Page 1 of 2 12 LastLast
Results 1 to 25 of 35
  1. #1
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18

    How to fight SORBS

    I think we all agree that spam is bad and we need to fight it. But this SORBS thing is worse than spam. They've closed down my site for the last 2 weeks, bringing down my customer level to -90%.

    I use Wanadoo France (not world's most proactive isp) and host my own server. All my ports are closed except 2, and they are secure. I ahve no SMTP running, no POP, no IMAP, just http !!

    According to SORBS, I'm on a dynamic IP address, which is wrong, it's static. But Wanadoo don't do reverse DNS, so the address at the end of my IP results in an internal name. So for SORBS I use a dynamix IP address, end of story, no discussion.

    Wanadoo are not going to change their internal policies, SORBS is not going to change their limited view of the world.

    I'l just within the accepted percentage of casulaties. I have to declare bankrupt, and have no recourse. I spent 3 years fighting to get the site where it was nwo, and finally starting to breakeven, and now it's dead.

    SORBS wants to kill the patient in order to cure it. That seems to be their position. No prisoners. If there's no body running website on the internet, then there's no spam, therefore, they've won !!

    Why is SORBS so powerful ?? Why are the ISPs listening to them ?? And what can be done so other sites like mine do go out of business ?? Is there an ANTI-SORBS organization out there ???

    How many of you have been hit by these folks ?? Is it not time to organize and get things moving ??

  2. #2
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,783
    How has sorbs closed down your site?

    Sorry I do not understand they are mail black list how has that affected your site other than a few people not being able to get your email?

  3. #3
    SORBs sounds more and more like a bunch of people out to extort. I know for a fact that a few former spammers got together with new identities to start up a blacklist group so they could charge people to be removed- it might not be as big as everyone else though, they weren't when I was being told about it.
    So far I have not needed to make 31 posts thanks to the search function.

  4. #4
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by Techark
    How has sorbs closed down your site?

    Sorry I do not understand they are mail black list how has that affected your site other than a few people not being able to get your email?
    Simply by blacklisting my IP address. There's no email involved! I don't send email, I don't have smtp enabled on my server. But since my ISP doesn't have a reverse DNS pointing to my domain (motorbiker.org), SORBS is assuming that the IP is dynamic (it's not). And since the ISP doesn't communicate with SORBS, they don't tell them which are their static IPs.

    So SORBS has blacklisted my IP, and now all those ISPs that use their "service", block people from accessing my website.

    Again, to make sure everyone understands, there no email involved !! It's SORBS procedure that says if there's a server, any kind (even no smtp servers) sitting on a suspected dynamic IP address, you go on the list !!!

  5. #5
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by Muzzleflash
    SORBs sounds more and more like a bunch of people out to extort. I know for a fact that a few former spammers got together with new identities to start up a blacklist group so they could charge people to be removed- it might not be as big as everyone else though, they weren't when I was being told about it.
    I don't think they're really trying to extort money, I think they really are trying to fight spam, but I also think that they're not clearheaded about it. They take a heavy hammer approach and start swinging. If innocent people get caught in the crossfire, so be it.

    They have not asked me for any donations to get out of this. They just don't budge. I'm blocked, end of story.

    Same within Wanadoo France. They say, since I'm hosting my own server, and have a fixed IP address, it doesn't mean that they'll change their systems to put my domain in the reverse DNS.

    And changing ISP at this time is not an option since it would involve too much time and money.

  6. #6
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    Ask your provider to delegate the IPs to you, you can then reverse on your own.

  7. #7
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    or change your provider and move your site?

  8. #8
    Join Date
    May 2003
    Location
    Bayreuth, Bavaria, Germany
    Posts
    175
    I can't believe that SORBS (or any other DNS-based black list) is used to block anything else than SMTP (receiving mails from black listed hosts)!
    If so, and you're saying you don't use mail, either the blocking ISPs are doing wrong, or there might be an other technical fault (since routers or transparent proxies would have to implement a dynamic SORBS-based blocking, that's untypical!) ...

    Either way, why don't you move your website to an other provider?

    Michael

  9. #9
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by boonchuan
    Ask your provider to delegate the IPs to you, you can then reverse on your own.
    Wanadoo don't do anything. Least proactive isp. They control their own addressing and reverse DNS.

  10. #10
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by m-b
    I can't believe that SORBS (or any other DNS-based black list) is used to block anything else than SMTP (receiving mails from black listed hosts)!
    If so, and you're saying you don't use mail, either the blocking ISPs are doing wrong, or there might be an other technical fault (since routers or transparent proxies would have to implement a dynamic SORBS-based blocking, that's untypical!) ...

    Either way, why don't you move your website to an other provider?

    Michael
    I'm afraid so. Their db is used apparently by ISPs, and block people from accessing these sites. Try it out. My site (http://motorbiker.org). You'll either be able to access it no problem, or you will not. If you can't access it, you'll find that you can ping and trace it with no problems.

