[SURBL-Discuss] URL Shortener Abuse Data

Ron Guerin ron at vnetworx.net
Fri Mar 23 22:32:42 CET 2012


On 03/23/2012 05:47 AM, SURBL Whitelisters wrote:

> Thanks for some interesting research.  One thing we might caution about
> is forming an unintentional feedback loop with abusers.  If abuse information
> is provided publically then it can be used by the attackers to improve their
> attacks.  We don't know that it's happening in this case, but it's something
> to be aware of.

Is the concern that I'm publishing the list as opposed to requiring a
specific query to answer?  My intent has been to share abuse data among
sites running my source code (potentially, after considering reputation
issues), since I don't want to run a DNS lookup service for all my code
users or be a central point of failure with the abuse data.

I don't feel I'm being particularly revealing here since I'm not
disclosing how I end up deciding those IPs and those domains are
abusive.  But,... my code all gets released as Open Source, so that too,
will become publicly available knowledge soon.

Since I started collecting instead of ignoring this data about 20 hours
ago, the number of base domains involved in the abuse has only gone up
to 246, only a few more than where it had been last night.

The number of IP addresses involved in this (bot) abuse continues to
rise.  It's at 6932 right now.  It will be around 6945 by the time this
message gets distributed by the mailing list.

- Ron



More information about the Discuss mailing list