Results 1 to 25 of 35
Thread: How to fight SORBS
-
05-20-2005, 03:13 AM #1Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
How to fight SORBS
I think we all agree that spam is bad and we need to fight it. But this SORBS thing is worse than spam. They've closed down my site for the last 2 weeks, bringing down my customer level to -90%.
I use Wanadoo France (not world's most proactive isp) and host my own server. All my ports are closed except 2, and they are secure. I ahve no SMTP running, no POP, no IMAP, just http !!
According to SORBS, I'm on a dynamic IP address, which is wrong, it's static. But Wanadoo don't do reverse DNS, so the address at the end of my IP results in an internal name. So for SORBS I use a dynamix IP address, end of story, no discussion.
Wanadoo are not going to change their internal policies, SORBS is not going to change their limited view of the world.
I'l just within the accepted percentage of casulaties. I have to declare bankrupt, and have no recourse. I spent 3 years fighting to get the site where it was nwo, and finally starting to breakeven, and now it's dead.
SORBS wants to kill the patient in order to cure it. That seems to be their position. No prisoners. If there's no body running website on the internet, then there's no spam, therefore, they've won !!
Why is SORBS so powerful ?? Why are the ISPs listening to them ?? And what can be done so other sites like mine do go out of business ?? Is there an ANTI-SORBS organization out there ???
How many of you have been hit by these folks ?? Is it not time to organize and get things moving ??
-
05-20-2005, 03:25 AM #2Web Hosting Master
- Join Date
- Apr 2002
- Location
- USA
- Posts
- 5,783
How has sorbs closed down your site?
Sorry I do not understand they are mail black list how has that affected your site other than a few people not being able to get your email?
-
05-20-2005, 03:50 AM #3Junior Guru
- Join Date
- Apr 2005
- Posts
- 207
SORBs sounds more and more like a bunch of people out to extort. I know for a fact that a few former spammers got together with new identities to start up a blacklist group so they could charge people to be removed- it might not be as big as everyone else though, they weren't when I was being told about it.
So far I have not needed to make 31 posts thanks to the search function.
-
05-20-2005, 03:55 AM #4Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by Techark
How has sorbs closed down your site?
Sorry I do not understand they are mail black list how has that affected your site other than a few people not being able to get your email?
So SORBS has blacklisted my IP, and now all those ISPs that use their "service", block people from accessing my website.
Again, to make sure everyone understands, there no email involved !! It's SORBS procedure that says if there's a server, any kind (even no smtp servers) sitting on a suspected dynamic IP address, you go on the list !!!
-
05-20-2005, 03:59 AM #5Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by Muzzleflash
SORBs sounds more and more like a bunch of people out to extort. I know for a fact that a few former spammers got together with new identities to start up a blacklist group so they could charge people to be removed- it might not be as big as everyone else though, they weren't when I was being told about it.
They have not asked me for any donations to get out of this. They just don't budge. I'm blocked, end of story.
Same within Wanadoo France. They say, since I'm hosting my own server, and have a fixed IP address, it doesn't mean that they'll change their systems to put my domain in the reverse DNS.
And changing ISP at this time is not an option since it would involve too much time and money.
-
05-20-2005, 04:21 AM #6Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
Ask your provider to delegate the IPs to you, you can then reverse on your own.
-
05-20-2005, 04:25 AM #7Web Hosting Master
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,569
or change your provider and move your site?
-
05-20-2005, 04:35 AM #8Junior Guru
- Join Date
- May 2003
- Location
- Bayreuth, Bavaria, Germany
- Posts
- 175
I can't believe that SORBS (or any other DNS-based black list) is used to block anything else than SMTP (receiving mails from black listed hosts)!
If so, and you're saying you don't use mail, either the blocking ISPs are doing wrong, or there might be an other technical fault (since routers or transparent proxies would have to implement a dynamic SORBS-based blocking, that's untypical!) ...
Either way, why don't you move your website to an other provider?
Michael
-
05-20-2005, 04:44 AM #9Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by boonchuan
Ask your provider to delegate the IPs to you, you can then reverse on your own.
-
05-20-2005, 04:48 AM #10Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by m-b
I can't believe that SORBS (or any other DNS-based black list) is used to block anything else than SMTP (receiving mails from black listed hosts)!
If so, and you're saying you don't use mail, either the blocking ISPs are doing wrong, or there might be an other technical fault (since routers or transparent proxies would have to implement a dynamic SORBS-based blocking, that's untypical!) ...
Either way, why don't you move your website to an other provider?
Michael
Moving ISP is a problem here. I've been on the phone to several. The 2nd largest doesn't offer fixed IP addresses. The 3rd is OK with IP, I would need to switch to ADSL2. But I need to change a lot of my site since ti was set up to use Wanadoo storage for all photos, in an effort to speed the site up. That would have to be redone.
