Planetfurry BBS Forum Index Planetfurry BBS
Forums for Planetfurry Site Members and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   DonateDonate   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Infected, Malicious, and Spammer Systems Block

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Planetfurry BBS Forum Index -> System News
View previous topic :: View next topic  
Author Message
Whip-lash
Kneel before me... for I am Root!


Joined: 20 Nov 2000
Posts: 562

PostPosted: Thu Jul 08, 2004 11:30 am    Post subject: Infected, Malicious, and Spammer Systems Block Reply with quote

EFFECTIVE IMMEDIATELY

The following rules are now in place concerning network and port level blocks for traffic coming from virus infected system:
  • 1-5 messages with an actual known virus - SMTP port block from originating IP
  • 6-10 messages - Block all ports except HTTP*
  • 11+ messages - Full network block
(note: duration of block in this ruleset should be assumed permanent, but will be handled on a case by case basis)

This next ruleset concerns blocks on systems with assumed or actual malicious intent:
  • Rapid, short term hits on dangerous ports (SMB, etc.) - Temporary 2-hour full network block
  • Continuous hits on same dangerous ports - Permanent full network block
  • Port scans, DoS attacks, etc. - Full network block (time period will vary depending on the type of attack, duration, etc.)
  • Bruteforce login attacks - Full network block (time period will vary depending on the authentication system, duration of attack, etc.)

This final ruleset concerns blocks on Spammer systems:
  • Originating network addresses or blocks owned or operated by Spam Houses - Full Network Block (duration will depend on how long the address or block is listed in specific RBL's)
  • All messages with a calculated SpamAssassin score of at least 4, or otherwise marked as spam - SMTP port block (duration to be handled on a case by case basis)

(note: the virus ruleset supersedes the spammer ruleset, since many messages detected as viruses are detected as spam as well)

This may seem to be a little extreme, however with the current state of system security, and the lack of responsible antivirus management of both personal and corporate machines, I have been forced to implement this rule.

To prevent your system or gateway from being blocked, I highly recommend installing a virus scanner, keeping both your system and antivirus signatures up to date, and performing regular, complete antivirus scans. If your system is already infected, disinfect it, or have someone else clean it for you. Also make sure it is clear of spyware.

If you are an advertising or spam firm and have been blocked, tough luck.

I will be discussing with other administrators (including the Planetfurry Administrative Staff, and other domain name site owners) concerning whether the blocked network addresses should be made publicly available, what data standard should be used, etc.

If you have any questions or comments concerning this new policy, please send me an email, private message, or leave a message in the Systems Block Policy Discussion thread. If you need to contact me through other means (such as if you are being blocked through email, etc.), please try the following contacts:
  • Email: [email protected]
  • Private Message: here
  • Fax: 1 (603) 954-0067
  • Mail: 2891-B Walnut View Ct.
    Attn: Planetfurry Admin Staff
    Winston-Salem, NC 27103


* This will not be the normal webserver, but a forward to a static web server containing a message describing why you are blocked, etc., and contact information to possibly be unblocked.

Edit: spam ruleset modified to be more strict to check all messages (not just 6+) from an IP with a score of at least 4 (instead of greater than 5), or is otherwise determined as spam through a blacklist, bayesian classification, etc.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Planetfurry BBS Forum Index -> System News All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group