Suspect Arrested In Spamhaus DDoS Attack 95
New submitter apenzott writes "According to the BBC, a Dutch citizen has been arrested by Spanish police who suspect he was behind the recent Spamhaus DDOS attack, one of the biggest such attacks ever. 'The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.' According to a press release from the Dutch Public Prosecutor (Google translation of Dutch original), the 35-year-old man's computers and other devices have been seized as evidence. The man will be transferred from Spain to the Netherlands shortly. 'Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and the way they have worked with us,' said a Spamhaus spokesman."
considering (Score:1, Insightful)
there was no copyright infringement, I'm surprised anything happened with this.
Re: (Score:1)
He couldn't keep his mouth shut so they came to get him. He was very vocal about requesting Anonymous to help attack Spamhaus for deciding what should and shouldn't be on the internet.
I bet he shuts his trap now.
Re: (Score:2)
for deciding what should and shouldn't be on the internet.
Spamhaus does not decide what should and what should not be on the internet. Spamhaus merely maintains an advisory list which network administrators choose to implement. If you don't like what your network administrator chooses to filter, you are free to host your own mailserver and accept whatever spam you wish.
I don't necessarily agree with Spamhaus and their policies, and I operate my own mailservers. However, your statement is simply not true.
Re: (Score:2)
Let's not forget the blatant hypocrisy of launching a DDoS in response to perceived censorship.
Hangin's too good for him (Score:4, Insightful)
Re:Hangin's too good for him (Score:5, Interesting)
I wonder just how much of the world's spam went through this scumbag. I'm hoping for a downturn in spam volume as this outfit is closed down.
Re: (Score:2)
Re:Hangin's too good for him (Score:5, Interesting)
I've already had a big downturn--the news item elicited me to investigate my settings, and I found I wasn't using spamhaus properly... Now I am... Kind of an analogue to the Streisand effect...
Re: (Score:2)
zen.spamhaus.org replaces sbl-xbl.spamhaus.org in most configurations. If you are currently using sbl-xbl.spamhaus.org you should replace sbl-xbl.spamhaus.org with zen.spamhaus.org.
http://www.spamhaus.org/zen/ [spamhaus.org]
Re: (Score:2)
You should also replace sendmail with postfix. I used sendmail back when I had to edit it myself because early implementations were weird. And it was good for that. Now it's just an exercise in masochism. I've always imagined that's what the M in m4 stands for.
Any sysadmin with experience wouldn't touch the .m4 (or the newer .mc) files with a ten foot patch cable. Instead, one would put in place a known good .cf file and adjust it to fit the host.
Hehe, happened to me years ago (Score:2)
I was talking to some smalltime hosters and they were bitching about how much spamhaus was hurting them by blocking ip's they had rented out to these high paying east europeans... basically it was one long sales pitch FOR spamhaus because as a non-spammer and hosting with reputable companies, spamhaus is for me a savior and provides zero hassle.
It is basically like listening as a non-smoker to smokers bitch about how all the anti-smoking laws are making their lives miserable. Wheee! So the laws do work aft
Re: (Score:2)
Re: (Score:2)
So what you're saying is.... Spamhaus works!
Re: (Score:2)
an ISP whom I have a range with once sold an adjacent block to a spammer, who got it listed on Spamhaus. Spamhaus blocked the /27, which included the top end of my range
Change your ISP
Re: (Score:2)
AC @ 6:40 wrote :-
an ISP whom I have a range with once sold an adjacent block to a spammer, who got it listed on Spamhaus. Spamhaus blocked the /27, which included the top end of my range
Change your ISP
That's not a practical option for a great many locations... If you're in a data center your choices are whatever telcos they have available, or you can pay out of pocket to "build-in" somebody else, but that's usually cost prohibitive.
The problem I have with spamhaus is that they do shit like this all the time. All. The. Time. We took on a client who switched to a well-known, Tier 1 ISP from their "cruddy" local service because their "low-life" ISP couldn't give them enough IP space. They got assigned a /24
Re: (Score:2)
I have domains hosted with Jumba an Australian hosting provider and whilst they seem to be constantly improving there security to stop this (to the point where it is extremely annoying) it still keeps happening a
Re: (Score:2)
Find yourself a better provider. Most people have never been blocked, and you've been collaterally damaged multiple times? Why would you stick with those cowboys?
Re: (Score:2)
Find yourself a better provider. Most people have never been blocked, and you've been collaterally damaged multiple times? Why would you stick with those cowboys?
This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth. Where is he going to find a provider that doesn't use shared IPs? Please don't say "IPv6"--there are a host of other problems that go along with that "solution" to make it a non-starter.
How about, instead, spamhaus takes a little care and due dilligence when it lists addresses? Maybe put in a system so that providers who are policing their environments can
Re: (Score:2)
This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth.
