Spamhaus?

Make requests and get help.

Moderator: Manveer

User avatar
mgil
Shitpostmaster General
Posts: 8464
Joined: Wed Sep 13, 2017 5:46 pm
Location: FlabLab©®
Age: 49

Re: Spamhaus?

#41

Post by mgil » Sun Apr 09, 2023 6:10 pm

Michiganian wrote: Sun Apr 09, 2023 7:37 am
mgil wrote: Sun Apr 09, 2023 7:19 am What solves your problems?
Psychotherapy? Image

What might solve the board's problem with the troll is putting the entire netblock from which he's snow-shoeing on moderated status, or new registrations on manual review status, if the board software has such provisions.
This troll has been banned, again, and registrations are closed for the moment.

ETA:

Reason he was banned now was because he decided it would be fun to report posts here in this thread and elsewhere to simply be a pain in the ass for mods/admins but not be visible to the users.

ETA2:

Now this dude is trying to login under my username. Found out since I got pinged for too many attempts with the wrong password. Unbelievable.

Michiganian
Registered User
Posts: 85
Joined: Tue Jan 17, 2023 2:49 pm

Re: Spamhaus?

#42

Post by Michiganian » Mon Apr 10, 2023 7:55 am

mgil wrote: Sun Apr 09, 2023 6:10 pm Reason he was banned now was because he decided it would be fun to report posts here in this thread and elsewhere to simply be a pain in the ass for mods/admins but not be visible to the users.
Yeah, the nutjob PM'd me, babbling on about... well, I couldn't really tell you. Took one look and deleted it. But, he did suggest something about how I must be French or something. (Thus my comment in French.)
mgil wrote: Sun Apr 09, 2023 6:10 pm Now this dude is trying to login under my username. Found out since I got pinged for too many attempts with the wrong password. Unbelievable.
:roll:

lehman906
Registered User
Posts: 763
Joined: Tue May 29, 2018 8:31 am
Age: 49

Re: Spamhaus?

#43

Post by lehman906 » Wed May 03, 2023 11:33 am

Michiganian wrote: Mon Apr 10, 2023 7:55 am
mgil wrote: Sun Apr 09, 2023 6:10 pm Reason he was banned now was because he decided it would be fun to report posts here in this thread and elsewhere to simply be a pain in the ass for mods/admins but not be visible to the users.
Yeah, the nutjob PM'd me, babbling on about... well, I couldn't really tell you. Took one look and deleted it. But, he did suggest something about how I must be French or something. (Thus my comment in French.)
mgil wrote: Sun Apr 09, 2023 6:10 pm Now this dude is trying to login under my username. Found out since I got pinged for too many attempts with the wrong password. Unbelievable.
:roll:
Well, there are a lot of French names in MI, especially in the UP where I'm from, but somehow I don't think he was doing that kind of homework. This guy strikes me as more of an Andrew Tate loving neckbeard who'd probably wind up a mass shooter if he wasn't so lazy.

User avatar
Renascent
Desperado
Posts: 2957
Joined: Sun Jun 21, 2020 10:42 am
Age: 39

Re: Spamhaus?

#44

Post by Renascent » Thu May 04, 2023 10:55 am

lehman906 wrote: Wed May 03, 2023 11:33 amThis guy strikes me as more of an Andrew Tate loving neckbeard who'd probably wind up a mass shooter if he wasn't so lazy.
I got the impression that they opted to wait out a refractory period without leaving their computer, and a strength forum was the appropriate means to kill some time, sticky fingers notwithstanding.

A Saturday afternoon of unbridled access to the internet is a wonderful thing if you've no other commitments. Then again, they received some kind of acknowledgment from the world at large, so they accomplished something (and we might've even prevented a mass shooting).

I was briefly hoping they'd start a log (would've been cool to see those seven-plate pulls), though I find it hard to take anybody seriously when they use "feminazi" and "woke" as perjoratives.

Cellist
Registered User
Posts: 887
Joined: Sat Nov 18, 2017 11:55 am

Re: Spamhaus?

#45

Post by Cellist » Fri May 05, 2023 3:10 am

I got off this list by closing port 25 on my router. It took a day.

Michiganian
Registered User
Posts: 85
Joined: Tue Jan 17, 2023 2:49 pm

Re: Spamhaus?

#46

Post by Michiganian » Fri May 05, 2023 7:14 am

Cellist wrote: Fri May 05, 2023 3:10 am I got off this list by closing port 25 on my router. It took a day.
If your IP was listed on Spamhaus and your blocking port 25 on your router got it delisted, that would suggest you've a compromised device on your network.

Spamhaus does not port-scan. The only way IPs get listed is by abusive traffic reports.

User avatar
Renascent
Desperado
Posts: 2957
Joined: Sun Jun 21, 2020 10:42 am
Age: 39

Re: Spamhaus?

#47

Post by Renascent » Fri May 05, 2023 8:34 am

Michiganian wrote: Fri May 05, 2023 7:14 am
Cellist wrote: Fri May 05, 2023 3:10 am I got off this list by closing port 25 on my router. It took a day.
If your IP was listed on Spamhaus and your blocking port 25 on your router got it delisted, that would suggest you've a compromised device on your network.

Spamhaus does not port-scan. The only way IPs get listed is by abusive traffic reports.
That was my understanding as well, based on comments I've seen from system admin folks on other message boards.

Using my home Wi-Fi is one of the reliable workarounds for me; I've never had to block any ports, nor make any other adjustments to my router.

