Block: Zen - IP 82.69.55.44
Spin Dryer
They are incompetent morons who do nothing.
(user infected with sober.x)
"Wango"
news:v0h6q1hms8dreq2rt...@4ax.com...
> In fact, set your blocklist to include all of Zen IP space.
>
> They are incompetent morons who do nothing.
>
>
> (user infected with sober.x)
STFU ya no now't NOOB!
Wango
Solo Rider
>
> They are incompetent morons who do nothing.
>
>
> (user infected with sober.x)
Done some time back. They are almost as bad as Wanadodo
picker pecker
> > "Spin Dryer" <m...@privacy.net> wrote:
> >
> > In fact, set your blocklist to include all of Zen IP space.
In fact, you should set your brain to block all forms of life, including
your own!
> Done some time back. They are almost as bad as Wanadodo
Yeah, the whole Internet should be blocked! Right, SPEWS[1] k00k?
SPEWS[1] World's biggest Internet FRAUD/SCAM and BEST PIECE OF CRAP!
Com'on, bite me dickhead.
Solo Rider
news:43a38501_2@mk-nntp-
>> Done some time back. They are almost as bad as Wanadodo
> Yeah, the whole Internet should be blocked! Right, SPEWS[1] k00k?
> SPEWS[1] World's biggest Internet FRAUD/SCAM and BEST PIECE OF CRAP!
>
> Com'on, bite me dickhead.
Who said anything about SPEWS? Zen is almost as clueless as you are. They
are blocked here for failure to police their users after multiple requests.
nosp...@yahoo.co.uk
wrote:
Police for what exactly? Zen are one of the best ISP's. What is your
problem?
ian
Why should they ? it is no their fault you choose an OS that insecure . As
someone who works for an isp at the moment ,I fail to see why we should put
microsoft sloppy coding right for them .
--
Output certified Microsoft free
Checked with Suse 10.0
Spin Dryer
>Spin Dryer wrote:
>
>> In fact, set your blocklist to include all of Zen IP space.
>>
>> They are incompetent morons who do nothing.
>>
>>
>> (user infected with sober.x)
>Why should they ? it is no their fault you choose an OS that insecure . As
>someone who works for an isp at the moment ,I fail to see why we should put
>microsoft sloppy coding right for them .
What on earth are you on about ? It's completely irrelevant whether my
OS is MS or not.
If you work for an ISP, then let me tell you this, you are _not_
putting coding correct where did you get that information from ?
You would be stopping one of _your_ users from trying to infect
others, as well as costing them in terms of bandwidth and time.
Perhaps you want _your_ users to keep sending this junk ? In which
case, go ahead Slick.
Spin Dryer
Like you've tried them all ?
Zen don't care - perhaps you like that in an ISP ?
WindsorFox
> Spin Dryer wrote:
>
>
>>In fact, set your blocklist to include all of Zen IP space.
>>
>>They are incompetent morons who do nothing.
>>
>>
>>(user infected with sober.x)
>
> Why should they ? it is no their fault you choose an OS that insecure . As
> someone who works for an isp at the moment ,I fail to see why we should put
> microsoft sloppy coding right for them .
Someone smack this guy. YOO (as the ISP) are responsible for what
leaves YOUR connection to the rest of the world. You one told you that
you had to fix thier computer, but you do need to do something to stop
the spew.
--
Oh, you are out of your rabbid assed mind.- KJK
WindsorFox
> Police for what exactly?
For clueless boobs that allow their computer to be infected and/or
controlled and either do not know or do nothing about it.
Boss Hog
says...
> Like you've tried them all ?
Zen are renowned for being one of the best UK ISP's around, period. You
don't have to try them to know that.
> Zen don't care - perhaps you like that in an ISP ?
And which ISP do you use, big man?
It's Me
end first before just asking people to block every IP in the world.
Maybe Just maybe your computer has a virus or trojan.
Spin Dryer
>Spin Dryer, If you are getting loads of junk I think you should look at your
>end first before just asking people to block every IP in the world.
>
>Maybe Just maybe your computer has a virus or trojan.
>
Dear oh dear oh dear - you really don't understand it do you.
Yealand Conyers
Like you would know. IF Zen was as bad as you claim, how come it is NOT
listed all over the place? Anyone can check moensted.dk and see that your
claim is /not/ true. YOU are just a crybaby who wants others to be
responsible for your OWN fuckups. Run a proper AV on that OS of yours, &
keep it maintained *properly*.
Now FOAD.
--
Now please enlighten us!
Go & duct tape yourself
to a lightning rod.
Yealand Conyers
> Spin Dryer wrote:
>
>> In fact, set your blocklist to include all of Zen IP space.
>>
>> They are incompetent morons who do nothing.
