[SURBL-Discuss] Notification of Blacklist Status

Petros Kolyvas pk at shiftfocus.ca
Sat Jul 4 08:05:03 CEST 2009



--
ShiftFocus Media
for arts and education

Phone: 514.667.9778 ext. 231
Fax: 866.850.5451

42 Milner Street
Montreal, Quebec
H4X 2H5

On 2009-07-04, at 12:39 AM, SURBL Role <surbl.role at gmail.com> wrote:

> On 7/3/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>>
>>
>>> On 7/3/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>>>>
>>>>> To be clear, the owner of the phished brand usually makes very
>>>>> thorough efforts to contact the site owner or web host to let them
>>>>> know about it and to ask them to correct the problem.
>>>>
>>>>
>>>> If you've been reading the discussion, you'll know that's not the
>>>> case
>>>> in this case - and further points that our site was never used for
>>>> any
>>>> phishing.
>>>
>>> That's not correct.   The site reportedly appeared in phishing
>>> messages.
>>
>>
>> To be clear, had some due diligence been done it would be noted that
>> it was the shared server which was compromised and not the domain
>> itself. I would suggest that some research would show that many
>> domains on that shared host are on this particular blacklist and that
>> it had nothing to do with the domains themselves. Which furthers my
>> point that the domain owners, in this particular case, are being
>> unfairly punished when a more direct solution — ie. contacting a
>> shared host that has produced a large number of compromised domain 
>> s —
>> would have greater effect.
>
> The domain would not have been listed unless the site appeared in
> phishing messages.

Please re-read what I wrote above. Read it again.  Then read it once  
more. There are people who can help if English comprehension is  
something that needs to be worked on.

Do it for the children.

>
>>>>>> Our host even claimed that: The domain is not directly hosting  
>>>>>> the
>>>>>> phishing attack. Due to the fact that the server is running  
>>>>>> UserDir
>>>>>> functionality, other user accounts can be accessed through the /
>>>>>> ~username path. My ISP has confirmed that the UserDir  
>>>>>> functionality
>>>>>> will be removed from all server within 48 hours.
>>>
>>> Translation: your site was used for phishing, with a name like
>>> www.mydomain.com/~username
>>>
>>> Your host is trying to tell you exactly that.
>>
>>
>> Actually that is what my host asked me to tell that to the SURBL
>> whitelisters. Additionally, the host isn't saying our site was used
>> for phishing but rather the shared sever allowed any site on it to
>> appear to be the culprit when the domains themselves, in fact, were  
>> not.
>>
>> Furthermore, they [our host] weren't trying to tell us anything. They
>> were trying to tell SURBL something and it wasn't enough. So much so
>> that despite being very proactive in this case, nothing at all has
>> happened; with the exception of the creation of some interesting
>> logical fallacies.
>>
>> To be even clearer, this whole process is so obviously flawed we have
>> spent the afternoon telling each of our clients that in order to
>> continue working with us via e-mail they will need to stop using the
>> SURBL lists. Thankfully this was not an issue and they were happy to
>> comply.
>>
>> When calm reasoning is not even considered, it's time to stop  
>> reasoning.
>
> We are waiting for the answer to two simple, reasonable questions:
>
> 1.  Is the phishing site down?
> 2.  Has the server been secured?

A broken record should be thrown away.

> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss

I still applaud the effort. I just cringe at the implementation.

Good night and good luck.

Petros Kolyvas


More information about the Discuss mailing list