logo
home
about
usage
mirrors
help us
store
links
contact
maillist

login / register / lookup uri / submit uri
"because spam sucks.."

News

  • August 5th, 2008: livefilestore.com listing

    Due to the heavy and continued abuse of livefilestore.com (see http://rss.uribl.com/hosters), we have temporarily placed the domain in URIBL Black. Once Microsoft has the abuse under control, we will remove it from black. If you are using SpamAssassin, and want to avoid potential falses on livefilestore.com links, simply remove it from being checked by adding uridnsbl_skip_domain livefilestore.com to your local.cf.

  • July 11th, 2008: Website DDoS

    Sorry we were down a bit longer than expected.. Prolexic mitigated the DDoS quickly, but we are just now turning everything back on.

  • May 27th, 2008: ccTLD abuse

    There has been a steady increase in domain abuse targetting ccTLDs which either have no policy to action abusive domains, or are very slow in doing so. We've seen this in the past with Rock phish on .st (Sao Tome), .tk (Tokelau), .hk (Hong Kong), among others. More recently, the abuse includes domains on .cn (China) and .uk (United Kingdom).

    Its well known that .CN has become one of the leading TLDs for domain abuse because of its policies against actioning domains for email abuse. To quote a recent response from CNNIC support, "As for reporting spam, it is really out of our duty." I believe the abusers are well aware of that :)

    So not suprisingly, our requests to CNNIC for access to new zone data have been denied.

    Now, due to a recent rise in phish abuse on the .UK ccTLD, we have asked Nominet for zone data also, only to be shot down there as well. Below is a small subset of the recent phish abuse on the .UK ccTLD. 

    +--------+---------------------+------------------------------------------------------------------------+
| target | date                | link                                                                   |
+--------+---------------------+------------------------------------------------------------------------+
| google | 2008-05-23 22:22:23 | http://www.google.com.adwdl.org.uk/accounts/VE/?service=adwords&c= |
| google | 2008-05-23 22:12:58 | http://www.google.com.ganzag6.me.uk/accounts/VE/?service=adwords&c |
| google | 2008-05-23 16:53:39 | http://www.google.com.solo67.co.uk/accounts/VE/?service=adwords&c= |
| google | 2008-05-22 19:30:12 | http://www.google.com.urt5var.co.uk/accounts/VE/?service=adwords&c |
| chase  | 2008-05-22 19:16:46 | http://chaseonline.chase.com.modeisp.me.uk/ReidentifyFormOnine/OnlineF |
| google | 2008-05-22 08:35:06 | http://www.google.com.mttrs.me.uk/accounts/VE/?service=adwords&c=3 |
| chase  | 2008-05-20 20:33:32 | http://chaseonline.chase.com.techldr.org.uk/ReidentifyFormOnine/Online |
| chase  | 2008-05-20 13:26:51 | http://chaseonline.chase.com.modeisp.org.uk/ReidentifyFormOnine/Online |
+--------+---------------------+------------------------------------------------------------------------+

    And below is a recent view of the top 10 abused TLDs for the last 20 days.

    Rank    TLD     Abused Domains
-----------------------------------
#1      COM     19476
#2      CN      7195
#3      INFO    4850
#4      NET     1857
#5      UK      256
#6      RU      216
#7      ORG     182
#8      US      57
#9      IN      49
#10     BIZ     25
-----------------------------------

    We are disappointed in the unwillingness of ccTLDs to work with Anti-spam organizations such as URIBL. URIBL is interested in data from all ccTLDs, even those that currently see no little to no abuse. Please contact us if you are interested in working with us.





Old News

  • March 3rd, 2008: Geocities and Blogspot listings (was Googlepages)

    A month or so ago we posted news about how we are listing subdomains for googlepages, blogspot and similar abused hosting sites. Well, that news somehow disappeared. Anyways, if anyone was looking for it, you can find it here.

  • December 21st, 2007: Google Map of URIBL Mirrors Map of Mirrors

    We have a new page on our site which shows our mirror distribution over top a google map. Click Here to see it. The map is updated every 30 minutes with data we have polled from the mirrors over the last 4 hours. The markers are color coded to indicate mirror stats, with green being ok, yellow being warning, and red being failing. It looks like we could use some mirrors outside of the US and EU. If you are interested, please contact dnsadmin@uribl.com.



  • October 16th, 2007: ACLs placed on public DNS Infastructure

    UPDATE - Refusing queries on high traffic IPs just caused even more traffic to be generated. Because of the lack of negative caching when sending a refusal, this caused our mirrors to take on every query from IPs that are blocked. We have changed all REFUSED IP addresses over to simply returning NXDOMAIN to all the queries. By doing this, we at least benefit some from caching nameservers serving up the nxdomain for us, which reduces the amount of queries we have to handle from these high traffic hosts.

    URIBL has begun to block IPs hitting our public DNS mirrors with high volume. If you are sending anything close to 500k queries/day to our public dns, you queries may be refused already, or in the near future. If you would like to become a part of the public dns infastructure and give some queries back to the world, please contact dnsadmin@uribl.com

  • June 13th, 2007: Web Services Restored (again)

    The second wave to DDoS attacks started on June 11th. An HTTP GET flood with random query strings was used to bypass proxy caching, with an ACK flood to boot. Prolexic has mitigated this attack, and we are back... at least for now. If you want to help in some way, consider a donation (even if its small), as we try to expand our redundancy and failover mechanisms.

  • June 8th, 2007: Services Restored The URIBL website came under a heavy DDoS attack starting on June 6th at 13:30 GMT. SURBL and Spamhaus were also effected by this attack. During the last couple days, we have been working with www.prolexic.com for DDoS mitagation. Thanks to Prolexic, URIBL webservices are back online tonite.
  • May 8th, 2007: Mail Services restored The uribl.com mail server and one of the rbldnsd mirrors hosted at GTI died on May 4th, 2007 as a tornado ripped through Greensburg, KS. A new mail server was brought up late on May 7th. If you sent anything important between the 4th and 7th to an uribl.com email address, you may want to followup to make sure it was received.
  • June 7th, 2006: RSS Feeds Available Certain sections of URIBL's RSS Site are now public. There you will find thing such as spam domain statistics by Registrar and by Nameserver. Each NIC or NS can be further drilled down on to obtain the most recent domains that have been black listed on that particular registrar or nameserver. Plus, the data is accessible via XML (RSS 2.0) feed for those who would like to know when domains on their registrar and/or nameservers become blacklisted (and hopefully take action).
 
Copyright 2005-2007 URIBL.COM All rights reserved
Read the License and Disclaimer before using our service..
webmaster@uribl.com

Valid XHTML 1.0!