>>
>> (user infected with sober.x)
> Why should they ? It is no their fault you choose an OS that insecure.
Absolutely. And if the user can't run an AV, or keep it properly
maintained, he's an idiot.
That's what he gets for running Windows and not doing due diligence.
> As someone who works for an isp at the moment, I fail to see why we
> should put microsoft sloppy coding right for them .
Hm.....allowing all users admin rights too.
Solo Rider
news:pgs7q1htiqtmf88t5...@4ax.com...
We were getting probes from their address space. Some looked like zombies,
at least one looked to be manned. They are also not doing anything about
infected machines spewing. We tried to address the issue with them at a NOC
to NOC level. Never even the courtesy of a response.
We blocked them about 6 months ago and have not had a complaint. If Zen is
one of the best in the UK, they must have French management.
nosp...@yahoo.co.uk
wrote:
Hmm - waas with BT Openworld, BT Yahoo, BB BB, for many years until
recently - got more crap hitting the firewall on BT's network than
ever I do with Zen or other ISP's. BT's email addy is constantly hit
by shit spams.
Spent months talking to BT dept's about packet loss and crappy
traceroutes - mostly got nowhere as front-line support, techies,
engineers, and inner BB techies most of the time brushed aside info
given to them - most did not know sod all about packet loss or what it
meant. Eventually they said they found a fault with my line (that's
when the exchange and ISP engineer's did not blame my
modem/router/firewall/PC, etc). Bullshit as usual.
After they said they had fixed the issue many times - sod all changed.
I could log on and get perfect results, or mostly (%98 of the time)
log on and get massive packet loss and timeouts and it would stay good
or bad - until I re-logged on), Knew it was the BT ISP side of the
chain, as eng tests my end proved my line./loss was good for 8Mb, and
my modem/router/PC/line was not an issue).
Got few up with incompetence, moved to Zen - gues what - every logon,
perfect traceroutes to known good addy's - using winmtr (combined
tr/ping) - pings are not the lowest, but not into gaming I care less.
It was not me, my line, exchange, pipe, just the ISP side at the main
hub centre.
If you want to slag ISP's off that do sod all about infected PC's and
their own network - look to BT.
Lenny Nero
> What on earth are you on about ? It's completely irrelevant whether my
> OS is MS or not.
Shows what you know.
--
Want to help to keep the best free usenet servers running ?
http://www.readfreenews.com
Lenny Nero
> Why should they ? it is no their fault you choose an OS that insecure . As
> someone who works for an isp at the moment ,I fail to see why we should put
> microsoft sloppy coding right for them .
I would be very annoyed if my Isp tired to tell me what to run, its also
not the Isp's fault if the end user is a fool, what are they to do ?
If I get scanned I block the IP addy, well I dont have to because I know
how to setup a router and firewalls.
L.
Solo Rider
<nosp...@yahoo.co.uk> wrote in message
news:g8m8q1pedpqj4a6c9...@4ax.com...
What annoyed me most about Zen was the total lack of response. Null, nada,
zip. Given the level of clueless Windows users out there, one has to expect
a certain fraction of zombies. However, I do expect a) a response and b)
action against users who are actively attacking other networks from a
provider. We got neither from Zen. Like said earlier, no complaints as of
yet from blocking them at the router.
As for BT, I feel your pain from a user side, but they have been reasonably
responsive to other ISPs, including ourselves.
Gizmo
"Solo Rider" <no...@nowhere.c0m> wrote in message
news:eAWof.652405$xm3.311335@attbi_s21...
> We were getting probes from their address space. Some looked like
> zombies, at least one looked to be manned. They are also not doing
> anything about infected machines spewing. We tried to address the issue
> with them at a NOC to NOC level. Never even the courtesy of a response.
>
> We blocked them about 6 months ago and have not had a complaint. If Zen
> is one of the best in the UK, they must have French management.
No decent ISP would give out information on a public forum detailing what
action had been taken against another ISP.
Then again we have higher standards in the UK.
Solo Rider
"Gizmo" <Gi...@home.now> wrote in message
news:I8KdnXcTUej...@giganews.com...
You need to get out more then and see what is in the real world not to
mention NANAE.
Yealand Conyers
Where you're getting called on your whining, apparently. I'm told YOU
wouldn't know a zombie from an acorn.
Yealand Conyers
If he wants to start foaming, he should foam about Comcast, Shaw,
and all the others who DO have huge problems.
Yealand Conyers
> Given the level of clueless Windows users out there,
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
'Nuff said.
Yealand Conyers
Well let's see.
From: "Solo Rider" <no...@nowhere.c0m>
NNTP-Posting-Host: 12.219.247.197
Newsgroups: uk.telecom.broadband,news.admin.net-abuse.email
Organization: AT&T ASP.att.net
OOPS!! You see that last one? Why it was December 12th 2005.
