attempt to get back at the people DDOS'ing them, or whatever their reasoning is. That's what I call foolishness.

You are obviously unfamiliar with the events you're attempting to comment on, and should probably refrain from further commentary until you do some fact checking.

You're confusing Spews with Osirusoft, a dnsbl operator who served up spews along with several other lists, and who ceased operation a couple of years ago after being ddosed to death.. Joe Jared, Osirusoft's maintainer, decided upon shutting down Osirusoft that all queries to his lists from that point forward should return a positive result, meaning that all IPs checked against his lists would come back as listed. This was a stupid, irresponsible move on Jared's part, and caused all kinds of problems for those who weren't aware of what he had done.

http://groups.google.co.uk/groups?hl=en&lr=&threadm=bigel1%241fbm%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26selm%3Dbigel1%25241fbm%25241%2540FreeBSD.csie.NCTU.edu.tw

If you got listed in a legitimate, and decently respected agency, then it's something you're likely going to want to work on right away. Spews however I would say is nothing more than "when or if you get around to it."

You're missing the point. Being 'decent' or 'respected' has nothing to do with it. Being widely deployed does. A quick survey of the higher-traffic email related newsgroups and mailing lists will show that the spews list is still very popular, the biggest piece of evidence being the sheer number of de-listing requests.

You can do whatever you want with regards to your own servers, I certainly have no problem with that. However, I stand by what I said - suggesting that others dont sweat their spews listings is both reckless and irresponsible, particularly since you're basing your position on events that never happened.

-Bob

Originally posted by poncho2000
The general consensus seems to be "Don't bother with SPEWS".

Be very careful which advice you choose to follow. You may want to do some independent research away from WHT and then make a decision based on what you find.

Does any of you has IPs listed in SPEWS?

Had a minor listing a while back.

Do you get many complaints from customers for bounced emails due to SPEWS listings?

I check my IPs against the various DNSBLs daily, so caught my spews listing and rerouted that machine's mail through a smarthost before any complaints came in. The mail logs for that morning did show a number of rejections though.

My IPs have level 2 SPEWS listings, is that a reason for concern?

Yes, particularly when your provider's listings look like this:
http://spews.org/html/S1025.html

Would you switch providers or request a set of clean IPs if your IPs have level 2 SPEWS listings?

I think this depends completely on you - your level of comfort with providing your clients with what are essentially compromised IPs, your personal level of opposition to spam, etc..., as well as your provider's overall history wrt spam issues.

If I were in your position, I'd probably look for another provider based on both the length and number of this one's listings. If, otoh, this were an isolated incident, I would (and have in the past) asked for clean IPs.

best of luck.

-B

What I really hate is.. when you have a customer sign up.. all looks good.. then tries to send out a bunch of spam. One person complains, and now the only way to remove the listing is pay a $50.00 fee?

No thanks...

SPEWS is defunct and should be put to rest. However I think spamcop and spamhaus really need to step up with their listing process.

Originally posted by VapoRub
I Second that.

No kidding.
SPEWS is really arbitrary in how they blacklist things.
They'll blacklist things that are in no way shape or form related to spam.
Heck, they've spamassassin.org, what a bunch of nutters.