Dreamhost Shut Down My Sites. Help? May 3, 2002 9:01 AM Subscribe
Yesterday I was accused of spamming by my host. Today 10+ websites and my email service has been shut down.
(cockybastard.com, Globalgasm.com, etc.)
I am *hoping* I can resolve this asap. But what if they refuse to listen to me.
I'm struck by how helpless I am. Has this ever happened to anyone here? I am close to actually driving to the Dreamhost offices in person.
(cockybastard.com, Globalgasm.com, etc.)
I am *hoping* I can resolve this asap. But what if they refuse to listen to me.
I'm struck by how helpless I am. Has this ever happened to anyone here? I am close to actually driving to the Dreamhost offices in person.
halcyon, do you run a formmail script on your sites perchance?
posted by machaus at 9:07 AM on May 3, 2002
posted by machaus at 9:07 AM on May 3, 2002
The SpamCop scenario Zeldman mentioned would totally explain my situation.
AND I do use a formail script.
posted by halcyon at 9:11 AM on May 3, 2002
AND I do use a formail script.
posted by halcyon at 9:11 AM on May 3, 2002
AND I do use a formail script.
Lately there have been several attempts made to probe my site for formmail scripts, so spammers are looking for scripts which can be used as in much the same manner open relays.
posted by iceberg273 at 9:13 AM on May 3, 2002
Lately there have been several attempts made to probe my site for formmail scripts, so spammers are looking for scripts which can be used as in much the same manner open relays.
posted by iceberg273 at 9:13 AM on May 3, 2002
Are you using the formmail script DreamHost provides, or did install your own Perl script on your site?
posted by mcwetboy at 9:13 AM on May 3, 2002
posted by mcwetboy at 9:13 AM on May 3, 2002
in much the same manner open relays.
as open relays.
Also: the attempts made at my site (which I caught with a script on my 404 page and reported to the appropriate ISPs, who never responded) were searching for the files formmail.pl and formmail.cgi in common cgi-bin directories. If they found either of those files, a message would have been sent to an address with the URL of the file in the subject. I imagine that a script on the other end would then begin using the found formmail scripts to spam the world.
posted by iceberg273 at 9:18 AM on May 3, 2002
as open relays.
Also: the attempts made at my site (which I caught with a script on my 404 page and reported to the appropriate ISPs, who never responded) were searching for the files formmail.pl and formmail.cgi in common cgi-bin directories. If they found either of those files, a message would have been sent to an address with the URL of the file in the subject. I imagine that a script on the other end would then begin using the found formmail scripts to spam the world.
posted by iceberg273 at 9:18 AM on May 3, 2002
Lately there have been several attempts made to probe my site for formmail scripts, so spammers are looking for scripts which can be used as in much the same manner open relays.
one of the biggest mistakes i'd ever made was to install a formmail script on my website. i'd taken it down when one person sent email to another using it directly rather than though my website. it periodically does get requests sent to it through GoZilla (which i guess is some sort of spyware). the outbound messages consist of "w00t".
posted by moz at 9:22 AM on May 3, 2002
one of the biggest mistakes i'd ever made was to install a formmail script on my website. i'd taken it down when one person sent email to another using it directly rather than though my website. it periodically does get requests sent to it through GoZilla (which i guess is some sort of spyware). the outbound messages consist of "w00t".
posted by moz at 9:22 AM on May 3, 2002
I'm using the DreamHost script.
Now, the email they sent to me as an example of SPAM *was* mine. I sent it to an opt-in list of 200.
My guess is that someone forgot they signed up and then complained.
posted by halcyon at 9:24 AM on May 3, 2002
Now, the email they sent to me as an example of SPAM *was* mine. I sent it to an opt-in list of 200.
My guess is that someone forgot they signed up and then complained.
posted by halcyon at 9:24 AM on May 3, 2002
hmmm... I've never heard anything bad about dreamhost. Sounds like a simple mis-understanding.
posted by machaus at 9:29 AM on May 3, 2002
posted by machaus at 9:29 AM on May 3, 2002
moz: I got that too. Luckily I didn't have a formmail installed. Unsurprisingly, the send-to and receive addresses were from AOL. I notified abuse, but didn't get any response. Sigh.
posted by darukaru at 9:29 AM on May 3, 2002
posted by darukaru at 9:29 AM on May 3, 2002
It should be noted that Formmail will only work to the spammer's benefit if it's not configured correctly. And Spamcop is an evil thing.