Oh my, oh my! MORE recent ones!
"Outblaze" has his IP 12.219.247.197 blocked!
Sorbs just has him listed because he has a dynamic address. But one of the
lists at moensted said it had received spam from that block.
Now what was that saying about "People in glass houses....."
And as for no replies, how about THIS?
"SBC does not see fit to communicate with actual common humans and may or
may not still employ any. After all, they are "The New AT&T" in every
possible sense." - http://makeashorterlink.com/?U5523255C
FYI: sbc.com, which is part of AT&T, is ranked at #2 on Spamhaus's Top Ten
list. http://www.spamhaus.org/sbl/listings.lasso?isp=sbc.com
So what we have here is a whiner, sitting in a sewer, complaining,
because others trouser legs aren't shitstained like his.
Gizmo
"Yealand Conyers" <y...@yc.home.uk> wrote in message
news:pan.2005.12.17....@yc.home.uk...
Outlook Distress is like a wife:
You know you can do better. You know it's fucking unstable. But it's quick
and easy to use.
;o)
Yealand Conyers
LOL!
> ;o)
;-)
tiss
the backward OP, spin dryer, and the other respondents to this thread
supporting the OP: windsorfox, marcus aurelius, nick, "!:?)"... They are the
blind-folded disciples of the SPEWS cult (there are about 20-25 of them that
regularly troll in Nanae).
"Yealand Conyers" <y...@yc.home.uk> wrote in message
news:pan.2005.12.17....@yc.home.uk...
> > On Sat, 17 Dec 2005 00:47:34 +0000, Solo Rider wrote:
Seth Breidbart
ian <i...@grindeynull.demon.co.uk> wrote:
>Spin Dryer wrote:
>
>> In fact, set your blocklist to include all of Zen IP space.
>>
>> They are incompetent morons who do nothing.
>>
>> (user infected with sober.x)
>Why should they ? it is no their fault you choose an OS that insecure . As
>someone who works for an isp at the moment ,I fail to see why we should put
>microsoft sloppy coding right for them .
You don't have to fix Micro$oft.
You _do_ have to block outgoing viruses from your own lusers in your
own IP space. If you don't know how to do that, you don't deserver to
be connected to the Internet without adult supervision.
Seth
Yealand Conyers
> Good find! Solo Rider is just a simpleton SPEWS fanatic/butt-monkey. So is
> the backward OP, spin dryer, and the other respondents to this thread
> supporting the OP: windsorfox, marcus aurelius, nick, "!:?)"...
"tiss" Customer of PlusNet plc probably Moronic Moris.
http://www.pearlgates.net:8080/nanae/kooks/moris/aliasses.shtml
SPEWS wasn't even mentioned. WindsorFox, Seth Breidbart, are NOT
supporting the OP. Read them again, fool. marcus aurelius, nick, "!:?),
are not even in the thread, in uk.t.b or n.a.n.a.e. You are just showing
yourself to be a moron, maybe /that's/ why you're referred to as "moronis"
> They are the blind-folded disciples of the SPEWS cult (there are about
> 20-25 of them that regularly troll in Nanae).
Whereas you are a frustrated spammer.
"SPEWS listees who post about their listing in this newsgroup should
expect to read at least one follow-up from a poster who calls himself
"Moris". Moris will claim that SPEWS is an illegal blacklist that is
designed to punish them because they are innocent. When asked, Moris
will not say where SPEWS is illegal. When pressed for an answer, Moris
will resort to personal attacks against the questioner that will
eventually degenerate to homophobic rantings. The inescapable
conclusion is that Moris has no answer. When shown that SPEWS is
completely legal, Moris dismisses the evidence."
http://groups.google.co.uk/group/news.admin.net-abuse.email/msg/14559b129ad0556a?hl=en&
Idiot.
Chris
..just as well 'Ian' doesn't hold root access on any Thus boxes!
WindsorFox
> Then again we have higher standards in the UK.
>
>
Really? Others call it "pussification."
tiss
> On Sun, 18 Dec 2005 02:21:17 +0000, tiss wrote:
>
> > Good find! Solo Rider is just a simpleton SPEWS fanatic/butt-monkey. So
> > is the backward OP, spin dryer, and the other respondents to this thread
> > supporting the OP: windsorfox, marcus aurelius, nick, "!:?)"...
>
> "tiss" Customer of PlusNet plc probably Moronic Moris.
>
> http://www.pearlgates.net:8080/nanae/kooks/moris/aliasses.shtml
You are pointing us to crap written by Hell (AKA "Angel"), a brain-washed
SPEWS disciple who hates my guts, as impartial evidence? Nice one!
