Discuss mailing list

[kevin <krattai AT gmail.com>]

I would contact the server operator and have them kill the bot.

Kevin

On Wed, 2017-01-04 at 14:23 -0600, JC wrote:
> i agree with the sentiment of not censoring anyone... but when malware
> traffic is out to cause harm.. i feel there is a duty to prevent that
> harm.. i would have no problem with the Access control in this case...
> but that's just me.   i would not be upset either way to be honest.  
> 
> On Wed, Jan 4, 2017 at 1:53 PM, Fusl Dash <opennic AT lists.dedilink.eu>
> wrote:
>         
>         
>         -------- Forwarded Message --------
>         Subject: Re: FINAL REMINDER: Malware DNS server at
>         185.121.177.177 [SBL325026]
>         Date: Wed, 4 Jan 2017 20:50:19 +0100
>         From: The Spamhaus Project - SBL Removals
>         <sbl-removals AT spamhaus.org>
>         Organization: The Spamhaus Project
>         To: Kevin Holly | FuslVZ Ltd <holly AT fuslvz.ws>
>         
>         Hello Kevin
>         
>         Thanks for contacting Spamhaus!
>         
>         Looking into the malware's botnet trafic, it appears that it
>         is using
>         your DNS server to resolve .bit domain names. So the easiest
>         way to
>         prevent that the malware can communicate with it's botnet
>         controller
>         (C&C) would be to create an ACL for the said botnet C&C domain
>         (nutsystem325z.bit) to prevent that it is being resolved
>         through your
>         DNS server.
>         
>         Please understand that we are unable to remove this listing
>         unless the
>         documented abuse problem has been fully terminated.
>         
>         If you have any further questions, please do not hesitate to
>         contact us.
>         
>         --
>         Best regards
>         Thomas Morrison
>         
>         SBL Removal Team
>         The Spamhaus Project
>         Geneva, Switzerland
>         http://www.spamhaus.org
>         
>         On 04.01.2017 16:42, Kevin Holly | FuslVZ Ltd wrote:
>         > Dear madam or sir,
>         >
>         > the DNS resolver in question is a *recursive* DNS resolver
>         and part of the OpenNIC Project
>         (https://www.opennicproject.org/ - alternative root-zone)
>         responsible for offering *the* uncensored, open and democratic
>         DNS system and root-zone that people need in this world right
>         at this moment.
>         >
>         > › dig +short NS nutsystem325z.bit. @185.121.177.177
>         > ns1.domaincoin.net.
>         > ns2.domaincoin.net.
>         > -> ns1.domaincoin.net. and ns2.domaincoin.net. are
>         authoritative for nutsystem325z.bit.
>         >
>         > › dig +short A ns1.domaincoin.net. @185.121.177.177
>         > 83.96.168.183
>         > › dig +short A ns2.domaincoin.net. @185.121.177.177
>         > 108.61.40.140
>         > -> Neither ns1 nor ns2 are in any way associated with my
>         server 185.121.177.177
>         >
>         > › dig +short A nut22.nutsystem325z.bit @83.96.168.183
>         > 202.78.227.61
>         > › dig +short A nut22.nutsystem325z.bit @108.61.40.140
>         > 202.78.227.61
>         > -> ns1.domaincoin.net. and ns2.domaincoin.net. are
>         authoritative for this and therefore answer with the A record
>         in question.
>         >
>         > The .bit DNS zone authoritative for the domain in question
>         is hosted by Namecoin, a blockchain based information network
>         similar to how Bitcoin transactions are executed, therefore
>         there is no single point of failure or person or company who
>         is able to manage or censor any domains.
>         >
>         >
>         > Best regards,
>         >
>         > Kevin Holly | Chief Executive Officer
>         >
>         > kevin.holly AT fuslvz.ws | +43 699 1334 7295
>         >  _____          ___     _______
>         > |  ___|   _ ___| \ \   / /__  /
>         > | |_ | | | / __| |\ \ / /  / /
>         > |  _|| |_| \__ \ | \ V /  / /_
>         > |_|   \__,_|___/_|  \_/  /____|
>         >
>         >
>         > On 2017-01-04 16:08, notification AT spamhaus.org wrote:
>         >>
>         
> ------------------------------------------------------------------------
>         >> This is an automated message from the Spamhaus Block List
>         (SBL) database.
>         >> Do not reply to this email directly. Please follow the
>         'Removal Procedure' shown on the SBL Advisory page (referenced
>         below) instead.
>         >>
>         
> ------------------------------------------------------------------------
>         >>
>         >> Dear Sir or Madam
>         >>
>         >> In the past weeks, Spamhaus reached out to you several
>         times regarding the following abuse issue in your network:
>         >>
>         >> SBL Advisory: https://www.spamhaus.org/sbl/query/SBL325026
>         >>
>         >> We have already sent an abuse report to you regarding this
>         abuse problem on 2016-12-16 as well as a reminder on
>         2016-12-27. However, we still didn't received any response
>         from you regarding this abuse issue and as of today the
>         described abuse problem still exists, threatening thousands of
>         innocent internet users.
>         >>
>         >> We hereby kindly ask you once again to take the appropriate
>         action according to your ToS/AUP at the earliest convenience
>         to p
>         >>  revent further abuse being generated on your network.
>         >>
>         >> This is our 3rd and last reminder. Since the ongoing
>         persistence of this abuse issue and your unresponsive
>         behaviour, Spamhaus currently considers your network as
>         harmful and risky to Spamhaus SBL users. Should your company
>         fail to address the described abuse problem within the next 24
>         hours, Spamhaus will issue an escalation listing for your
>         network, per SBL escalation policy for 'knowingly providing
>         spam support services'. This escalation may take effect in 24
>         hours time.
>         >>
>         >> Spamhaus SBL Policy & Listing Criteria:
>         >> http://www.spamhaus.org/sbl/policy.html
>         >>
>         >> Please be aware that a listing on the SBL means that email
>         from the IP addresses listed (or containing references to any
>         web site hosted on the IP addresses listed) may be rejected by
>         Internet networks that use the SBL to filter inbound mail.
>         >>
>         >> Please take action quickly.
>         >> Thank you.
>         >>
>         >> --
>         >> SBL System Robot
>         >> The Spamhaus Project
>         >> http://www.spamhaus.org
>         >>
>         
>         
> 
> 
> 
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

-- 
http://ca.linkedin.com/in/kevinrattai/

https://plus.google.com/+KevinRattai/

https://community.spiceworks.com/people/kevinrattai