Re: Rulesemporium down?
On Jun 9, 2007, at 12:19, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. It looks like rules_du_jour had some trouble with the downtime: [2753] warn: config: failed to parse line, skipping: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON [2753] warn: config: failed to parse line, skipping: CONTACT: [EMAIL PROTECTED] Questions this brings up: 1) do systems get un-AUTOBAN'ned after a time interval or should I request a delisting of each? 2) I see from the archives this was also a problem when the rulesemporium domain wasn't renewed last year - has anybody implemented auto back-off behavior for rules_du_jour? It seems to be too aggressive in these cases. 3) I didn't have a cronjob in to do updates ... would this be fired off when MailScanner instantiates a new child process and loads SpamAssassin? That's the only thing I can think of that might have such a high frequency. 4) is openprotect's channel generally considered better practice now? Thanks, -Bill - Bill McGonigle, Owner Work: 603.667.4000 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf
Re: Rulesemporium down?
On 6/10/2007 11:23 PM, Bill McGonigle wrote: On Jun 9, 2007, at 12:19, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. It looks like rules_du_jour had some trouble with the downtime: [2753] warn: config: failed to parse line, skipping: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON [2753] warn: config: failed to parse line, skipping: CONTACT: [EMAIL PROTECTED] Questions this brings up: 1) do systems get un-AUTOBAN'ned after a time interval or should I request a delisting of each? 2) I see from the archives this was also a problem when the rulesemporium domain wasn't renewed last year - has anybody implemented auto back-off behavior for rules_du_jour? It seems to be too aggressive in these cases. 3) I didn't have a cronjob in to do updates ... would this be fired off when MailScanner instantiates a new child process and loads SpamAssassin? That's the only thing I can think of that might have such a high frequency. Pls don't automate RDJ. atm there no updates and when there are, they will be announced banging rulesemporium.com just increases the load on the *DONATED* DDOS protection. PLEASE HELP keep the traffic down as much as possible. 4) is openprotect's channel generally considered better practice now? yes
Re: Rulesemporium down?
Yet Another Ninja wrote: On 6/7/2007 2:52 PM, Jake Vickers wrote: Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My systems all were unable to connect for their daily RDJ update yesterday. I time out trying to reach http://rulesemporium.com. Does anyone know what's happening? - -- Same issue here. 404 errors. Pls Disable all RDJ till further notice... Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: Rulesemporium down?
At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: Rulesemporium down?
On Saturday 09 June 2007, Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Oh oh, I wasn't aware we were supposed to disable that too, so mine has been contributing to the noise. My apologies. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Anybody want a binary telemetry frame editor written in Perl? -- Larry Wall in [EMAIL PROTECTED]
Re: Rulesemporium down?
On 6/9/2007 6:50 PM, Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Guys There's really no need to automate RDJ SARE rules aren't being updated too frequently and any rule change will be announced on the list. Each RDJ empty hit adds to traffic, which, atm , is a precious luxury. Pls be considerate and help SARE keep the site alive. Thanks SARE Co.
Re: Rulesemporium down?
Yet Another Ninja wrote: On 6/9/2007 6:50 PM, Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Guys There's really no need to automate RDJ SARE rules aren't being updated too frequently and any rule change will be announced on the list. Each RDJ empty hit adds to traffic, which, atm , is a precious luxury. Pls be considerate and help SARE keep the site alive. Prolexic will be providing proper caching of the rules shortly, so this shouldnt be much of an issue going forward. As long as people would keep their automation at 1-2 times a day, its cool. -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: Rulesemporium down?
Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Yes, I just verified http://www.rulesemporium.com/rules/ is serving data now. -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: Rulesemporium down?
On Saturday 09 June 2007, Dallas Engelken wrote: Yet Another Ninja wrote: On 6/9/2007 6:50 PM, Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Guys There's really no need to automate RDJ SARE rules aren't being updated too frequently and any rule change will be announced on the list. Each RDJ empty hit adds to traffic, which, atm , is a precious luxury. Pls be considerate and help SARE keep the site alive. Prolexic will be providing proper caching of the rules shortly, so this shouldnt be much of an issue going forward. As long as people would keep their automation at 1-2 times a day, its cool. And I've moved my sa-update script from /etc/cron.daily, to /etc/cron.weekly, plus added a day field valid number to the crontab that runs rdj that is not sunday. I hope this helps. If everyone did this, your load should go down quite a bit. I really appreciate the service and I thank this group very much. Between this and some really aggressive procmail rules, I'm getting only 2 to 4 trash messages a day squeeking through. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Things are more like they used to be than they are now.
Re: Rulesemporium down?
Gene Heskett schrieb: On Saturday 09 June 2007, Dallas Engelken wrote: Yet Another Ninja wrote: On 6/9/2007 6:50 PM, Jerry Durand wrote: At 09:19 AM 6/9/2007, Dallas Engelken wrote: Rulesemporium.com will be coming back online at approximately 1800 GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS protection. Great news and good work! I assume we can re-enable sa-update for tonight's run. Thanks for keeping this running. Guys There's really no need to automate RDJ SARE rules aren't being updated too frequently and any rule change will be announced on the list. Each RDJ empty hit adds to traffic, which, atm , is a precious luxury. Pls be considerate and help SARE keep the site alive. Prolexic will be providing proper caching of the rules shortly, so this shouldnt be much of an issue going forward. As long as people would keep their automation at 1-2 times a day, its cool. And I've moved my sa-update script from /etc/cron.daily, to /etc/cron.weekly, plus added a day field valid number to the crontab that runs rdj that is not sunday. I hope this helps. If everyone did this, your load should go down quite a bit. I really appreciate the service and I thank this group very much. Between this and some really aggressive procmail rules, I'm getting only 2 to 4 trash messages a day squeeking through. http://saupdates.openprotect.com/ is made for automation - sa-update is also more efficient for empty hits
Rulesemporium down?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My systems all were unable to connect for their daily RDJ update yesterday. I time out trying to reach http://rulesemporium.com. Does anyone know what's happening? - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZ/oCeERILVgMyvARAn97AJ9l8c5quPSKjAKNpM6/teMD5MK7bQCfcf+q G9D0bJrX/gOz4yx7MDUNq6s= =uEUU -END PGP SIGNATURE-
Re: Rulesemporium down?
On Thu, 2007-06-07 at 07:28 -0500, Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My systems all were unable to connect for their daily RDJ update yesterday. I time out trying to reach http://rulesemporium.com. Does anyone know what's happening? Apparently a DDOS attack. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: Rulesemporium down?
Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My systems all were unable to connect for their daily RDJ update yesterday. I time out trying to reach http://rulesemporium.com. Does anyone know what's happening? - -- Same issue here. 404 errors. smime.p7s Description: S/MIME Cryptographic Signature
Re: Rulesemporium down?
On 6/7/2007 2:52 PM, Jake Vickers wrote: Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My systems all were unable to connect for their daily RDJ update yesterday. I time out trying to reach http://rulesemporium.com. Does anyone know what's happening? - -- Same issue here. 404 errors. Pls Disable all RDJ till further notice... Thx