To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 14021
14020  |  14022
Subject: 
 Re: 24 hr missing http was Re: who killed HTTP lugnet?
Newsgroups: 
 lugnet.admin.general
Date: 
 Thu, 22 May 2008 09:20:35 GMT
Viewed: 
 8359 times
  
In lugnet.admin.general, Geoffrey Hyde wrote:
You need to analyze and filter the spam load, perhaps there is an "upstream"
who could handle that sort of thing for you, and take the spam load off the
LUGNET servers?

As a matter of fact we are evaluating to throw hardware at the problem (in terms
of a stealth firewall that will effectively block the spammers). However, this
also involves additional cost that needs to be covered somehow...

I have done quite a bit already in order to reduce spam, so I am afraid we
will
have to live with the remaining delays.

If the spammer finds they're causing delays this will inevitably lead to an
increasing spam load.  You need to find a way to cut the spam source off
from the LUGNET servers completely.

Identified spam sources are already being blocked by a variety of means, most
notably blacklisting their IP and not accepting incoming connections from them
anymore. However, using the aforementioned firewall solution will be more
flexible and efficient - which is why I would like to see it happen.

You'd be surprised about the spam load you would see if I turned off all the
spam block settings that already _are_ in place. We currently block about 50% of
all incoming connections on the IP level, about 20% each for unknown/invalid PTR
records and blacklist entries, and hardly 10% make it through to SpamAssassin
and eventually to the mail2news gateway system.

I'd start by having IP blocking implemented at a point well before it
reaches the LUGNET servers themselves.  If it's a known spam source, it
should definitely get blocked off.

Certainly - alas, I only own the servers, not the data center...

You also need to further chase up spam sources, by having them taken down
where possible, by the owning ISP.

You won't be surprised to hear that I have been trying this for a large number
of identified attackers - unfortunately ISPs in Eastern Europe and Asia are not
exactly helpful when it comes to abuse requests :( (And I am not even going into
detail when it comes to experiences with law enforcement agencies in some of
those countries...)

Regards,

Jerry



Message is in Reply To:
  Re: 24 hr missing http was Re: who killed HTTP lugnet?
 
"Gereon "Jerry" Stein" <jerry@lugnet.com> wrote in message news:K17wvI.GLE@lugnet.com... (...) You need to analyze and filter the spam load, perhaps there is an "upstream" who could handle that sort of thing for you, and take the spam load off the (...) (17 years ago, 21-May-08, to lugnet.admin.general)

7 Messages in This Thread:

Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR