2012
05.29
Currently, blocklist.de has the following Stats/User:
User: 512
Server: 616
Attacks: 30,877,685
Reports: 3,014,395
Daily Mails: ~410229
Web-Traffic: ~79 GB
RBL-/API-Traffic: ~160 GB
Mail (In/Out)-Traffic: ~34 GB
Traffic over IPv6 (Mail, Web..): ~2GB
To this data, there comes 6TB Traffic between the Web-/Mail-Server and the MySQL-Server. The MySQL-Server sends over 7.1 GB each Hour out.
The Mysql-Server use now 41% from 32GB Ram. And the System-Load is in average on 0.34 (after the last maintance with setting new Indexes).
The WebServer is using not full of 8GB Ram and the System-Load is average on 2 (the Cronjob-Intervall was reduced). The open Connections are 7685
-google-ads-
2012
05.15
We have found a leak-Site on there a User have posted a Mail from hideme.ru.
Original:

Translated via google to English:

You can see, that he list BlockList.de to one of the Blacklist which the User does not insert there VPN-IP 🙂
-google-ads-
2012
05.09
In earlier Posts we have write over nobistech AS15003 here:
Nobistech – ubiquityservers
We see a long time that only Squid-Proxys (Version from 3.1.4 to 3.1.9) with SSH on the
Port 2382
and with the Domain ipvnow.com with no sites (linked to a enom-buy-site) in the Reverse-DNS….
We have 1,406 Records to IPs with the rdns hase ipvnow.com in the host.
262 with ns0.ipvnow.com
We think the Customer behind is the User „keliix06“.
We have send to abuse AT nobistech.net only for the last 8 Days ~500 Reports and we send only all 24 hours for each ip/attack one report…
Now, we have blocked the complete IP-Range permantly:
173.234.225.0 – 173.234.227.255
in the all-Export-List and in the RBL.
We have informed nobistech too in the same time we public this article.
-google-ads-
2012
05.07
Ein kurzes aktivieren der Logs auf einem der mittlerweile 4 RBL-Server hat gezeigt, das in 2 Minuten mehreer hundert unterschiedliche (unique) IP-Adressen (hauptsächlich DNS-Server) die RBL-Listen von blocklist.de abfragen.
Je nach Liste, welche nach Service-Diensten/Arten aufgesplittet sind, umfassen diese im Durschnitt über 6.000 IP-Adressen.
Wie man die RBL-Listen von blocklist z.B. selbst im Postfix, Amavis, Policyd oder Apache einsetzten kann ist unter folgender URL im Forum beschrieben:
https://forum.blocklist.de/viewtopic.php?f=11&t=17
Aktuell unterstüzten die RBL-Server noch kein IPv6, da müssen wir auf Updates vom Hersteller warten.
Bei Fragen, Anregungen oder Wünschen einfach ins Forum posten 😉
-google-ads-
2012
05.07
After our last notice we have build a new Check after the „normal“ Whitelist and other Checks.
Now, we look into the DNSBL from sectoor.de and exitlist.torproject.org for the spaming IP, when the Attack-Typ is RegBot or BadBot.
When the Tor-Server is in the dnsbl, but not in our Whitelist we received a notification to check the Tor-Server and block them permanently from our Honeypot-systems or whitelist them.
This make the way from tor-Server-Admins easier.
-google-ads-