For those who like to use http://openrbl.org but found it unavailable for longer than any usual system maintenance, your guess that it was due to a DDOS is right.
Meanwhile, Declude's own http://www.dnsstuff.com/ and http://moensted.dk/spam/ can get you the lookup information. I also like to use Google Newsgroup searches in *.abuse.* for suspect domain names and IP addresses.
Here is the web page returned when you go to one the openrbl.org
mirrors, if you get a response at all:
503 - website unavailable due to ddos
the webserver has to be reconfigured to absorb a 'normal' ddos with a few
mbps,
and probably will be unavailable for a few days.
Please use http://moensted.dk/spam/ instead.
- nameservers already updated, more will be added, secondaries sought
- the website will be moved to another address, hidden from the attacker
- public access will be exclusively trough one of at least 6 proxy-servers
located in different networks. the attacker would need a multiple of the
current bandwith and a simultan ddos against multiple targets to achieve
any noticable results. probably much too risky for the spammer located
somewhere around the timezone of Florida trying to take off antispam-sites - the distribution of dnsbl-lists via mirror.bliab.com will commence soon
with http-redirects, could not get an update from spews tonight anyway...
Currently there are 2 proxy-servers available, and some more urgently
required.
If you are able to help with a proxy-server (Apache/mod_proxy,
Pound, Squid
or similar, dedicated ip recommended) with 1..4gb traffic per
month (limit may
be set by you) please contact
<webmaster(at)openrbl.org> with details.
It may be even possible to
display your ad for those requests tunneled thru your
proxy, negotiable. Guestbook available for questions.
