On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote: > Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg > <anti-abuse-wg@ripe.net> ha scritto: >> >> UCEPROTECT blacklists the whole range of IP addresses, including the >> full IP range of some autonomous systems: > I stress that the problem is not in blacklisting entire providers, > something that may be justified if those providers are lenient in > fighting abuse on their networks, but in blacklisting entire providers > with very weak criteria (so weak that most big European hosters end up > at least in the level 3 blacklist) and then asking for money to remove > them. This is actually prohibited by RFC 6471 (section 2.2.5) because > indeed, especially when done at scale, it looks a lot like extortion.
They don't ask for money to be removed from the the list. The listing gets automatically removed after 7 days of taking care of the issue, without money changing hands. Please stop spreading lies. And yes, if they stick to they listing policy, this is ok. It is up to users of the DNSBL to judge if they DO provide a useful service or not. If course if your IP is listed, and you're part of collateral damage, it is uncomfortable. > >> >> UCEPROTECT states, '/Who is responsible for this listing? YOU ARE >> NOT! Your IP was NOT directly involved in abuse but has a bad >> neighborhood. Other customers within this range did not care about >> their security and got hacked, started spamming, or were even >> attacking others, while your provider has possibly not even noticed >> that there is a serious problem. We are sorry for you, but you have >> chosen a provider not acting fast enough on abusers'/) >> [http://www.uceprotect.net/en/rblcheck.php >> <http://www.uceprotect.net/en/rblcheck.php>]. >> >> It asks for a fee if some individual IP address wants to be >> whitelisted (http://www.whitelisted.org/ <http://www.whitelisted.org/>), Well, yes. The complaint from those who end up being collateral damage is that "we didn't spam". The last time I checked (quite a while ago), the DNSBLs that escalate listings (causing collateral damage) generally don't let individual IPs out of the hook. I'm not sure which one is better. >> >> It abuses people who decide to challenge their blacklist by >> publishing conversations in their so-called /Cart00ney/ >> (http://www.uceprotect.net/en/index.php?m=8&s=0 >> <http://www.uceprotect.net/en/index.php?m=8&s=0>; >> http://www.uceprotect.org/cart00neys/index.html >> <http://www.uceprotect.org/cart00neys/index.html>). Thanks for reminding me of this, it was very entertaining. The point is NOT retaliating those challenging them, point is making fun of those who threatening with legal consequences without going thru with it (thus cartooney). Threatening with lawyers is just pathetic. If you do that, you should follow up with it, as well. > They recently published a disgustingly sexist "ad feminam" to blame a > person that dared to complain about their methods: > > http://www.uceprotect.org/cart00neys/2021-001.html > <http://www.uceprotect.org/cart00neys/2021-001.html> > > They start with the argument that since she is a woman she is stupid > and "emotional rather than objective", because she is a woman, and so > they quote her message in pink colour. > > This is completely unacceptable and I strongly recommend that RIPE > distances itself as far as it can from these people - as a minimum, > please stop using or referring to this blacklist in any way. Yes, this was definitely bad form. I have no problem making fun of cartooneys, but putting sexist spin on it is definitely not ok Now, if RIPE should boycott UCEPROTECT because of this faux pass is something we could discuss. I'd rather have someone contacting UCEPROTECT team and get an attitude adjustment in place, but that's me. -- Mr Esa Laitinen IM: https://threema.id/2JP4Y33R <https://threema.id/2JP4Y33R> or https://signal.org/install <https://signal.org/install> Skype: reunaesa Mobile: +4178 838 57 77
