Actually he didn’t, but if I was to ask him about this theoretical event his response would definitely be on the negative side.

What it comes down to is this: blbl.org sucks quite a bit of power out of my server in both memory use and CPU time. (The bandwidth is probably negligible, but the worry of some blog spammer getting his knickers in a twist and performing some kind of DDoS is always at the back of my mind.) It hammers the disk (the main database tables contain 18 million and 6 million rows respectively, and that’s not taking into account the tables used to accumulate the data people submit) and generally slows everything down. I’m getting fed up of having to field questions like “why is your gallery down?” because of it.

On top of all of that, I seem to end up spending more time than I’d like looking after the whole (admitedly shaky) set up. If blbl.org was represented on paper, it would be a Heath Robinson machine. Frankly SpamKarma2 does a pretty damn good job of trapping spam by itself, WordPress has anti-spam stuff in it and there are plenty of other plugins which do a decent job too.

Looking at the stats from rbldnsd(8), I was fielding about 400 queries every five minutes (i.e. just over one per second) for the IP blacklist, and I was getting about a 10% hit rate. I guess that’s not so bad, but I’ve no idea how much of the comments posted on all blogs ever (or all blogs that might use blbl.org) is spam. If it’s 10%, then I guess I was doing ok, but I suspect that it’s probably more than that. Based on the flood of submissions (which often ran to 200/sec), I’d say it’s not that effective anyway.

The stats for the URL blacklist are worse – roughly 100 queries every five minutes and less than four hits in the same period.

So, I’ve shut it off. blbl.org is now firewalled off to save my webserver from even having to attempt to serve requests. In about a week, the scripts that generate the blacklist data for rbldnsd will decide nothing should be listed any more. I’ll leave that running for now because otherwise it will have an impact on people’s blogs. 200+ submissions a second tells me I could potentially screw up a lot of blogs :) I certainly won’t be doing anything like returning a positive hit for all queries and saying “well you should have noticed that blbl.org was shutting down!”

In due time, I’ll shut down rbldnsd too, but that’ll be a while yet. If you’re using the SpamKarma2 plugin for WordPress, or any other RBL lookup plugin on any blog software at all, please remove blbl.org from the lookup list (bl.blbl.org and uri-bl.blbl.org).

I would say it’s been fun, but I’m not sure that applies :) It’s certainly been interesting from many perspectives. I’ve had to figure out how to run an RBL, write scripts (and rewrite) them to handle large volumes of submissions, process large quantities of data, and so on. I never even got round to writing a proper website for it (not that you can look now, since I’ve blocked it). I hope that in the time it’s been running I’ve helped stop at least a little bit of spam, and stuck two fingers up at the people who go around filling people’s blogs with unnecessary “comments” about poker, transexuals, lesbians and bestiality. There are plenty of people who write their own blogs about that. Actually, I think that’s called myspace or something :fry:

In the time it’s been running, especially since I posted last about the detrimental effect blbl.org was having on my server (and thus all my other sites), I’ve had a couple of offers from people for more hosting. I’ve decided not to take them up in the end (although I am very grateful) because leaving this project is as much about my personal time as anything else. When I had more free time (like when I was a student) I happily created many complex projects for myself, but nowadays I want to keep things simpler because I’m so busy.

If anyone wants to take over blbl.org (in its entirely – management and hosting) then I’d be more than happy to hand the reigns over to a suitable person (or people).

I think this is officially my longest blog post ever, so I’d better stop here before I ruin my average.

Yesterday on my new(ish) Vodafone phone I got a call from 02920368705 with the usual spiel about they’re calling “about your Vodafone contract” and could they save me money/cut me a deal/please god give us some money. At least the guy who made the call was up for a laugh because when I told him I liked spending money he offered me a plan that was £1,000 per month with one free minute and one free SMS. After persuading him that I didn’t want that either and would he please remove me from his list, he went.

According to results from Google, this number belongs to Communications Direct which is a different company to the last one I had time.

Why not do a Google Search for them and click their sponsored link? I’m sure they can afford it. :10bux:

We have not been aware of the web site http://bmw-portl and-oregon.flgju.info/index.html. However, this domain is not accessible and therefore, we cannot undertake any further actions.

Sorry, but the site still works for me, although it’s a bit slow. I’ve emailed them a screenshot showing it.

http://b.oooom.net/261

http://b.oooom.net/1xo

Also unfortunately for blbl.org, I like my other websites being up more than I like blbl.org being up, so this means one of several things:

• I shut it down
• I move it to another machine that can handle it
• I change it so it generates less load

Of these, I’m obviously least keen on the first one – although I’m not sure really how much use it is being compared to the rest of Spam Karma’s calculations. As it’s been taking more effort (on the server’s part) to rebuild the zone recently, I’ve reduced the frequency of the updates, which also means it’s less effective. Blog spammers hit hard and fast (believe me, I’ve seen the submissions pour in at >4/sec per host) and long gaps in updating the zone mean I might as well not bother.

Moving it to another machine is an option, but I lack the financial ability to do it. It’s as simple as that. I can afford my colo at the moment no problem, but I don’t feel like stretching to another one – particularly because it would need a reasonably spec’d machine to do it justice and I can’t really go throwing around money at that. I need to save up and buy a house and not be poor generally (have you seen the housing market around here recently? It’s mad).

The same kind of goes for changing it to generate less load. There’s actually two reasons behind not wanting to go for this option – primarily my time is finite and at the moment my free time is generally negative anyway. The second is that while I can think of other ways of doing this that would be less of a burden on the server, they could also be less reliable for false positives.

Of these options, the third is the most likely to happen – but if it doesn’t help or I can’t find the time to do it, it’ll have to be the first, sorry.

In either case, you should probably expect somewhat intermittent service from blbl.org both for submissions and for lookups while I try things out. If I decide to make it go away, I’m more than happy for someone else to take it on. I’m not going to make it return a hit for * or anything stupid like that, as has been known to be done for some RBLs :) Since I suspect the majority of people have blbl.org enabled in SK2 just because it’s the default means they have no responsibility to check up on news about it.

Anyway, that’s how it is. We’ll see where it goes from here :)

Wait, 1.3Mb?

[-- Attachment #2: clip_image001.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 523K --] [-- Attachment #3: clip_image004.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 752K --]

(MIME part #1 was multipart/alternative, so they at least got that right.)

This ended up in my inbox because my spam filters don’t check messages over a certain size, to prevent killing my server. I thought that was a reasonable choice after all, which spammers would be dumb enough to spam with enormous attachments?

Apparently, New Era Publications UK is. (I hope a spammer scrapes this page and gets that address.)

I decided to teach Exim to reject senders with a a particular message, rather than just a generic “unwanted sender” message. I wanted to put addresses in a file that Exim could lsearch and the data of the key would be the given reason.

The Exim FAQ suggests a way of doing this (actually it suggests a way of indexing on pairs of sender=>recipient), but the example is broken.

Just in case anyone else finds it handy, here’s a snippet for the RCPT ACL in Exim which rejects senders with a custom message.

deny condition = ${if eq {${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}}{} \ {no}{yes}} message = ${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}

Pop that in your configure file, and create /usr/local/etc/exim/badsenders (leave it empty if you don’t have anything to go in it yet, but it MUST exist). Make sure the exim process can read it. Populate it with data like this: nepuk@newerapublications.com : Sending oversized spam example@jamesoff.net : This address never receives mail

You must put a reason else the condition won’t trigger. HUP exim to make it notice the updated configuration, but you don’t need to do that every time you add a new address to badsenders.

• Don’t look up same host more than once per post
• Fixed URIs not getting looked up properly

The downloadable file has been updated.