A message to ignorant sysadmins about type 17
Dear ignorant system administrators,
Lately I am getting a lot of removal requests with comments in them that they fixed the email spam source while the reason they are listed is because their servers are usable as open proxy. The comment itself already shows you are not reading what the message above the removal request says and are simply filling in the form.
Lemme explain again what type 17 means. It is a collection of hosts found by scrapers on several proxy listing sites such as xroxy, spy.ru, several proxy blogspots, proxynova and similar sites, they or the submitters have tested your ip and found a way to use your server as proxy. They did not check if your mailserver allows relaying! So any excuse stating that you 'fixed' some spam issue is lame. Ok, it does make the recipients of the spam happy as they will no longer receive it from your servers, but not us, as the real issue why you have been listed is NOT spam. We got other classes for that (6 for example).
If you really can't find additional unwanted proc's on that box, check your damn apache if you use mod_proxy and check if thats the culprit by allowing a CONNECT statement. As you could have read in your apache documentation you should limit it in the following way (this is the case if you use stuff like chiliasp/tomcat/jsp/whatever proxied through apache):
<Proxy *>
order allow,deny
deny from all
allow from <your network>
</Proxy>Another reason why you may have been listed as type 17 would be that an irc connection on a certain network has been found which has been associated to drone activity. So should the previous be not the case, then just fill in the removal request and ask. Also check your network for outgoing TCP connections towards ports 6667, or check if you got a process that generates IRC protocol specific requests like NICK/USER/JOIN/PRIVMSG/NOTICE/ISON using tcpdump or alikes.
Also remember that we only deal with requests from the responsible for that ip in question administrator, so if you are actually just a user on that box that wants to complain why he can't get on irc, then look in the mirror first if you know thats a proxy before even trying!
Kind regards,
Alexander Maassen
Maintainer of DroneBL
outsider / Nov-28-2011 12:53:42 GMT
Comments for A message to ignorant sysadmins about type 17
These are comments for the above post. You may add your own comment below!
Riking said on Apr-15-2013 15:52:42 GMT :
The number of bot comments on here is amusing.
Bill said on Apr-15-2013 18:03:36 GMT :
Agree with Riking - on a page complaining about bots, the number of comments that were placed by bots is hilarious. Talk about being sloppy...
Alexander Maassen said on Apr-28-2013 17:13:52 GMT :
I know... recaptcha has become useless against them.. will look for something else soon
substance abuse counseling degree said on May-14-2013 06:11:03 GMT :
Another reason why you may have been listed as type 17 would be that an irc connection on a certain network has been found which has been associated to drone activity. So should the previous be not the case, then just fill in the removal request and ask. Also check your network for outgoing TCP connections towards ports 6667, or check if you got a process that generates IRC protocol specific requests like NICK/USER/JOIN/PRIVMSG/NOTICE/ISON using tcpdump or alikes. substance abuse counseling degree
Kristin Watson said on May-15-2013 01:37:26 GMT :
That was really good news for removing those email spam. Thank you for sharing this info. pmp certification preparation
natural latex mattresses said on May-15-2013 11:39:56 GMT :
Also remember that we only deal with requests from the responsible for that ip in question administrator, so if you are actually just a user on that box that wants to complain why he can't get on irc, then look in the mirror first if you know thats a proxy before even trying!natural latex mattresses
said on May-16-2013 12:44:39 GMT :
Once I thought about things like: why such information is for free here? Because when you write a book then at least on selling a book you get a percentage. Thank you and good luck on informing people more about it! iPhone 6 Features
said on May-16-2013 13:04:46 GMT :
it's really nice and meanful. it's really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information. gig
said on May-16-2013 13:08:29 GMT :
Wow! What an eye opener this post has been for me. Very much appreciated, bookmarked, I can’t wait for more! eu-voices.eu
for structured settlement said on May-16-2013 13:11:09 GMT :
So should the previous be not the case, then just fill in the removal request and ask. Also check your network for outgoing TCP connections towards ports 6667, or check if you got a process that generates IRC protocol specific requests like NICK/USER/JOIN/PRIVMSG/NOTICE/ISON using tcpdump or alikes for structured settlement
said on May-16-2013 13:46:11 GMT :
Also remember that we only deal with requests from the responsible for that ip in question administrator, so if you are actually just a user on that box that wants to complain why he can't get on Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information.WP Signal Tracker Review
free web hosting said on May-16-2013 15:40:12 GMT :
You might comment on the personal credibility of the blog. You should index it's marvelous. Your blog feelings should accelerate your colleagues. free web hosting
Texas Drivers Ed said on May-16-2013 19:18:01 GMT :
"Great tips and very easy to understand. This will definitely be very useful for me when I get a chance to start my blog. Texas Drivers Ed
said on May-17-2013 08:10:26 GMT :
Hey – great blog, just looking around some blogs, seems a really nice platform you are using. I’m currently using WordPress for a few of my blogs but looking to change one of them over to a platform similar to yours as a trial run. Anything in particular you would recommend about it Coach Hire
said on May-17-2013 08:21:51 GMT :
Thanks very much for this great article;this is the stuff that keeps me going through out these day. BARI
said on May-17-2013 10:04:04 GMT :
Thanks for writing such a good article, I stumbled onto your blog and read a few post. I like your style of writing... Lifestyle
said on May-17-2013 10:44:00 GMT :
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon. View Logos
said on May-17-2013 11:00:09 GMT :
it's really nice and meanful. it's really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information. Local SEO Services
james said on May-18-2013 20:04:42 GMT :
while the reason they are listed is because their servers are usable as open proxy. The comment itself already shows you are not reading what the message above the removal request says and are simply filling in the form. buy likes
josep said on May-20-2013 13:12:51 GMT :
Parents Forum, a nonprofit organization focused on developing emotional awareness, offers parents, children, and caregivers an eight-question social curriculum to better understand Chronic Rhinitis
enlargement pill said on May-22-2013 09:22:14 GMT :
I have been exploring this topic for a some long time. You have offered great information in your post and some things I have not seen in other content I have read by my friends. pills that work | natural breast enhancement