-
05-20-2005, 05:04 AM #11Web Hosting Guru
- Join Date
- Jul 2002
- Location
- Kolding, Denmark
- Posts
- 292
Looks like a network problem to me:
traceroute to 80.13.213.24 (80.13.213.24), 30 hops max, 38 byte packets
1 195.41.114.1 (195.41.114.1) 2.563 ms 2.103 ms 1.593 ms
2 atm2-0-1061207.kd4nxx16.ip.tele.dk (80.164.176.165) 12.902 ms 7.798 ms 9.414 ms
3 ge1-2-7.1000M.kd4nxg4.ip.tele.dk (80.63.83.65) 9.894 ms 6.876 ms 12.374 ms
4 so-0-3-1.622M.kd4nxu1.ip.tele.dk (83.88.13.33) 10.379 ms 8.918 ms 9.850 ms
5 pos2-0.2488M.kd4nxg2.ip.tele.dk (195.249.6.141) 9.381 ms 8.540 ms 9.720 ms
6 pos5-0.2488M.asd9nxg1.ip.tele.dk (83.88.3.58) 28.381 ms 21.850 ms 20.452 ms
7 Gi7-1.amsbb1.Amsterdam.opentransit.net (193.251.254.9) 20.035 ms 23.906 ms 19.975 ms
8 * * *
9 PO1-0.pascr3.Paris.opentransit.net (193.251.128.222) 128.974 ms 143.536 ms 127.456 ms
10 * * *
11 * * *
12 * * *
PING 80.13.213.24 (80.13.213.24) from 195.41.114.29 : 56(84) bytes of data.
--- 80.13.213.24 ping statistics ---
9 packets transmitted, 0 received, 100% loss, time 8035msBest regards,
Anders C. Madsen
Golden Planet Support - http://www.goldenplanet.com
-
05-20-2005, 05:06 AM #12Junior Guru
- Join Date
- May 2003
- Location
- Bayreuth, Bavaria, Germany
- Posts
- 175
I have no problem in accessing your site!
-
05-20-2005, 05:52 AM #13Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
I can access your site from Singapore using Singnet.
Everything looks fine here
Originally posted by goldenplanet
Looks like a network problem to me:
traceroute to 80.13.213.24 (80.13.213.24), 30 hops max, 38 byte packets
1 195.41.114.1 (195.41.114.1) 2.563 ms 2.103 ms 1.593 ms
2 atm2-0-1061207.kd4nxx16.ip.tele.dk (80.164.176.165) 12.902 ms 7.798 ms 9.414 ms
3 ge1-2-7.1000M.kd4nxg4.ip.tele.dk (80.63.83.65) 9.894 ms 6.876 ms 12.374 ms
4 so-0-3-1.622M.kd4nxu1.ip.tele.dk (83.88.13.33) 10.379 ms 8.918 ms 9.850 ms
5 pos2-0.2488M.kd4nxg2.ip.tele.dk (195.249.6.141) 9.381 ms 8.540 ms 9.720 ms
6 pos5-0.2488M.asd9nxg1.ip.tele.dk (83.88.3.58) 28.381 ms 21.850 ms 20.452 ms
7 Gi7-1.amsbb1.Amsterdam.opentransit.net (193.251.254.9) 20.035 ms 23.906 ms 19.975 ms
8 * * *
9 PO1-0.pascr3.Paris.opentransit.net (193.251.128.222) 128.974 ms 143.536 ms 127.456 ms
10 * * *
11 * * *
12 * * *
PING 80.13.213.24 (80.13.213.24) from 195.41.114.29 : 56(84) bytes of data.
--- 80.13.213.24 ping statistics ---
9 packets transmitted, 0 received, 100% loss, time 8035ms
-
05-20-2005, 05:58 AM #14Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
You may like to take note of the below reports on your DNS
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
ns8.san.yahoo.com.
ns9.san.yahoo.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
Also
WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: no-dyn-updates.san.yahoo.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.
and
ERROR: One or more of your mailservers does not accept mail to postmaster@motorbiker.org. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
mail1.wss.vip.scd.yahoo.com's postmaster response: >>> RCPT TO:<postmaster@motorbiker.org> <<< 550 5.0.0 ... RCPT TO: User unknown
and
WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common.
WARNING: mail1.wss.vip.scd.yahoo.com appears to be an open relay: 250 2.1.5 ... Recipient ok
-
05-20-2005, 06:02 AM #15Aspiring Evangelist
- Join Date
- Feb 2002
- Location
- Perth, Western Australia
- Posts
- 378
Your website is VERY VERY SLOW to access
Is it on Dialup?Luke
oh yeah...