Here is a quick glimpse into backward SPEWS disciples:
http://www.somethingawful.com/articles.php?a=1605
<SNIP garbage and fairy tales from a SPEWS loon>
> Whereas you are a frustrated spammer.
And you can no doubt show us the evidence to back up your claim! You can't?
That's a pity.
> Idiot.
That sure is a nice description of yourself.
Yealand Conyers
> "Yealand Conyers" <y...@yc.home.uk> wrote:
>
>> On Sun, 18 Dec 2005 02:21:17 +0000, tiss wrote:
<nothing>
"Moronic" Moris has recently posted as:
Nomans Land; Tristar Dave; Nomans Farm; Neil K.;
garden of eden; Thermo DNS; Angel4; Spam Exterminator;
Andrew Gillard; Martin Kane; John O'Hanlon Spam
Investigator; picker pecker; tiss
He has also been blocked from posting to
news.admin.net-abuse.blocklisting because he cannot control himself.
About Moris:-
tiss
<SNIP an overload of garbage from a SPEWS disciple>
> He has also been blocked from posting to
> news.admin.net-abuse.blocklisting because he cannot control himself.
Another false rumor spread by the SPEWS disciples.
---
A quick glimpse into the mindset of the SPEWS disciples:
Yealand Conyers
> "Yealand Conyers" <y...@yc.home.uk> wrote:
>
> <SNIP an overload of garbage from an idiot spammer>
FYI: Moris is a spanked spammer that got listed on SPEWS
about two years ago. He has also been blocked from
posting to news.admin.net-abuse.blocklisting
because he cannot control himself.
"Moronic" Moris has recently posted as:
Nomans Land; Tristar Dave; Nomans Farm; Neil K.;
garden of eden; Thermo DNS; Angel4; Spam Exterminator;
Andrew Gillard; Martin Kane; John O'Hanlon Spam
Investigator; picker pecker; tiss
http://www.pearlgates.net:8080/nanae/kooks/moris/aliasses.shtml
The clown posts through PlusNet & Tiscali.
More about Moris:-
"SPEWS listees who post about their listing in this newsgroup should
expect to read at least one follow-up from a poster who calls himself
"Moris". Moris will claim that SPEWS is an illegal blacklist that is
designed to punish them because they are innocent. When asked, Moris will
not say where SPEWS is illegal. When pressed for an answer, Moris will
resort to personal attacks against the questioner that will eventually
degenerate to homophobic rantings. The inescapable conclusion is that
Moris has no answer. When shown that SPEWS is completely legal, Moris
dismisses the evidence."
http://groups.google.co.uk/group/news.admin.net-abuse.email/msg/14559b129ad0556a?hl=e
Ok, ask this of moronis:
Why is SPEWS illegal?
Where does any /legitimate/ website say that SPEWS is illegal?
Spin Dryer
>In fact, set your blocklist to include all of Zen IP space.
>
>They are incompetent morons who do nothing.
>
>
>(user infected with sober.x)
You will be pleased to hear that Zen have done zilch about it.
They are abysmal buffoons.
Yealand Conyers
<crossposting snipped>
And you are an idiot.
IF Zen was as bad as you claim, how come it is NOT listed all over the
place? Anyone can check moensted.dk and see that your claim is /not/ true.
YOU are just a crybaby who wants others to be responsible for your OWN
fuckups. Run a proper AV on that OS of yours, & keep it maintained
*properly*, or change to an OS which isn't affected by viruses.
--
http://www.seige-perilous.org/spam/spam-SPEWS.html
http://www.spews.org/
Disclaimer: I have /nothing/ to do with SPEWS, nor
do I know of anyone who has.
Spin Dryer
>On Mon, 26 Dec 2005 09:57:22 +0000, Spin Dryer wrote:
>
>> On Fri, 16 Dec 2005 22:48:53 +0000, [Spin Dryer] said :-
>>
>>>In fact, set your blocklist to include all of Zen IP space.
>>>
>>>They are incompetent morons who do nothing.
>>>
>>>
>>>(user infected with sober.x)
>>
>>
>> You will be pleased to hear that Zen have done zilch about it.
>>
>> They are abysmal buffoons.
>
><crossposting snipped>
>
>And you are an idiot.
>
>IF Zen was as bad as you claim, how come it is NOT listed all over the
>place? Anyone can check moensted.dk and see that your claim is /not/ true.
>YOU are just a crybaby who wants others to be responsible for your OWN
>fuckups. Run a proper AV on that OS of yours, & keep it maintained
>*properly*, or change to an OS which isn't affected by viruses.
What the hell is wrong with you Bucko ?
