Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
http://www.DNSstuff.com/tools/lookup.ch?domain=example.com.multi.surbl.org
If so, would you please let them know this is not the right way to query our SURBL lists.
It's possibly malware, but more likely some new misbehaving application being run on end user client machines (dsl lines, etc.).
Jeff C. -- Don't harm innocent bystanders.
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
http://www.DNSstuff.com/tools/lookup.ch?domain=example.com.multi.surbl.org
If so, would you please let them know this is not the right way to query our SURBL lists.
It's possibly malware, but more likely some new misbehaving application being run on end user client machines (dsl lines, etc.).
You might try contacting Scott Perry, creator/maintainer, at "info at dnsstuff.com".
Bill
On Thursday, July 7, 2005, 9:36:51 AM, Bill Landry wrote:
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
http://www.DNSstuff.com/tools/lookup.ch?domain=example.com.multi.surbl.org
If so, would you please let them know this is not the right way to query our SURBL lists.
It's possibly malware, but more likely some new misbehaving application being run on end user client machines (dsl lines, etc.).
You might try contacting Scott Perry, creator/maintainer, at "info at dnsstuff.com".
Bill
Actually Scott was the one who contacted me about it. He thinks it could be malware or perhaps a program to check web sites from Firefox. In any case it appears to be very poorly implemented, based on Scott's description of the behavior.
Jeff C. -- Don't harm innocent bystanders.
Jeff Chan wrote in http://mid.gmane.org/41160649.20050707074952@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
No. I just tested it (1), read Bill's reply, tested it again (2), and then I tried the "for details click here link" (3).
That resulted in an error page about rate limiting. So they do have "something" to limit queries. I can't check it, I'm now blocked - maybe an unnecessary "pragma nocache" caused it.
Bye, Frank
On Thursday, July 7, 2005, 3:15:18 PM, Frank Ellermann wrote:
Jeff Chan wrote in http://mid.gmane.org/41160649.20050707074952@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
No. I just tested it (1), read Bill's reply, tested it again (2), and then I tried the "for details click here link" (3).
That resulted in an error page about rate limiting. So they do have "something" to limit queries. I can't check it, I'm now blocked - maybe an unnecessary "pragma nocache" caused it.
Bye, Frank
Scott's deliberately rate limiting queries to try to track back the source of them. He's hoping someone will notice their poorly written application is breaking and will contact him.
Jeff C. -- Don't harm innocent bystanders.
On Thursday, July 7, 2005, 5:23:53 PM, Jeff Chan wrote:
On Thursday, July 7, 2005, 3:15:18 PM, Frank Ellermann wrote:
Jeff Chan wrote in http://mid.gmane.org/41160649.20050707074952@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
No. I just tested it (1), read Bill's reply, tested it again (2), and then I tried the "for details click here link" (3).
That resulted in an error page about rate limiting. So they do have "something" to limit queries. I can't check it, I'm now blocked - maybe an unnecessary "pragma nocache" caused it.
Bye, Frank
Scott's deliberately rate limiting queries to try to track back the source of them. He's hoping someone will notice their poorly written application is breaking and will contact him.
Jeff C.
FWIW Scott has traced the lookups to a very poorly implemented web site checker (probably looking for phishing sites) for Firefox. I'm asking him for more details.
Jeff C. -- Don't harm innocent bystanders.
On Friday, July 8, 2005, 4:55:18 PM, Jeff Chan wrote:
On Thursday, July 7, 2005, 5:23:53 PM, Jeff Chan wrote:
On Thursday, July 7, 2005, 3:15:18 PM, Frank Ellermann wrote:
Jeff Chan wrote in http://mid.gmane.org/41160649.20050707074952@surbl.org
Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in:
No. I just tested it (1), read Bill's reply, tested it again (2), and then I tried the "for details click here link" (3).
That resulted in an error page about rate limiting. So they do have "something" to limit queries. I can't check it, I'm now blocked - maybe an unnecessary "pragma nocache" caused it.
Bye, Frank
Scott's deliberately rate limiting queries to try to track back the source of them. He's hoping someone will notice their poorly written application is breaking and will contact him.
Jeff C.
FWIW Scott has traced the lookups to a very poorly implemented web site checker (probably looking for phishing sites) for Firefox. I'm asking him for more details.
Here is the borkenware:
https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&i...
Due to Scott's actions it is no longer functional as written. I am leaving a comment on the board there:
Please contact SURBL
by Jeff Chan, Friday, July 8 2005
Your concept is good, but implementation poor. Please DO NOT query the dnsstuff.com site to do DNS resolutions. That's a wrong, abusive way to do DNS resolution. Please see: http://www.surbl.org/implementation.html for the proper way to use SURBL lists or contact us at: http://www.surbl.org/contact.html if you need some advice. Jeff Chan SURBL
Jeff C. -- Don't harm innocent bystanders.