    Moving ISP is a problem here. I've been on the phone to several. The 2nd largest doesn't offer fixed IP addresses. The 3rd is OK with IP, I would need to switch to ADSL2. But I need to change a lot of my site since ti was set up to use Wanadoo storage for all photos, in an effort to speed the site up. That would have to be redone.

  11. #11
    Join Date
    Jul 2002
    Location
    Kolding, Denmark
    Posts
    292
    Looks like a network problem to me:

    traceroute to 80.13.213.24 (80.13.213.24), 30 hops max, 38 byte packets
    1 195.41.114.1 (195.41.114.1) 2.563 ms 2.103 ms 1.593 ms
    2 atm2-0-1061207.kd4nxx16.ip.tele.dk (80.164.176.165) 12.902 ms 7.798 ms 9.414 ms
    3 ge1-2-7.1000M.kd4nxg4.ip.tele.dk (80.63.83.65) 9.894 ms 6.876 ms 12.374 ms
    4 so-0-3-1.622M.kd4nxu1.ip.tele.dk (83.88.13.33) 10.379 ms 8.918 ms 9.850 ms
    5 pos2-0.2488M.kd4nxg2.ip.tele.dk (195.249.6.141) 9.381 ms 8.540 ms 9.720 ms
    6 pos5-0.2488M.asd9nxg1.ip.tele.dk (83.88.3.58) 28.381 ms 21.850 ms 20.452 ms
    7 Gi7-1.amsbb1.Amsterdam.opentransit.net (193.251.254.9) 20.035 ms 23.906 ms 19.975 ms
    8 * * *
    9 PO1-0.pascr3.Paris.opentransit.net (193.251.128.222) 128.974 ms 143.536 ms 127.456 ms
    10 * * *
    11 * * *
    12 * * *

    PING 80.13.213.24 (80.13.213.24) from 195.41.114.29 : 56(84) bytes of data.

    --- 80.13.213.24 ping statistics ---
    9 packets transmitted, 0 received, 100% loss, time 8035ms
    Best regards,

    Anders C. Madsen
    Golden Planet Support - http://www.goldenplanet.com

  12. #12
    Join Date
    May 2003
    Location
    Bayreuth, Bavaria, Germany
    Posts
    175
    I have no problem in accessing your site!

  13. #13
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    I can access your site from Singapore using Singnet.

    Everything looks fine here


    Originally posted by goldenplanet
    Looks like a network problem to me:

    traceroute to 80.13.213.24 (80.13.213.24), 30 hops max, 38 byte packets
    1 195.41.114.1 (195.41.114.1) 2.563 ms 2.103 ms 1.593 ms
    2 atm2-0-1061207.kd4nxx16.ip.tele.dk (80.164.176.165) 12.902 ms 7.798 ms 9.414 ms
    3 ge1-2-7.1000M.kd4nxg4.ip.tele.dk (80.63.83.65) 9.894 ms 6.876 ms 12.374 ms
    4 so-0-3-1.622M.kd4nxu1.ip.tele.dk (83.88.13.33) 10.379 ms 8.918 ms 9.850 ms
    5 pos2-0.2488M.kd4nxg2.ip.tele.dk (195.249.6.141) 9.381 ms 8.540 ms 9.720 ms
    6 pos5-0.2488M.asd9nxg1.ip.tele.dk (83.88.3.58) 28.381 ms 21.850 ms 20.452 ms
    7 Gi7-1.amsbb1.Amsterdam.opentransit.net (193.251.254.9) 20.035 ms 23.906 ms 19.975 ms
    8 * * *
    9 PO1-0.pascr3.Paris.opentransit.net (193.251.128.222) 128.974 ms 143.536 ms 127.456 ms
    10 * * *
    11 * * *
    12 * * *

    PING 80.13.213.24 (80.13.213.24) from 195.41.114.29 : 56(84) bytes of data.

    --- 80.13.213.24 ping statistics ---
    9 packets transmitted, 0 received, 100% loss, time 8035ms

  14. #14
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    You may like to take note of the below reports on your DNS

    FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

    ns8.san.yahoo.com.
    ns9.san.yahoo.com.

    This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

    Also

    WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: no-dyn-updates.san.yahoo.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

    and

    ERROR: One or more of your mailservers does not accept mail to postmaster@motorbiker.org. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
    mail1.wss.vip.scd.yahoo.com's postmaster response: >>> RCPT TO:<postmaster@motorbiker.org> <<< 550 5.0.0 ... RCPT TO: User unknown

    and

    WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common.
    WARNING: mail1.wss.vip.scd.yahoo.com appears to be an open relay: 250 2.1.5 ... Recipient ok

  15. #15
    Join Date
    Feb 2002
    Location
    Perth, Western Australia
    Posts
    378
    Your website is VERY VERY SLOW to access

    Is it on Dialup?
    Luke
    oh yeah...