This has _nothing_ to do with me at all, my systems are not infected
at all, what on earth makes you think it is ?
The user IP address 82.69.55.44 however, is infected, and Zen are
doing nothing to prevent the spew from this user.
There is nothing to claim here - it is 100% fact.
Alistair Cockeram
>
> The user IP address 82.69.55.44 however, is infected, and Zen are
> doing nothing to prevent the spew from this user.
Have you sent an abuse report to ab...@zen.co.uk yet? If not, the earliest
they will be able to take action is Wednesday the 28th.
This will involve contacting the end user and requesting that they
clean up their systems. If further reports are recieved after the end
user has been notified, then their account will be suspended.
--
Alistair Cockeram, Hebden Bridge UK
"Everyone around me dies, Mr. Morden, except those who most deserve it."
Yealand Conyers
<snip>
> The user IP address 82.69.55.44 however, is infected, and Zen are doing
> nothing to prevent the spew from this user.
>
> There is nothing to claim here - it is 100% fact.
Very well. Tell us who /your/ ISP & let's see how good /they/ are.
Ono Nottim
Well I've only been with Zen a few days, but had dealings with them a little
while longer. I think they are great.
As far as I can see the plaintiff offers no credible evidence that they are
in any way to blame.
To the contrary they provide a first class service - look at the accolades
they receive on this news group, alone.
To the OP - I would proffer the following suggestion ......
Empty barrels make most noise.
I rest my case
Hoping you have all had a good Christmas
Ono
Yealand Conyers
Well said!
> Hoping you have all had a good Christmas Ono
Yes, hope you did! :-)
Spin Dryer
>[Spin Dryer wrote in uk.telecom.broadband]
>>
>> The user IP address 82.69.55.44 however, is infected, and Zen are
>> doing nothing to prevent the spew from this user.
>
>Have you sent an abuse report to ab...@zen.co.uk yet? If not, the earliest
>they will be able to take action is Wednesday the 28th.
I have sent them dozens. Indeed on 21st, they said that they had
contacted the customer to run a full system scan and giving them a
chance to clean up. If it continues more than 24hrs later to send
reports in for them to take further action.
This they have _not_ done of course, as the spew just keeps coming.
>
>This will involve contacting the end user and requesting that they
>clean up their systems. If further reports are recieved after the end
>user has been notified, then their account will be suspended.
In this case, _nothing_ has been done. The user is _still_ spewing out
this virus today.
That is complete incompetance.
Yealand Conyers
<snip>
Please tell us the name of /your/ ISP, & then we can find out how
competant /they/ are.
Phil D.Long
wrote:
Hello,
This has now been dealt with, according to our abuse procedures. In
all but the most serious cases we operate a 'three-strikes' method
whereby an account will be suspended if the customer does not resolve
abuse/security issues following repeated requests to do so (and
further reports are received).
In this case this procedure has been followed, however the suspension
was delayed until after the Christmas holiday period.
kind regards,
Phil D.Long
--
Phil D.Long
ZeN Internet Ltd. - Technical Support Manager
W: www.zensupport.co.uk
Marcus Aurelius
> This has now been dealt with, according to our abuse procedures. In
> all but the most serious cases we operate a 'three-strikes' method
> whereby an account will be suspended if the customer does not resolve
> abuse/security issues following repeated requests to do so (and
> further reports are received).
Why 3 strikes?
Give the customer ONE warning shot across the bow and if the machine
isn't cleaned up after that, sink them.
> In this case this procedure has been followed, however the suspension
> was delayed until after the Christmas holiday period.
That was a nice Christmas present to spammers.
I think we (tinw) know which side of the fence you're on now.
--
MA
Quaestor
>This has now been dealt with, according to our abuse procedures. In
>all but the most serious cases we operate a 'three-strikes' method
>
>
which makes you a spam-supporter
>whereby an account will be suspended if the customer does not resolve
>abuse/security issues following repeated requests to do so (and
>further reports are received).
>
>In this case this procedure has been followed, however the suspension
>was delayed until after the Christmas holiday period.
>
>kind regards,
>Phil D.Long
>
>
Giving spammers time and extra chances to spam means you are the
problem. They could not exist without you. Understand that as long as
you give them ANY time or ignore ANY complaints, you are going to be
shunned as The Cause of spam. The civilized internet wants nothing to
do with your kind.
Read: http://www.seige-perilous.org/spam/spam-blocklists.html
Have a nice day.
--
Godwin is a net-nazi
Alan J. Flavell
> On Mon, 26 Dec 2005 09:57:22 +0000, Spin Dryer <m...@privacy.net>
> wrote:
>
> >On Fri, 16 Dec 2005 22:48:53 +0000, [Spin Dryer] said :-
> >
> >>In fact, set your blocklist to include all of Zen IP space.
