|23rd June 2007
Its been a long time since the news has been updated, mainly because all the staff have been busy.
SORBS v2.0 is nearly ready for release. Some functions need to be updated, but as you can see the new
style of page is nearly complete.
|19 November 2005
Wanadoo NL have indicated that SORBS can no longer be hosted free of charge in their data center, which leaves SORBS without a server in
Europe. To this end SORBS is evaluating options, but is likely to take up paid hosting, and therefore is likely to need to start charging for
Services (probably following the Spamhaus model). More on that later.
|28 February 2005
New web site site deployed!
The new US server blew a power supply, however Dmitry Maslov (eBay seller: dm4919) replaced it by priority mail with no questions, what can I say, but what
Finally our new templating system is working, and with the Cascading Style Sheet changes, the site is pretty much the same layout on each page.
A number of new people have joined the SORBS administrators teams to help with answering tickets. There is still a large backlog though.
SORBS is looking at deploying a priority 'Support' service - this will require payment, and will be for where people consider themselves so important they
need to jump to the front of the queue. More on that when the documentation is completed.
|16 February 2005
Many things have occurred since the last update, including, but not limited to:
- The SORBS site has undergone a redesign to make it standards compliant.
- Nearly all the SORBS machines have been upgraded.
- Request Tracker (the SORBS ticketing system) has been made publicly accessible.
- The European Servers have been updated thanks to Wanadoo NL (who unlike their French counter parts are highly clueful and anti-spam)
- Michele got ripped off on eBay whilst trying to upgrade the servers (story and details: here)
- The US server has finally been upgraded.
- Sun Microsystems are in the process of upgrading the SORBS central database server with a new Sun V20z and storage array.
- SORBS has deployed a new front end mail server based on the AMD64 platform, and currently it has handled everything thrown at it without breaking a sweat!
|5 June 2004
It has been a long time since last update. The DDoS box never returned, however the DDoS attacks
stopped immediately after the much-publicized 'FooNet'
arrests in February 2004. Hooray for the FBI!
The SORBS DNSbl programmers have been busy working on the soon-to-be-released SORBS spam firewall - keep
watching for that one.
The new SORBS lookup function and daemon is ready for release, along with a new layout site, which will
aid future changes and deployments.
|25 November 2003
The anti-DDoS box was damaged in transit and has therefore been sent back for repair.
The SORBS DUHL has been merged with the EasyNet.nl Dynablock list and been renamed to the
SORBS DUHL which more accurately describes its purpose. The DNS zone name is not expected
to change though.
The spamtraps have been semi-automated and this is causing problems because virus-infected
emails can be responsible for ISP mail servers getting listed. However, should any ISP inform a SORBS administrators
of such a listing (where a virus has been delivered to the spam database), that entry will be
removed immediately and without question. Headers will be provided to help identify
the infected user.
SORBS has implemented a call tracking system to help give better responses to end users
who find themselves blocked.
|26 September 2003
Still getting DDoSed. Although the anti-DDoS box has arrived, we have not been
able to deploy it yet.
A US mirror is now online. This is round robin'd at http://www.dnsbl.dev.sorbs.net/
or is available directly at: http://www.dnsbl.us.sorbs.net/.
Important notice for Sendmail users: The Using SORBS
page had an error and has been updated with the correct information. Please check
and update your configurations.
|1 September 2003
SORBS has entered into an agreement with Melior, Inc, and will soon
test their iSecure product. The
product looks effective and, if it works, we think we will see massive improvement in the availability of SORBS throughout
any DDoS attacks.
We'll update this page with details of how effective it is, when the product is delivered and deployed.
|31 August 2003
The Distributed Denial of Service (DDoS) attacks are still occurring and have had massive impact on all our upstreams thus
service is intermittent. Sorry, we are doing all we can. So far the block list has not been affected due to redundancy and this includes
the SPEWS zones.