Then why, in the last 15 years of having a domain, have I never been blocked, hmm? When he's been blocked multiple times. Don't have an answer for that, do you? Idiot.
Re: (Score:2)
This advice is condescending and stupid. The problem isn't the provider: They're using shared IPs for hosted accounts, just like everybody else on earth.
Then why, in the last 15 years of having a domain, have I never been blocked, hmm? When he's been blocked multiple times. Don't have an answer for that, do you? Idiot.
Stupid people usually have the least creative insults. Certainly, I doubt I'll be able to craft a response as pithy and intelligent as yours was childish and asinine, and I could certainly never hope to reach the level of condescension you seem to exist at.
But I might suggest you've simply been lucky. In truth, you have zero control over what other people choose to do with their hosting accounts on the shared server where yours is. And, in fact, contrary to your asinine, childish attitude, that somehow, it
Re: (Score:2)
This advice is condescending and stupid....
Stupid people usually have the least creative insults.
Hoist on your own petard. Idiot.
I haven't been "lucky". I have a reputable ISP. I've had the service I can reasonably expect. Now of course it is possible to be unlucky, and get blocklisted. But not to be unlucky and get blocklisted as a regular occurrence, as the original poster had.
If you've also been as "unlucky" as him, then you also have a shit ISP. And it may be making you cranky. Or perhaps considering this: "or somebody who reflexively reports all spam because they're, you know, pathetic and obsesse
Re: (Score:2)
Or perhaps considering this: "or somebody who reflexively reports all spam because they're, you know, pathetic and obsessed" you are a spammer yourself, and that's why you're being a jerk.
LMFAO! "She's a witch!" If it makes me a jerk to expose your opinionated nonsense for the tripe it is, then so be it.
No, dipshit: I manage a very-large email hosting environment comprising >15,000 domains and >150,000 mailboxes. My public MXs accept roughly 2 million messages per weekday, and reject about 10 times that amount. I completely understand the problem of spam, to a depth that would leave you in tears if I could reveal it all to you in one breath.
My point here is this: Spam sucks, but a cert
Re: (Score:2)
I have a reputable ISP.
Here's another meme from the "Your ISP sucks" asswipes: That somehow John Q. Air Conditioner Repairman Company has any idea how to tell if his ISP is "reputable" or not. They know nothing about email: They're buying a service and expect it to work, they have no frame of reference to even guess at the issues we're discussing here. ...And I'm an idiot ? Puh-lease.
Run along now, junior: Your 25-user exchange 2003 box is calling. I think your backup failed.
Re: (Score:2)
I manage a very-large email hosting environment comprising >15,000 domains and >150,000 mailboxes.
So I guessed right. You are a spammer.
Re: (Score:2)
As a developer, I'm quite amused at a spam hosting admin trying to be patronising. Maybe if you'd done better at school...
Re: (Score:1)
I think mother nature already gave him justice, google for his photo
Re: (Score:1)
Re: (Score:1)
I think mother nature already gave him justice, google for his photo
Oy my ... that's one hell of a unibrow. Doesn't he send out spam that specifically addresses that issue? He should click on some of them.
Re: (Score:2)
Fuck you.
The Internet needs organizations like CyberBunker.
...Like it needs another hole in the head.
Re: (Score:2)
Re: (Score:2)
It needs another shithead that thinks the net should be unregulated except for free services that block unwanted content?
Re: (Score:1)
An infected machine in my network got our company on the XBL the morning the DDOS started.
But all I knew was I was blacklisted by spamhaus. Didn't know why.
And couldn't find out for 3 days during the attack. Couldn't apply for de-listing either.
And to top it all off, /. was too busy talking about sxsw to mention the ddos until it was over.
Amazing times we live in, gentlemen!
Re: (Score:2)
Improve your setup. The only machines on my network that can send anything out to port 25 on the internet are dedicated mailers.
Re: (Score:2)
Uhm... http://www.spamhaus.org/lookup/ [spamhaus.org] If you're in the XBL, it'll tell you which list comprising the XBL you're in. Usually that means the CBL, which has a fairly instant delist process for listings, unless the problem keeps coming back.
Re: (Score:2)
Unless their whole domain is under DDOS.
In which case you can't check the website or use the delist process!
Re: (Score:2)
Re: (Score:2)
That doesn't make any sense: Spamhaus only charges money to services that subscribe to their lists (that is, actual customers). They don't charge anything for de-listing.
Re: (Score:2)
Re:Hangin's too good for him (Score:4, Informative)
An infected machine in my network got our company on the XBL the morning the DDOS started.
Please stop being lazy and inconsiderate, add the two firewall rules to your router to stop attacking the internet.
Allow outbound dest port 25 from your mail servers IP.
