Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

UCEPROTECT level 1 blacklist not updated ?

38 views
Skip to first unread message

"\"Radomir Tomis\" <Radomir"<DOT@ns.felk.cvut.cz>Tomis@elcomdot.cz

unread,
Apr 28, 2009, 4:03:36 PM4/28/09
to
Hello,

I'm trying to find which IP addresses are black-listed by UCEPROTECT
within this network:

85.207.0.0/16

with 379 "Level 1 listed spammers within the last 7 days":

http://www.uceprotect.net/en/rblcheck.php?asn=25248
[Start Testing]


I followed:

http://www.uceprotect.net/en/index.php?m=2&s=0

and downloaded (using both 'rsync' and 'wget') level 1 blacklist:

rsync -avz rsync-mirrors.uceprotect.net::UCE-PFSM-1 .
wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-1/access.gz

(these copies are equivalent)

to find that this blacklist has not been updated since 2008-10-06:

"This File was generated 06.10.2008 21:09"

even though it is supposed to be updated every hour:

http://www.uceprotect.net/en/index.php?m=3&s=0
"The project愀 blacklists are rebuilt hourly"

The content of the "access" (level 1) file also indicates that it is not
up-to-date (e.g. some IP addresses present in this file show up as "Not
listed" on the web).

Where do I find up-to-date level 1 blacklist ?

Thank you for your time and I'm looking forward to your response.

--
Radomir Tomis
Radomi...@gmail.com
Help stop world hunger -- visit <http://www.thehungersite.org>
Is The Hunger Site real? <http://www.umich.edu/~virus-busters/hunger.html>


--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.

David W. Hodgins

unread,
Apr 28, 2009, 7:25:20 PM4/28/09
to
On Tue, 28 Apr 2009 16:03:36 -0400, <""Radomir <"Tomis" <Radomir"<DOT"""@ns.felk.cvut.cz>to...@elcomdot.cz>> wrote:

> I'm trying to find which IP addresses are black-listed by UCEPROTECT
> within this network:
> 85.207.0.0/16
> with 379 "Level 1 listed spammers within the last 7 days":
> http://www.uceprotect.net/en/rblcheck.php?asn=25248
> [Start Testing]

I don't know about rsync, but at the bottom of the above page
is a link with the details.

Copy/paste of the addresses starting with 85.207 currently
shows 382 ip addresses.

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Claus v. Wolfhausen

unread,
Apr 29, 2009, 10:40:37 AM4/29/09
to
"Radomir Tomis" <Radomir To...@elcomDOT.cz wrote:

> rsync -avz rsync-mirrors.uceprotect.net::UCE-PFSM-1 .
> wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-1/access.gz
>
> (these copies are equivalent)
>
> to find that this blacklist has not been updated since 2008-10-06:
>
> "This File was generated 06.10.2008 21:09"

It is absolute impossible that a mirror would be out of sync for 6 month
without anyone here would get aware of it. I will show you why:

See here: http://www.uceprotect.net/en/status.php

The website above shows the Serial of the latest zone, all official
mirrors and (if there is any) difference to the Serial

If the Zoneserial at the mirror is equal the Serial of the actual hour,
then a 0 is displayed on a green background.

If the Zoneserial at the mirror is 1 hour different to the Serial of the
actual hour then a -1 is displayed on a green background.

0 or -1 is OK and no reason to worry.

If the Zoneserial at the mirror is 2 hours different to the Serial of
the actual hour the a -2 is displayed on a yellow background.

- 2 is mostly indicating a network problem between the center database
and the mirror, we get a notification if that happens.

If the Zoneserial at the mirror is more than 2 hours different from the
Serial of the actual zone then OUT OF SYNC is displayed, we and also the
mirrorsponsor get *ALERTED* if that happens.

What *CAN* happen is that a sponsor has a hardware failure for e.E. a
disk crash and that they are restoring the mirror from an earlier
backup. In this seldom cases it is possible that 1 of 20 mirrors has an
outdated Zone for a maximum of 60 minutes (until next hourly sync).

I guess that is what happened to you, but it is ridiculous to assume
that our blocklist zones would not be updated for 6 month.

If you would have retried your sync some minutes later, then you would
have found this yourself.

No matter of this we at UCEPROTECT-Network always try to make our system
better and as a consequence we will modify the mirror-images that way
that existing zonefiles are deleted within the bootup routine.

That way restored or rebooted mirrors will have no zones until the next
successful sync with our center database and it will be no longer
possible that a mirror can have outdated zones for up to 60 minutes.

--
Claus von Wolfhausen
Technical Director
UCEPROTECT-Network
http://www.uceprotect.net

"\"Radomir Tomis\" <Radomir"<DOT@ns.felk.cvut.cz>Tomis@elcomdot.cz

unread,
Apr 29, 2009, 5:41:17 PM4/29/09
to
Thank you Claus for detailed explanation !

Now I've downloaded up-to-date level 1 black list.

Radomir.


"Claus v. Wolfhausen" <use-reply-...@remove-this.com> wrote in
message news:gt9qvq$60m$1...@ulm.shuttle.de...

David Bolt

unread,
Apr 29, 2009, 6:55:17 PM4/29/09
to
On Wed, 29 Apr 2009, Claus v. Wolfhausen wrote:-

>"Radomir Tomis" <Radomir To...@elcomDOT.cz wrote:
>
>> rsync -avz rsync-mirrors.uceprotect.net::UCE-PFSM-1 .
>> wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-1/access.gz
>> (these copies are equivalent)
>> to find that this blacklist has not been updated since 2008-10-06:
>> "This File was generated 06.10.2008 21:09"
>
>It is absolute impossible that a mirror would be out of sync for 6
>month without anyone here would get aware of it. I will show you why:
>
>See here: http://www.uceprotect.net/en/status.php
>
>The website above shows the Serial of the latest zone, all official
>mirrors and (if there is any) difference to the Serial

There appears to be some disconnect between the zone files and the
available access.gz file. After attempting to retrieve the access.gz
file from all the mirrors, I compared the times the files were
generated. The results were all within an hour or so of the time of
download, except from two:

The first one that was different was due to receiving a 500 internal
error when trying to retrieve the file.

The second one came from 88.198.149.70, which identifies itself as the
Nuernberg mirror. Looking at the contents using "rsync -l" the access
file has a time-stamp of:

-rw-r--r-- 311351157 2009/04/28 08:15:29 access


Regards,
David Bolt

--
Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s
openSUSE 10.3 32b | openSUSE 11.0 32b | |
openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b |
openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 | TOS 4.02

rts

unread,
Apr 29, 2009, 7:15:27 PM4/29/09
to
Thank you David for reminding me of the detailed page listing the IP
addresses.

Radomir

On Apr 29, 1:25 am, "David W. Hodgins" <dwhodg...@nomail.afraid.org>
wrote:


> On Tue, 28 Apr 2009 16:03:36 -0400, <""Radomir <"Tomis" <Radomir"<DOT"""@ns.felk.cvut.cz>to...@elcomdot.cz>> wrote:
> > I'm trying to find which IP addresses are black-listed by UCEPROTECT
> > within this network:
> >   85.207.0.0/16
> > with 379 "Level 1 listed spammers within the last 7 days":
> >  http://www.uceprotect.net/en/rblcheck.php?asn=25248
> >   [Start Testing]
>
> I don't know about rsync, but at the bottom of the above page
> is a link with the details.
>
> Copy/paste of the addresses starting with 85.207 currently
> shows 382 ip addresses.


--

0 new messages