> >>
> >>They are incompetent morons who do nothing.
> >>
> >>
> >>(user infected with sober.x)
> >
> >
> >You will be pleased to hear that Zen have done zilch about it.
> >
> >They are abysmal buffoons.
>
> Hello,
>
> This has now been dealt with, according to our abuse procedures.
Too late...
> In all but the most serious cases
If virus infestation does not count as a "serious case", then you need
to review your T&Cs.
> we operate a 'three-strikes' method whereby an account will be
> suspended if the customer does not resolve abuse/security issues
> following repeated requests to do so (and further reports are
> received).
IMNSHO, your T&Cs should include the possibility of blocking the
specific activity (e.g customer's access to SMTP port 25, other than
to some virus-scanned smarthost which you presumably provide)
*immediately* on detection of abusive activity, especially virus
infestation. A failure to do so is a dereliction of your duty of care
towards your user, quite apart from qualifying you for entries in RBL
blacklistings for your dereliction of duty towards the rest of the
Internet.
> In this case this procedure has been followed, however the
> suspension was delayed until after the Christmas holiday period.
Inadequate. If I was still the mail admin here, your answer would
have earned you a blocking entry for your whole address range in our
mailer.
best regards
Phil D.Long
An interesting read, but irrelevant to this matter. We certainly
don't fit the description there of a spam-friendly ISP. If our
customers are spamming, or host spamvertised sites with us, then
action will be taken. In the past this has resulted in the
cancellation of any and all services spammers are supplied with by
Zen.
In the case of open-relay servers which could be abused we have
automated checking in place which checks all of our IP space and
black-lists IP addresses if an open-relay server is found. Attempts
to send bulk e-mail through our smart-host results in blocking too.
We do not support spammers in any way, and bulk e-mailing is against
our Acceptable Use Policy.
When a customer has a virus infection which is resulting in spam then
simply blocking that customer's access will not result in a long-term
solution to the problem. We seek to educate the customer of the
measures they can take to clear their system of the offending virus
and prevent (or at least greatly reduce the chances of) future
infection. Not everybodywho uses the Internet is IT literate so they
can't be expected to get it right first time, every time - hence our
three-strikes policy. Once the account is suspended they must take
action and confirm what they have done in writing before the account
will be re-enabled. If, after that, we receive further reports the
account would be suspended again and we would require evidence from a
third party that action has been taken (e.g. I.T. consultant report on
the offending computer/network and the action taken to secure it/them)
before re-enabling.
Ultimately educating users on how to secure their systems is a far
better solution than cancelling their service and sending them
somewhere else - where perhaps abuse isn't dealt with as actively.
regards,
Phil.
Quaestor
>We do not support spammers in any way, and bulk e-mailing is against
>our Acceptable Use Policy.
>
>
You will find that by definition around here, giving spammers extra
warnings and more time IS spam-support. You don't have to do anything
else wrong, that is wrong enough.
>When a customer has a virus infection which is resulting in spam then
>simply blocking that customer's access will not result in a long-term
>solution to the problem.
>
Yes it does.
>We seek to educate the customer of the
>measures they can take to clear their system of the offending virus
>
>
First you need to stop the spew. You do that by blocking them. It is
not ok to let the hijacked machine run unchecked.
>Once the account is suspended they must take
>action and confirm what they have done in writing before the account
>will be re-enabled.
>
So do you stop them or not?
>Ultimately educating users on how to secure their systems is a far
>better solution than cancelling their service and sending them
>somewhere else - where perhaps abuse isn't dealt with as actively.
>
>
Ultimately it's about stopping the spam.
In the case of an infected user machine you need to make certain the
spew stops fast. If they cannot be reached at once in real time, first
you block them from sending. Do not let them resume until you have
evidence that the problem is fixed, and that they have implemented
preventive measures, and monitor after restoration to make sure of it.
THAT is good education. And if they get infected again it's time to cut
them loose.
Stephen K. Gielda
gbur...@databasix.com says...
> >An interesting read, but irrelevant to this matter. We certainly
> >don't fit the description there of a spam-friendly ISP.
>
> friendly ISP.
>
>
Considering that the spammers who have tried to abuse us also used a
stolen credit card to do it, I'd have to say not only spam friendly, but
poor business decision as well. A spam run usually means they are
scamming you as well.