DENY outbound dest port 25 (from everything else)
You wouldn't have that problem, that infection wouldn't be attacking all of our systems, and you wouldn't be making such stupid comments about a blacklist that rightfully listed you.
Re: (Score:2)
An infected machine being seen talking to a botnet is enough to get you on the XBL.
We were blocked for THAT. Not for any spamming. We DO block all port 25 except from the SMTP servers.
Maybe instead of being an insulting douche, know what the fuck you are talking about.
http://www.spamhaus.org/faq/section/Spamhaus%20XBL#37 [spamhaus.org]
It turned out to be an infected machine on a WIFI AP. I learned to send the WIFI traffic out a separate WAN interface so it's problems didn't affect my smtp outbound ip.
Re: (Score:2)
I certainly do know what I am talking about. As for being insulting, short of a complete and utter mistake on the part of spamhaus for incorrectly listing you (I'm not going to pretend any automated system is perfect), most would agree I said nothing that wasn't deserved.
Proper filtering would have prevented that unfortunate problem. It's not like I blamed you personally for the infection or made some stupid comment about windows or something.
Just having an infection reaching out to a C&C server isn't
Re: (Score:1)
Oh for fucks sake.
I wasn't attacking Spamhaus. I think they are great.
I was bemoaning the perfect storm that got me blocked for 3 days because of the block and DDOS.
http://www.spamhaus.org/zen/ [spamhaus.org]
We were blocked for XBL. Not SBL or CSS. It REALLY was because a machine was observed talking to a botnet C&C server.
But it took me days to find out it was XBL and not because of spamming. I spent those days thinking it was because of spamming, wasting time chasing smtp ports and pooring over capture traffic for c
Re: (Score:1)
"most would agree I said nothing that wasn't deserved"
You referred to his organization as "lazy and inconsiderate" for not doing things which they actually did do. That's pretty undeserved.
Re: (Score:2)
If he actually did any of those things, he wouldn't have ended up on the black list.
I've repeatedly explained the lists do not work in the manor he has claimed.
He even posted URLs that confirm everything I said.
It's not my job to convince anyone otherwise, so I'm finished with that conversation.
Re: (Score:1)
You said "hosting company", where I think you meant to say "spamhaus".
In this case, everyone's a dick.
Re: (Score:2)
I hope they hang this piece of shit up to dry and his scummy, criminal "hosting company" fades into history.
Are you talking about the guy running the hosting service that helped host Wikileaks, or the guy running the SpamWhores protection racket?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Or are they gonna go Dutch?
The sentence will be stoning to death.
Re: (Score:2)
Or are they gonna go Dutch?
The sentence will be stoning to death.
It's always good to see law enforcement working together in a joint investigation.
Re: (Score:1)
Or are they gonna go Dutch?
The sentence will be stoning to death.
It's always good to see law enforcement working together in a joint investigation.
I hear they just tracked his Twitter hash tag.
Re: (Score:2)
Or are they gonna go Dutch?
The sentence will be stoning to death.
Actually the Dutch criminal justice system is known to hand out very light sentences. Hopefully they will make an exception here.
Yeah I know you were trying to pun on 'stoned'.
shocker (Score:2)
You mean the guy who ran stophaus and posted diatribes about the evil of blacklisting spam providers is behind it? I'm speechless.
Re: (Score:3)
Also why was he nabbed in sunny Spain instead of being holed up in his SWAT-repellant yet slightly less sunny anti-everything bunker? Fighting the good fight against evil Spamhaus at the side of every Legitimate Businessman propably was a bit of a hassle? He must have brought a note from his mother as the dark dampness disrupted the punctuality of his often broadcasted
Re:shocker (Score:4, Informative)
That bunker and the name 'cyberbunker' are just marketing. He doesn't actually have any presence in that bunker and hasn't for years.
The guy is a lying con-man as well as a DDOS scumbag.
Re: (Score:2)
The anecdote of him ignoring a stern knock at the door by the police is true even if the foto on the webpage is fake.
Hang him! (Score:1)
Ah, but not by the neck but by his gonads. More painful and less permanent.
But on a more serious note, no one has the right to do a DDoS attack regardless of whether a good guy or a bad guy is being attacked (and spam and the phishing that comes with it is bad). This kind of private cyber warfare is only counterproductive in the long term. The Internet is only successful because of cooperation between parties. When there is distrust it stops working. Maybe the governments will figure *that* out one of t
Re: (Score:2)
Color me shocked. Money and power attracts money and power. This whole sordid episode is an exercise in trying to determine which scumbag is the least scumbaggy.
Re: (Score:2)
Re: (Score:1)
I think you were looking for this story, Fuddy:
http://ask.slashdot.org/story/13/04/26/2115256/ask-slashdot-how-do-you-assess-the-status-of-an-open-source-project [slashdot.org]
Free speach (Score:2)