-
05-20-2005, 07:21 AM #16Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
Originally posted by Selpaw
Your website is VERY VERY SLOW to access
Is it on Dialup?
Maybe people are not visiting because it takes so long to connect. I left the window open for 30 seconds and did not get anything, it sounds like a network issue. Few people on broadband will have the patience to wait for much more then 5-10 seconds for a page to load unless they really want that pages content.John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-20-2005, 07:35 AM #17WHT Addict
- Join Date
- Nov 2004
- Location
- Marietta PA
- Posts
- 138
Ourcompany owns their own circuits and we dont use sorbes yet I can not get to your site. the trace routes look like missing hopes and pings are in the 400 ms plus range. I work for a large healcare provider and our pipe is extreemly large usally allowing me to dl 2 to 3 gig files in under 5 minutes. So I believe you are having network issues.
Digital Offensive
http://www.digitaloffensive.com
Take an offensive approach to Security know what your foes know!
-
05-20-2005, 08:57 AM #18Web Hosting Master
- Join Date
- Jan 2003
- Location
- Lake Arrowhead, CA
- Posts
- 789
Originally posted by Mike Werner
SORBS has blacklisted my IP, and now all those ISPs that use their "service", block people from accessing my website.
The problem would appear to be your provider or local hardware, not SORBS.http://www.srohosting.com
Stability, redundancy and peace of mind
-
05-20-2005, 12:08 PM #19Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by boonchuan
You may like to take note of the below reports on your DNS
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
ns8.san.yahoo.com.
ns9.san.yahoo.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
Also
WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: no-dyn-updates.san.yahoo.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.
and
ERROR: One or more of your mailservers does not accept mail to postmaster@motorbiker.org. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
mail1.wss.vip.scd.yahoo.com's postmaster response: >>> RCPT TO:<postmaster@motorbiker.org> <<< 550 5.0.0 ... RCPT TO: User unknown
and
WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common.
WARNING: mail1.wss.vip.scd.yahoo.com appears to be an open relay: 250 2.1.5 ... Recipient ok
Thanks. Most useful. I'l forward it to Yahoo and see what they say.
-
05-20-2005, 12:11 PM #20Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by Selpaw
Your website is VERY VERY SLOW to access
Is it on Dialup?
I have people who can see if with no problems, some who say it's so slow it times out and some who can't get through at all. But at least they are consistent. If one ISP lets people through, than they all get through.
-
05-20-2005, 12:15 PM #21Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
So it sounds like a routing issue. DSL is not really meant to be used for hosting at all and has a pretty bad upload (depending on what type you have). I think it is just a matter of your ISP not having a very good routing configuration to the rest of the world.
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-20-2005, 12:19 PM #22Newbie
- Join Date
- May 2005
- Location
- Normandy, France
- Posts
- 18
Originally posted by eth00
So it sounds like a routing issue. DSL is not really meant to be used for hosting at all and has a pretty bad upload (depending on what type you have). I think it is just a matter of your ISP not having a very good routing configuration to the rest of the world.
Uplaod is 380 K going to 1 M shortly, unless I change ISP.
-
05-20-2005, 12:42 PM #23Aspiring Evangelist
- Join Date
- Mar 2004
- Location
- Chicago, IL
- Posts
- 390
Re: How to fight SORBS
Originally posted by Mike Werner
I use Wanadoo France (not world's most proactive isp) and host my own server. All my ports are closed except 2, and they are secure. I ahve no SMTP running, no POP, no IMAP, just http !!
It almost sounds like you are trying to make this more difficult than it needs to be. Is there a particular reason you *have* to have it on your own machine on your DSL?
-
05-20-2005, 01:18 PM #24Web Hosting Master
- Join Date
- Nov 2001
- Location
- The South
- Posts
- 5,408
Your site is slow, not just slow but INSANE slow. Here is a few points to ponder:
#1 sorrbs is really just an EMAIL blocklist not an ISP blocklist, I don't know of a SINGLE isp that blocks customer access to WEB CONTENT based on EMAIL blocklists, SORBS is not your problem I'll just about lay cash down that they are not responsible for -any- lost traffic to your WEB site.
#2 your site is slow, extremely slow, painful beyond comprehension slow.
#3 move your site, trust me, move it to a server on a network connection that isn't slow like this and I bet you'll be fine, search for a host here on WHT, rent your own dedicated server, whatever, but get your site off your DSL which is obviously SLOW as can be, and onto a real web host.Gary Harris - the artist formerly known as Dixiesys
resident grumpy redneck
-
05-20-2005, 01:27 PM #25Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
DSL is not the way to run a hosting site properly. Just take any shared hosting or if you want more control, a dedicated, there are tons of good ones in WHT, the USA ones are especially cheap and worth it.