/steve
--
The Missing Amendment
The Right To Privacy
http://www.themissingamendment.org
Solo Rider
"Phil D.Long" <no0...@n0wh-er-e.c0m> wrote in message
news:lpa5r1l46ud94oiu8...@4ax.com...
a customer has a virus infection which is resulting in spam then
> simply blocking that customer's access will not result in a long-term
> solution to the problem. We seek to educate the customer of the
> measures they can take to clear their system of the offending virus
> and prevent (or at least greatly reduce the chances of) future
> infection. Not everybodywho uses the Internet is IT literate so they
> can't be expected to get it right first time, every time - hence our
> three-strikes policy. Once the account is suspended they must take
> action and confirm what they have done in writing before the account
> will be re-enabled. If, after that, we receive further reports the
> account would be suspended again and we would require evidence from a
> third party that action has been taken (e.g. I.T. consultant report on
> the offending computer/network and the action taken to secure it/them)
> before re-enabling.
I find this portion of your response to be at odds with our direct
experience. When we were being bombarded by zombies from your net space as
well as man-in-the-loop attacks, your team did nothing and did not respond
to our requests to help shut it down. Well we all understand the problems
with zombies, but refusing to communicate and take action when requested is
really inexcusable. You are blocked at our routers and we have not heard a
single complaint about it.
Seth Breidbart
Stephen K. Gielda <st...@packetderm.com.bogus> wrote:
>In article <douhhe$524$3...@blackhelicopter.databasix.com>,
>gbur...@databasix.com says...
>> >An interesting read, but irrelevant to this matter. We certainly
>> >don't fit the description there of a spam-friendly ISP.
>>
>> If you really give them more than one chance to spam, you're a spam
>> friendly ISP.
>>
>Considering that the spammers who have tried to abuse us also used a
>stolen credit card to do it, I'd have to say not only spam friendly, but
>poor business decision as well. A spam run usually means they are
>scamming you as well.
They might merely be sufficiently clueless to get infected.
In that case, blocking outgoing email (and other vectors), while still
allowing web access to anti-virus sites, seems like the best thing to
do.
Cutting them off completely and permanently just means they'll take
their infection elsewhere, and take longer to get disinfected.
Cluelessness is curable.
Seth
Seth Breidbart
Gary L. Burnore <gbur...@databasix.com> wrote:
>>They might merely be sufficiently clueless to get infected.
>>
>>In that case, blocking outgoing email (and other vectors), while still
>>allowing web access to anti-virus sites, seems like the best thing to
>>do.
>>
>>Cutting them off completely and permanently just means they'll take
>>their infection elsewhere, and take longer to get disinfected.
>>
>>Cluelessness is curable.
>>
>Sorry, Seth, but I want to make sure I have this straight. Don't nuke
>them quickly, try to cure them. That way, you can be listed on spews
>for not nuking them quickly. That about cover it?
Almost.
Block them immediately. That way, the spam stops immediately.
If they just need education, they fix things, they get unblocked, no
more spam.
If they're intentional spammers, they get removed, no more spam.
Either way, the spam is stopped immediately, so I wouldn't expect them
to get listed.
Seth
picker pecker
> "Phil D.Long" <no0...@n0wh-er-e.c0m> wrote:
>
> > a customer has a virus infection which is resulting in spam then
> > simply blocking that customer's access will not result in a long-term
> > solution to the problem. <SNIP>
>
> You are blocked at our routers ...
That's rich, coming from someone posting from att.net which is heavily
blocked due to numerous spam problems.
> and we have not heard a single complaint about it.
Well, you won't get a complaint if you or your users are not expecting any
emails from Zen's IP range.
Quaestor
>>Don't nuke
>>them quickly, try to cure them. That way, you can be listed on spews
>>for not nuking them quickly. That about cover it?
>>
>>
>
>Almost.
>
>Block them immediately. That way, the spam stops immediately.
>
>If they just need education, they fix things, they get unblocked, no
>more spam.
>
>If they're intentional spammers, they get removed, no more spam.
>
>Either way, the spam is stopped immediately, so I wouldn't expect them
>to get listed.
>
>
To me it is obvious, like having a sprinkler system for stopping fires.
When a fire starts, the sprinklers hit it with water immediately. It
doesn't matter whether the fire came from faulty wiring, an arsonist, or
spontaneous combustion of someone's long-neglected laundry, the fire
gets put out. The fire inspector can decide what happened and the owner
can decide what to do about it later, but first put out the fire.
Sulu
@reader1.panix.com:
> In article <dov02m$aig$1...@blackhelicopter.databasix.com>,
> Gary L. Burnore <gbur...@databasix.com> wrote:
>>On Wed, 28 Dec 2005 20:23:35 +0000 (UTC), se...@panix.com (Seth
>>Breidbart) wrote:
>
>>>They might merely be sufficiently clueless to get infected.
>>>
>>>In that case, blocking outgoing email (and other vectors), while still
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>allowing web access to anti-virus sites, seems like the best thing to
>>>do.
>>>
>>>Cutting them off completely and permanently just means they'll take
>>>their infection elsewhere, and take longer to get disinfected.