Paul Vixie of MAPS fame has offered, and is now hosting, a new SORBS secondary. This is strategically located on the net to
provide fast reliable lookups and we think it will survive the latest rounds of DDoS attacks.
Automated re-testing and removal has been suspended whilst DDoS attacks occur on the network. This also applies to the manually administered
databases. Therefore, if you are listed, you will not be de-listed during these attacks.
|3 August 2003
Well, SORBS has been DDoS'd for the last few days. A couple of ISPs in the USA, who
had a number of the hosts participating the DDoS, ignored SORBS complaints because of the 'high handed attitude of SORBS'.
These ISPs will remain nameless this time, but should there be a next time, will be publicly censured... The message
from SORBS is simple: Allow your users to break the law and you break the law yourselves. Regardless of your thoughts about SORBS
and its administrators, you have no right to knowingly allow your users to break the law.
High handed, yes maybe... Harsh... yes sorry, but this needed to be said since you chose to allow your users to continue a DDoS attack after being notified
- that is criminal.
Needless to say, SORBS is looking for more sponsors and welcomes approaches from anyone who is willing to allow SORBS to host public secondary
DNS servers. People wishing to help, but without the means to provide hosting, may now make monetary donations to SORBS. Please use
the mail form and contact Michele Sullivan for details. Note that neither sponsorship of nor donations to the SORBS cause will gain you any
special privileges. Should you get listed in the Spam DB and wish to be de-listed, you will be required to follow the rules the same as everyone
else. There will ne no exceptions.
|23 July 2003
Another day, another logo... this time it seems to have been met with approval. So the logo has been
made into a button for end user web pages. You are encouraged to make use of the button and place it
on your contacts (or home) pages.
To use the button use the following:
<A HREF="http://www.dnsbl.sorbs.net/"><IMG SRC="http://www.dnsbl.sorbs.net/images/sorbsbtn.gif" BORDER=0 ALT="Protected by SORBS"></A>
This will produce the following button:
Impending Policy Change:
It has been discussed and decided that those who incur the SORBS 'fine' should have the option of paying it into charities
other than the 'Joey McNicol Legal Defense Fund'. Therefore, as soon as arrangements
can be made, SORBS will be offering a choice of destinations for any 'fine' paid.
Current charities being looked at are:
Other charities are being considered although these are the current favorites. Suggestions for additional charities are welcome. However,
in order to be considered, a charity must:
- Be a registered charity.
- Be able to accept online payments.
- Be able to respond quickly to SORBS with details of confirmed payments.
- Be able to accept Credit Card payments (online or not).
|17 July 2003
Well, some idiot(s) are attempting to take SPEWS offline
by Denial of Services (DoS), both brute force and selected service methods. The brute force
method, as always, is easy to block; just involves getting upstreams to filter and trace the attacks.
As one of the SPEWS mirrors is hosted at SORBS, this is
having a knock on effect.
The selected service methods are also simple to block as the applications concerned
usually contain access controls of some sort. In this case a simple script picks up
the addresses of the attacking IPs and automatically submits them to the firewall.
As an aside, after a cursory inspection it appears the attacking machines are all
'BackOrificed'. Consequently they are all now being automatically listed in the SORBS
Hacked/Vulnerable Server database (web.dnsbl.sorbs.net).
As retaliation to the DoS, SORBS has decided to further the cause of SPEWS
by offering two new SORBS databases:
l1.spews.dnsbl.sorbs.net - SPEWS Level 1 Block list
l2.spews.dnsbl.sorbs.net - SPEWS Level 2 Block List
Neither of these are included in the main SORBS databases or aggregate zones.
As with the other SORBS zone files, they are rsync'able.
Automated Reports are now being generated and sent to ISP's requesting such information.
To get a report, please have your abuse department or AS contact send a list of address ranges in CIDR
format to Michele Sullivan using the Mail/Contact Form. Be sure to include the email address where you want the report sent.
Note: For security, contact will be established before reports are generated. Also
Netblock-s without whois information directly referencing your ISP will not be reported