  16. #16
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Originally posted by Selpaw
    Your website is VERY VERY SLOW to access

    Is it on Dialup?
    ^^

    Maybe people are not visiting because it takes so long to connect. I left the window open for 30 seconds and did not get anything, it sounds like a network issue. Few people on broadband will have the patience to wait for much more then 5-10 seconds for a page to load unless they really want that pages content.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  17. #17
    Join Date
    Nov 2004
    Location
    Marietta PA
    Posts
    138
    Ourcompany owns their own circuits and we dont use sorbes yet I can not get to your site. the trace routes look like missing hopes and pings are in the 400 ms plus range. I work for a large healcare provider and our pipe is extreemly large usally allowing me to dl 2 to 3 gig files in under 5 minutes. So I believe you are having network issues.
    Digital Offensive
    http://www.digitaloffensive.com
    Take an offensive approach to Security know what your foes know!

  18. #18
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    Originally posted by Mike Werner
    SORBS has blacklisted my IP, and now all those ISPs that use their "service", block people from accessing my website.
    It doesn't work that way. Very few public service providers use SORBS at all (not even for SMTP RBLs) and I've never heard of any who use SORBS blacklists at the router/firewall level to block http.

    The problem would appear to be your provider or local hardware, not SORBS.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  19. #19
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by boonchuan
    You may like to take note of the below reports on your DNS

    FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

    ns8.san.yahoo.com.
    ns9.san.yahoo.com.

    This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

    Also

    WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: no-dyn-updates.san.yahoo.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

    and

    ERROR: One or more of your mailservers does not accept mail to postmaster@motorbiker.org. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
    mail1.wss.vip.scd.yahoo.com's postmaster response: >>> RCPT TO:<postmaster@motorbiker.org> <<< 550 5.0.0 ... RCPT TO: User unknown

    and

    WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common.
    WARNING: mail1.wss.vip.scd.yahoo.com appears to be an open relay: 250 2.1.5 ... Recipient ok
    boonchuan
    Thanks. Most useful. I'l forward it to Yahoo and see what they say.

  20. #20
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by Selpaw
    Your website is VERY VERY SLOW to access

    Is it on Dialup?
    No, it's on a DSL line. But that's the issue, it looks slow, but nothing should appear. But then someone else can see it at highspeed, it depends on the ISP you're using.

    I have people who can see if with no problems, some who say it's so slow it times out and some who can't get through at all. But at least they are consistent. If one ISP lets people through, than they all get through.

  21. #21
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    So it sounds like a routing issue. DSL is not really meant to be used for hosting at all and has a pretty bad upload (depending on what type you have). I think it is just a matter of your ISP not having a very good routing configuration to the rest of the world.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  22. #22
    Join Date
    May 2005
    Location
    Normandy, France
    Posts
    18
    Originally posted by eth00
    So it sounds like a routing issue. DSL is not really meant to be used for hosting at all and has a pretty bad upload (depending on what type you have). I think it is just a matter of your ISP not having a very good routing configuration to the rest of the world.
    Could be, but I've been running it for 3 years with no problems. And suddenly SORBS blacklists me on the day my readers can access me.

    Uplaod is 380 K going to 1 M shortly, unless I change ISP.

  23. #23
    Join Date
    Mar 2004
    Location
    Chicago, IL
    Posts
    390

    Re: How to fight SORBS

    Originally posted by Mike Werner
    I use Wanadoo France (not world's most proactive isp) and host my own server. All my ports are closed except 2, and they are secure. I ahve no SMTP running, no POP, no IMAP, just http !!
    If you are just hosting websites, you should consider looking into a shared webhosting account, a reseller account or a dedicated server (if you need that much power and can afford it). Webhosting accounts come pretty cheap and will generally give you much better performance than DSL for serving, and should solve your SORBS problems.

    It almost sounds like you are trying to make this more difficult than it needs to be. Is there a particular reason you *have* to have it on your own machine on your DSL?

  24. #24
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,408
    Your site is slow, not just slow but INSANE slow. Here is a few points to ponder:

    #1 sorrbs is really just an EMAIL blocklist not an ISP blocklist, I don't know of a SINGLE isp that blocks customer access to WEB CONTENT based on EMAIL blocklists, SORBS is not your problem I'll just about lay cash down that they are not responsible for -any- lost traffic to your WEB site.

    #2 your site is slow, extremely slow, painful beyond comprehension slow.

    #3 move your site, trust me, move it to a server on a network connection that isn't slow like this and I bet you'll be fine, search for a host here on WHT, rent your own dedicated server, whatever, but get your site off your DSL which is obviously SLOW as can be, and onto a real web host.
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  25. #25
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    DSL is not the way to run a hosting site properly. Just take any shared hosting or if you want more control, a dedicated, there are tons of good ones in WHT, the USA ones are especially cheap and worth it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •