The 'spamnation.info' site is currently unusably slow. We're trying to determine if it's another DDoS attack, or something more mundane.
If the site ever comes back enough for me to get to the RSS feeds, I'll try to set up some Feedburner feeds, in the hope of getting some information out that way.
In the meantime, if you're interested in stock spam you might like to look at Qwoter.com's stock spam report, which supplements our data with additional information, including their own 'spam rating'.
Showing posts with label spamnation. Show all posts
Showing posts with label spamnation. Show all posts
Wednesday, May 9, 2007
Sunday, January 21, 2007
Back
spamnation.info is back up again.
It's running a little slowly (probably because our new-found friends haven't forgotten us, and are still eagerly trying to get in) and I still need to sweep up some of the broken glass and scatter sawdust around. However, it's there.
It's possible that it won't stay up. It's very hard to defend against a determined denial-of-service attack, and if the attackers really want it down, they may step up their efforts to the point where our defences are overwhelmed. If that happens, it happens. Let me just say that I think they will find that it isn't in their interests to do that.
The fact that the site is back at all is thanks to the generosity of a number of people who came forward to help out. I won't name them here, but they know who they are and they know how much they did to make this possible.
So, a big thank-you to them, and a big thank-you to all of you who came to this blog and wrote messages of support. Let us know what we can do to make the site better, and remember to tell your friends and family the golden rule: Don't buy from spammers.
It's running a little slowly (probably because our new-found friends haven't forgotten us, and are still eagerly trying to get in) and I still need to sweep up some of the broken glass and scatter sawdust around. However, it's there.
It's possible that it won't stay up. It's very hard to defend against a determined denial-of-service attack, and if the attackers really want it down, they may step up their efforts to the point where our defences are overwhelmed. If that happens, it happens. Let me just say that I think they will find that it isn't in their interests to do that.
The fact that the site is back at all is thanks to the generosity of a number of people who came forward to help out. I won't name them here, but they know who they are and they know how much they did to make this possible.
So, a big thank-you to them, and a big thank-you to all of you who came to this blog and wrote messages of support. Let us know what we can do to make the site better, and remember to tell your friends and family the golden rule: Don't buy from spammers.
Thursday, January 18, 2007
Some people just don't give up
As an experiment, I tried rolling 'spamnation.info' over to a new location today.
The botnet that has been assigned to DDoS the site is obviously still locked on target, because the host is getting massively hit and the site is effectively unreachable.
This is a setback, but probably not a permanent one. There are always alternatives.
Incidentally, it occurs to me that this would be a great way to map a botnet. If there are any ISPs out there who'd like to know which of their customer machines are compromised, I can give them a pretty good list. telia.com and wanadoo.nl, are you listening?
And if the botnet operator running the attack is reading this, like the man says in the song:
The botnet that has been assigned to DDoS the site is obviously still locked on target, because the host is getting massively hit and the site is effectively unreachable.
This is a setback, but probably not a permanent one. There are always alternatives.
Incidentally, it occurs to me that this would be a great way to map a botnet. If there are any ISPs out there who'd like to know which of their customer machines are compromised, I can give them a pretty good list. telia.com and wanadoo.nl, are you listening?
And if the botnet operator running the attack is reading this, like the man says in the song:
Send a message to your masters,
Tell them "Nothing's over yet."
Saturday, January 13, 2007
It's not just you
I've now heard about three several other anti-spam sites that were taken down by DDoS attacks yesterday. It seems that this was a coordinated attempt to sweep anti-spam projects off the Internet.
This shouldn't really come as a surprise. Back when Pharmamaster and Blue Security were fighting it out - Pharmamaster won - I wrote a post on spamnation.info that said:
It's no fun to be right all the time.
This shouldn't really come as a surprise. Back when Pharmamaster and Blue Security were fighting it out - Pharmamaster won - I wrote a post on spamnation.info that said:
Pharmamaster and his friends have shown their strength and demonstrated how far they are prepared to go to protect their spam business. Any other anti-spam initiative that seems to be effective could just as easily be next.
It's no fun to be right all the time.
Friday, January 12, 2007
The DDoS Diaries
My (otherwise wonderful) girlfriend has one habit that drives me to distraction. From time to time she will say, in a thoughtful tone of voice, "So ...". I stop thinking about whatever I was thinking about and start paying attention, waiting for her to go on.
Nothing. Silence. She just leaves her "So ..." hanging there in mid-air.
You can do that to computers too. It forms the basis of a kind of attack known as a SYN flood attack, which is one variety of distributed denial of service (DDos) attack. The attacking computers send a SYN(chronize) signal to the target, which responds with the computer equivalent of "Uh-huh" and waits for a reply to complete the connection. The reply never comes. Instead, the attacker sends more SYN signals. Or 'attackers', because there are usually very many of them. If enough attacking machines hit the target together, the target will almost inevitably go down.
Today, a distributed denial of service attack took down the anti-spam information website spamnation.info. The site was almost certainly attacked because it published information that was intended to help victims of spam. This included a regularly-updated database of spam-advertised stocks, a list of 'frequently-asked questions' about stock spam, a database of domains advertised by spam and other miscellaneous information. Apparently this displeased certain people to the point that they used a botnet to knock the site offline.
The identity of the attackers is unknown. Perhaps the most likely candidates are the spammers behind the recent wave of spam advertising penny stocks that has been flooding everyone's inboxes. The senders of this type of spam are known to use botnets to distribute their material, and they are suspected to have links to a spammer known as Pharmamaster who was allegedly responsible for taking down the Israeli company Blue Security with a sustained DDoS attack. However, there are plenty of other possibilities as well: I'd recently written on the site about the networks of spammers promoting 'mainstream' companies in the United States, and the site also contained a good deal of information about presumed Russian scammers operating 'money transfer' scams. None of these people are particularly eager to have their activities discussed in public.
I'm the webmaster of spamnation.info. I'm starting this site as a temporary alternative while I decide whether I can put the site back online and, if so, how. I'd welcome comments, reactions, and anything else - except more spam.
Nothing. Silence. She just leaves her "So ..." hanging there in mid-air.
You can do that to computers too. It forms the basis of a kind of attack known as a SYN flood attack, which is one variety of distributed denial of service (DDos) attack. The attacking computers send a SYN(chronize) signal to the target, which responds with the computer equivalent of "Uh-huh" and waits for a reply to complete the connection. The reply never comes. Instead, the attacker sends more SYN signals. Or 'attackers', because there are usually very many of them. If enough attacking machines hit the target together, the target will almost inevitably go down.
Today, a distributed denial of service attack took down the anti-spam information website spamnation.info. The site was almost certainly attacked because it published information that was intended to help victims of spam. This included a regularly-updated database of spam-advertised stocks, a list of 'frequently-asked questions' about stock spam, a database of domains advertised by spam and other miscellaneous information. Apparently this displeased certain people to the point that they used a botnet to knock the site offline.
The identity of the attackers is unknown. Perhaps the most likely candidates are the spammers behind the recent wave of spam advertising penny stocks that has been flooding everyone's inboxes. The senders of this type of spam are known to use botnets to distribute their material, and they are suspected to have links to a spammer known as Pharmamaster who was allegedly responsible for taking down the Israeli company Blue Security with a sustained DDoS attack. However, there are plenty of other possibilities as well: I'd recently written on the site about the networks of spammers promoting 'mainstream' companies in the United States, and the site also contained a good deal of information about presumed Russian scammers operating 'money transfer' scams. None of these people are particularly eager to have their activities discussed in public.
I'm the webmaster of spamnation.info. I'm starting this site as a temporary alternative while I decide whether I can put the site back online and, if so, how. I'd welcome comments, reactions, and anything else - except more spam.
Subscribe to:
Posts (Atom)