Cellist
Registered User
Posts: 887
Joined: Sat Nov 18, 2017 11:55 am

Re: Spamhaus?

#48

Post by Cellist » Fri May 05, 2023 10:39 am

Michiganian wrote: Fri May 05, 2023 7:14 am
Cellist wrote: Fri May 05, 2023 3:10 am I got off this list by closing port 25 on my router. It took a day.
If your IP was listed on Spamhaus and your blocking port 25 on your router got it delisted, that would suggest you've a compromised device on your network.

Spamhaus does not port-scan. The only way IPs get listed is by abusive traffic reports.
Okay, my ISP assigns me a shared ipv4 via DSLite, so what I thought was a fast fix was just a coincidence, but per my router/wifi AP , that port should have been closed by default.

Michiganian
Registered User
Posts: 85
Joined: Tue Jan 17, 2023 2:49 pm

Re: Spamhaus?

#49

Post by Michiganian » Fri May 05, 2023 11:48 am

Cellist wrote: Fri May 05, 2023 10:39 am Okay, my ISP assigns me a shared ipv4 via DSLite, ...
Ah, see: You didn't mention, before, you were on DHCP.
Cellist wrote: Fri May 05, 2023 10:39 am ... so what I thought was a fast fix was just a coincidence, ...
Possibly.
Cellist wrote: Fri May 05, 2023 10:39 am ... but per my router/wifi AP , that port should have been closed by default.
Closed for ingress, egress, or both? I wouldn't be surprised if it was closed for ingress. I would be surprised if it was closed for egress. And, if it's not closed for egress, then something on your LAN can open a connection out to the 'net.

On our border router port 25 is NAT'ed to my mail server for ingress. It's blocked for egress for all but that same mail server. This way: Should something on our LAN be compromised it ain't goin' anywhere on port 25.

On a LAN with no mail servers, port 25 should be closed at the Internet border for both ingress and egress. All email clients (applications) should be using either submission (port 587) or SMTPS (port 465) for outgoing email.

Cellist
Registered User
Posts: 887
Joined: Sat Nov 18, 2017 11:55 am

Re: Spamhaus?

#50

Post by Cellist » Fri May 05, 2023 1:04 pm

Michiganian wrote: Fri May 05, 2023 11:48 am
Cellist wrote: Fri May 05, 2023 10:39 am Okay, my ISP assigns me a shared ipv4 via DSLite, ...
Ah, see: You didn't mention, before, you were on DHCP.
Cellist wrote: Fri May 05, 2023 10:39 am ... so what I thought was a fast fix was just a coincidence, ...
Possibly.
Cellist wrote: Fri May 05, 2023 10:39 am ... but per my router/wifi AP , that port should have been closed by default.
Closed for ingress, egress, or both? I wouldn't be surprised if it was closed for ingress. I would be surprised if it was closed for egress. And, if it's not closed for egress, then something on your LAN can open a connection out to the 'net.

On our border router port 25 is NAT'ed to my mail server for ingress. It's blocked for egress for all but that same mail server. This way: Should something on our LAN be compromised it ain't goin' anywhere on port 25.

On a LAN with no mail servers, port 25 should be closed at the Internet border for both ingress and egress. All email clients (applications) should be using either submission (port 587) or SMTPS (port 465) for outgoing email.
You are right, all is good, the factory preset had the filter deactivated on outgoing traffic on port 25, but reading the spamhaus information led me to agree with what you wrote in your last paragraph and so I checked the box in the router interface to activate it. In the documentation, they say you get off the blacklist three days after the bad activity stops, but for me it changed within a couple hours after I activated the filter. Since I haven't detected any malware, can't I just assume the IP was blocked because of another shared user?

Michiganian
Registered User
Posts: 85
Joined: Tue Jan 17, 2023 2:49 pm

Re: Spamhaus?

#51

Post by Michiganian » Fri May 05, 2023 3:03 pm

Cellist wrote: Fri May 05, 2023 1:04 pm ... for me it changed within a couple hours after I activated the filter. Since I haven't detected any malware, can't I just assume the IP was blocked because of another shared user?
A rule of network security: Never assume ;)

Anti-virus and anti-malware software is not even remotely dependable. When I was in IT, I regarded it as the last line-of-defense, and a poor one at that. Besides: The bad guys are exploiting more than PCs and servers. They are compromising IoT (Internet of Things) devices (appliances, home automation, etc.), as well.

One of the best defenses you can employ is a border router security stance called "That which is not explicitly allowed is denied." Blocking port 25 for both ingress and egress is an example of that. Certain things, certain IoT devices, for example, that don't need Internet access should be blocked at the Internet border router entirely. E.g.: The network-connected IP cameras for my video surveillance system have no business accessing the Internet. So they're assigned to an IP block, the entirety of which is blocked for egress at the border router. Nothing on my LAN should be doing file sharing to the Internet, so all the common file sharing ports are blocked for the entire LAN.

Customers don't "share" IP addresses, per se. "Share" as in "more than one using the same IP at the same time." They share an IP address space pool, where there are X number of IP addresses in a block and any particular customer may get any particular IP address out of that block at any particular time.

Some ISPs force frequent IP address changes. Some do not. I've friends that have been on WOW and Comcast/Xfinity that have held the same dynamically-assigned IP address for months on end. Conversely: I know, from personal experience, that AT&T and T-Mobile wireless networks force frequent IP address changes. (Plus T-Mobile, at least, does a thing called CGNAT [Carrier Grade Network Address Translation]), so the IP address you're assigned is not the IP address the rest of the Internet sees.)

Post Reply