SORBS – back soon

If you’ve tried to get an address delisted from SORBS this week you’ll have found that their site is degraded, and there’s no way to request delisting.
They’ve been dealing with some very nasty database / hardware problems and while they’re fixing those the externally visible SORBS services are running in a read-only mode (where the list is published, but IP addresses can’t be added or removed).
The migration to new infrastructure is going well, and unless something unexpected happens I’d guess they’ll be running normally some time tomorrow.

Related Posts

GFI/SORBS – should I use them?

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
In the past week we’ve demonstrated that the SORBS reputation data is riddled with mistakes, poor practices, security holes and operational problems, and that the quality of the end result is really too poor to be useful.
Today I’m looking at how this information should affect your choice of spam filtering technology.

Read More

Office cat says

All work and no cat petting makes for a very cranky, and in the way, cat.

Read More

GFI/SORBS considered harmful, part 3

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
In the last few days we’ve talked about GFI’s lack of responsiveness, the poor quality of their reputation and blacklist data, and the interesting details of their DDoS claims. Today we’re going to look at (some of) the fundamental problems with GFI’s procedures and infrastructure that cause those issues. Some of the subset of issues I’ve chosen highlight are minor, some are major, but they show a pattern of poor decisions.
SSL Certificates
When you use SSL on a web connection it brings you two benefits. The first is that it encrypts the connection between your browser and the webserver, so that it’s very difficult for anyone to watch or tamper with your interaction with that webserver. The second, more important, reason is to make sure that you’re talking to the webserver you think you’re talking to, to avoid man-in-the-middle attacks.
This security relies on you trusting the certification authority that issues the SSL certificate that the website uses. A website providing services to the public should always use an SSL certificate created by one of a small number of reputable certification authorities that are pre-loaded into all webservers as “trusted”. These SSL certificates are something that need to be be purchased, but they’re very inexpensive – less than ten dollars a year.

Read More