>>>
>>>Cluelessness is curable.
>>>
>>Sorry, Seth, but I want to make sure I have this straight. Don't nuke
>>them quickly, try to cure them. That way, you can be listed on spews
>>for not nuking them quickly. That about cover it?
>
> Almost.
>
> Block them immediately. That way, the spam stops immediately.
>
> If they just need education, they fix things, they get unblocked, no
> more spam.
>
> If they're intentional spammers, they get removed, no more spam.
>
> Either way, the spam is stopped immediately, so I wouldn't expect them
> to get listed.
also wouldnt expect ISP to get listed, as its responses to spam were
timely, (possibly proactive?) and educational.
>
> Seth
>
and note that had already been said.
Is I believe, the standard mantra.
Did you not know that?
You have been here longer than me.
Establishing a known history of the ISP acting thus is likely to cut the
ISP some slack when eventually some stuff up means ISP looks bad on paper
but can explain what happened. Thus the benfit of replying informatively
to LARTs.
Sulu
Spin Dryer
Total hogwash.
Go and re-read your own AUP and act on that. Nowhere does it say 3
goes - which is spam support, not to mention the probable 10s of 1000s
of virus laden spew your customer sent out.
What is wrong with you ISPs these days ?
Who cares if the user is IT literate or not, as soon as they have been
infected, chop them off - there is no other option. Surely you can see
that ? _Then_ you tell them to clean up their act.
No-one told you to cancel their service, just to act immediately and
suspend their access.
You ignored dozens of reports, and frankly your lack of action is
totally deplorable - as this is a serious case.
Once again, re-read your AUP/T&C and act on it - in fact, take a look
at 11.3
Yealand Conyers
<snip>
I have asked TWICE before, but you've ducked the question.
Please inform us of who /your/ ISP is, then we
can check them out & see how good /they/ are.
After all, if they're /so/ perfect for /you/ to
use them, perhaps a lot of people would like to
switch to them.
Yealand Conyers
I find that rich coming from someone using AT&T!
AT&T have many spam problems, & yet appear to do sweet f*** all, AFAICT.
Outblaze" has his IP 12.219.247.197 blocked!
"SBC does not see fit to communicate with actual
common humans and may or may not still employ any."
sbc.com, which is part of AT&T, is ranked at #2 on Spamhaus's Top Ten
list. http://www.spamhaus.org/sbl/listings.lasso?isp=sbc.com
Spin Dryer
>On Mon, 26 Dec 2005 09:57:22 +0000, Spin Dryer <m...@privacy.net>
>wrote:
>
>>On Fri, 16 Dec 2005 22:48:53 +0000, [Spin Dryer] said :-
>>
>>>In fact, set your blocklist to include all of Zen IP space.
>>>
>>>They are incompetent morons who do nothing.
>>>
>>>
>>>(user infected with sober.x)
>>
>>
>>You will be pleased to hear that Zen have done zilch about it.
>>
>>They are abysmal buffoons.
>
>Hello,
>
>This has now been dealt with, according to our abuse procedures.
No it hasn't.
Yealand Conyers
When are you going to tell us who /your/ ISP is? I'm sure a lot of people
would like to check it out, & see how good they are. They want to change
to it.
Spin Dryer
Sorry.
BTYahoo broadband.
However, apart from one odd occasion very recently, they _always_
respond within 3 days saying that the offending "user" has been dealt
with. They are the only UK ISP that I have reported virus laden emails
to that respond in this way. All others, without exception, do not.
The odd occasion was going to be reported here, but it was fixed just
beforehand (though it was a user on bt.net, rather than btyahoo).
BUT
3 days is at least 2 days longer than I would expect a large ISP to
handle abuse complaints, of course the problem may have been fixed
earlier than 3 days and only replied by email to say it has been
cleared after the 3 days.
NTL are the next abusers to be noted 'here', a user on the same IP
address has a similar problem to this Zen user, and they have done
sfa.
Phil D.Long
"Spin Dryer" <m...@privacy.net> wrote in message
news:b9uar1dvot472h7oq...@4ax.com...
And how do you figure that? If you're still getting stuff from that IP then
I'd be very impressed. The account was suspended at the beginning of this
week...
regards,
Phil D.Long
Spin Dryer
You mean Monday ?
So, what about this :-
X-Originating-IP: [82.69.55.44]
Received: from 82.69.55.44 (HELO rsuqdk.uk) (82.69.55.44)
by mta809.mail.ukl.yahoo.com with SMTP; Fri, 30 Dec 2005 15:38:09
+0000
From:
To:
Date: Fri, 30 Dec 2005 15:28:43 GMT
Subject: hi, ive a new mail address