Guilmette's List

On 18 April Ronald Guilmette published a list of 1,196 unsecured proxies that had been exploited for spamming purposes within the past 7 days. At first, Guilmette thought his colleagues were indifferent to what he'd found.

Jesus! I really did expect this posting to garner at least *some* reaction from *sombody*... either a "Gosh, I didn't know the extent of the problem was that bad" or else a "Ron, you are a criminal for posting this info!"

But dead silence, I wasn't expecting.

I guess that really, nobody gives a shit one way of the other. People have clearly come to just accept these grotesque levels of rampant stupidity on the net the same way that most of us just accept potholes on our city streets... as if it is all just some sort of inevitability of modern life, and _not_ the avoidable product of the combined apathy and stupidity of many people at many levels of the Internet food chain.

Well, OK. So will anybody take offense if I start to publish my ENTIRE open proxies data base on my web site on a daily basis?

I have long suspected that doing something like that might be the ONLY way to start getting most of the providers to sit up, take notice, and start closing these things down. But maybe even that won't have any effect.

sigh. I used to be apathetic, but now I just don't care.

But Guilmette was wrong: His colleagues were busy assimilating his data and hadn't had time to catch up and comment.

The Comments

Once Guilmette published his second post, the cronies pitched in.

Au contraire! Some of us are busy lexing and yaccing those data into other types of filters!

On my servers, proxies.relays.monkeys.com filters more spam than the SBL, Wirehub, and blackholes.us lists combined. Your work is highly appreciated.

  -- JJB

JJB said it, parsing and generating.

I think it's way past the point where telling providers who don't give a shit about their promiscuous customers who don't give a shit because they're running broken software with open defaults from developers who aggressively don't give a shit (hi there analogx!)... can be considered being part of the solution rather than being part of the problem.

Notifying just the providers is a nice try, and all. However, perhaps the only way to reach a solution now is to escalate the problem until it actually gets fixed.

Marc Thompson - AnalogX - is mentioned, and with reason: of the 1,196 machines exploited, 313 were running his Proxy Server.

The frailties of AnalogX Proxy Server have been long known. A number of articles on the subject have been published over the years at Radsoft, and web traffic the past few weeks indicates there has been an undue interest in these old articles.

Security guru Robin Keir has repeatedly warned Thompson about the holes in his program, but in vain.