kimo.in 紧急通知

通知, 紧急

之前为了贪图方便丶节省审核的时间

使用快速申请马上开通主机的自动化软体

却也招致严重的後果

2009/06/22

主机商来信表示

有人向FBI检举，某个kimo.in子域被当成钓鱼网站，并发送大量广告信件

这在美国是很严重的犯罪

当天紧急将该网站暂停并保存证据

隔天也暂时关闭自动化软体，先观察一阵子

原以为是事件已经平息

2009/07/04

主机商再度来信表示

机房收到surbl.org的通知

kimo.in 域名&ip都被加入禁止名单 = 黑掉了

目前主机已被机房强制下线

恢复时间无法预测

因此 kimo.in 空间服务全部暂停

待寻求主机商协助

机房原文

Spam source listings/AUP Violation (76.73.100.82)

You are receiving this complaint because the following IPs are listed on the spam blackhole lists reported below. Below the listings, I have included information on what these blackhole lists report as well as links to more information to help you in resolving these issues. It is quite likely Please respond on how you will correct these issues within 48 hours or else we will have to null route the ip(s) in question. Further complaints, without action may result in deactivation of your server.

---

Primary IP: 76.73.100.82
76.73.100.82: server.kimo.in - kimo.in.multi.surbl.org (127.0.0.8): 8 = Surbl Phishing Site
76.73.100.83: server.kimo.in - kimo.in.multi.surbl.org (127.0.0.8): 8 = Surbl Phishing Site
76.73.100.84: server.kimo.in - kimo.in.multi.surbl.org (127.0.0.8): 8 = Surbl Phishing Site
76.73.100.85: server.kimo.in - kimo.in.multi.surbl.org (127.0.0.8): 8 = Surbl Phishing Site
76.73.100.86: server.kimo.in - kimo.in.multi.surbl.org (127.0.0.8): 8 = Surbl Phishing Site
---

For any SpamHaus listing, please follow the link included in the complaint to see the official SpamHaus report that generated this complaint, which will have a link with further information on how to get this listing removed.

For Surbl listings, you will need to remove the offending domain name from your servers' forward and reverse DNS listings, and make sure that any mailservers you have running do not advertise a banner which identifies to any domain which has a reverse DNS listing on multi.surbl.org

A SpamCop listing indicates message-body web sites processed from SpamCop (http://www.spamcop.net/) URI reports, also known as "spamvertised" (http://www.spamcop.net/w3m?action=inprogress&type=www) web sites. The reports are not used directly, but are subject to extensive processing. Entries expire automatically several days after the SpamCop reports decrease. Note that this list is not the same as bl.spamcop.net, which is a list of mail sender IP addresses found in message headers.

A SpamAssassin listing has records from Bill Stearns' SpamAssassin ruleset sa-blacklist (http://www.stearns.org/sa-blacklist/), plus some other manual lists. Bill's policy for inclusion and cleaning of the sa-blacklist (http://www.stearns.org/sa-blacklist/README.policy) is quite sound, though it differs somewhat from some of the other SURBLs.

Outblaze (http://www.outblaze.com/) is kindly providing their internal URI blacklist which is published as ob.surbl.org. The list is detecting about 70% of unsolicited messages with about 0.03% false positives. Outblaze describes the data as coming from message body analysis and from user reports. SURBL applies additional policies to its version of the Outblaze URI data that are published as ob.surbl.org. The user reports are also used, but not directly.

AbuseButler (http://www.abusebutler.com/) is kindly providing its Spamvertised Sites which have been most often reported over the past 7 days. The philosophy and data processing methods are similar to the sc.surbl.org data, and the results are similar, but not identical. Data sources for AbuseButler include SpamCop and native AbuseButler reporting.

The Anti-Phishing Working Group (http://www.antiphishing.org/) has a good definition of phishing on their web site. Phishing and malware data from multiple sources are included in the ph Phishing data source. These include data from MailSecurity (http://www.mailsecurity.net.au/), MailPolice (http://rhs.mailpolice.com/#rhsfraud), PhishTank (http://www.phishtank.com/), http://www.malwaredomains.com/, and http://www.malware.com.br/

Joe Wein's jwSpamSpy program (http://www.joewein.de/sw/jwSpamSpy/) forms the basis of the jwSpamSpy data, being used both by Joe's own systems and also Raymond Dijkxhoorn and his colleagues at Prolocation. Prolocation is processing more than 300,000 likely unsolicited messages per day using jwSpamSpy plus their own policies and adding them to Joe's data. The resulting list has a very good detection rate around 80% and a very low false positive rate around 0.01%.

*** NOTE that these may not be the only blacklists your servers IP or domain information is listed on. You are getting this report as part of a preliminary network scan that we do to maintain our reputation as an ISP and try to make sure that our network is not listed on any spam blackholes. We encourage our customers to be proactive and track their own activities in order to stay off these lists. Section 8 of the AUP clearly specifies that "A Subscriber hosting websites or services on Subscriber’s server supporting spammers or resulting in any of FDC’s IP space to be listed in any of the various Spam Databases or black hole lists will have its service immediately disconnected."

Thanks for your cooperation.