I had my site shut down due when one of my users installed it, and automatically reported my site. Spamcop misread the header information on his email and interpreted the spam as coming FROM my site, when in reality, he received the email on my site. After I jumped up and down and showed them the paper trail, I was able to get them to turn the site back on, but they never acknowledged that a mistake was made.
posted by crunchland at 9:30 AM on May 3, 2002
I had my site shut down due when one of my users installed it, and automatically reported my site. Spamcop misread the header information on his email and interpreted the spam as coming FROM my site, when in reality, he received the email on my site. After I jumped up and down and showed them the paper trail, I was able to get them to turn the site back on, but they never acknowledged that a mistake was made.
posted by crunchland at 9:30 AM on May 3, 2002
sometimes what also happens is that people who are a bit too quick on the spamcop trigger accidentally forward your email on to SpamCop instead of the next one in their inbox, or don't read down long enough to realize that the smutty message in their inbox is from you :). This happened to me once and once I had my friend email the ISP and clear it all up, they restored my service.
posted by jessamyn at 9:30 AM on May 3, 2002
posted by jessamyn at 9:30 AM on May 3, 2002
halcyon, I thought you used notifylist.com for your list messages? Maybe it is time to convert over? The subscribe/unsubscribe stuff there is really dead simple and requires users to really want to do what they are doing.
I use spamcop, but I take it seriously, so only obvious spam gets reported. I've noticed some weirdness lately. Someone is going around to websites and submitting pointless feedback, then putting my email as their contact, so I've been getting one or two daily emails from places like AOL support saying "thanks for your message: my cat's breath smells like catfood. the technical faq for AOL is here, blah blah blah"
posted by mathowie (staff) at 9:58 AM on May 3, 2002
I use spamcop, but I take it seriously, so only obvious spam gets reported. I've noticed some weirdness lately. Someone is going around to websites and submitting pointless feedback, then putting my email as their contact, so I've been getting one or two daily emails from places like AOL support saying "thanks for your message: my cat's breath smells like catfood. the technical faq for AOL is here, blah blah blah"
posted by mathowie (staff) at 9:58 AM on May 3, 2002
I use Notifylist for my large cockybastard mailing list. I love it.
I started using a seperate list for a Globalgasm announcement thing. Heck, Dreamhost offered it free as part of my plan. I had no idea it would be so costly.
But, if the SpamCop info that Zeldman posted is true, then it wouldn't matter where it came from. If It mentioned the URL of any domain hosted at Dreamhost, then Dreamhost would be notified of my "spamming."
I’m shocked at how easy it would be to cripple an independent web publisher.
Simply report their announcement list as Spam. Or send an email to yourself mentioning an enemies domain. Then turn it in as Spam. It seems not to matter if the accusation is true. I understand the intent of SpamCop, but it seems like we have created a pretty dangerous Salem Witch accusation system if we wanted to. Don’t like a site? Turn ‘em in.
Do I think I was the victim of malice? Not at all. I think it was a simple mistake in a flawed system. I’m just shocked at the way the system works.
(Of course, until Dreamhost starts talking to me, I have no idea what really happened.)
posted by halcyon at 10:08 AM on May 3, 2002
I started using a seperate list for a Globalgasm announcement thing. Heck, Dreamhost offered it free as part of my plan. I had no idea it would be so costly.
But, if the SpamCop info that Zeldman posted is true, then it wouldn't matter where it came from. If It mentioned the URL of any domain hosted at Dreamhost, then Dreamhost would be notified of my "spamming."
I’m shocked at how easy it would be to cripple an independent web publisher.
Simply report their announcement list as Spam. Or send an email to yourself mentioning an enemies domain. Then turn it in as Spam. It seems not to matter if the accusation is true. I understand the intent of SpamCop, but it seems like we have created a pretty dangerous Salem Witch accusation system if we wanted to. Don’t like a site? Turn ‘em in.
Do I think I was the victim of malice? Not at all. I think it was a simple mistake in a flawed system. I’m just shocked at the way the system works.
(Of course, until Dreamhost starts talking to me, I have no idea what really happened.)
posted by halcyon at 10:08 AM on May 3, 2002
This may be a consequence of the Klez virus, which seems to be wreaking havoc with email addresses found on victims' machines [via BT's blog].
posted by rory at 10:20 AM on May 3, 2002
posted by rory at 10:20 AM on May 3, 2002
Well, John, how far away from Dreamhost's offices? Since they won't respond to your phone calls, they can't ignore you in the flesh.
(Who could?)
posted by crunchland at 10:26 AM on May 3, 2002
(Who could?)
posted by crunchland at 10:26 AM on May 3, 2002
My impression was that DreamHost doesn't do phone; if so, keep plugging away by fax or e-mail.
There are enough DreamHost customers here that I'm sure some collective pressure could be applied if your efforts prove fruitless.
posted by mcwetboy at 10:32 AM on May 3, 2002
There are enough DreamHost customers here that I'm sure some collective pressure could be applied if your efforts prove fruitless.
posted by mcwetboy at 10:32 AM on May 3, 2002
Don’t like a site? Turn ‘em in.
no, it doesn't work that way. spamcop parses the headers and then lists the ones that appear to be the culprits. it's up to the person reporting to send the reports on, and it's up to the host to respond accordingly.
but you would have to be in the headers in order to be listed. mistakes happen--sometimes human error (I reported my husband once) and sometimes just header confusion (I reported myself once, when I didn't notice that my domain was erroneously listed).
presumably a human at your hosting service can look at the facts and make a reasonable decision about how to handle the situation.
when I reported myself, my host didn't peep--it was a one-time thing. if they got, say, 6 reports about me, I have no doubt they would shut down my account.
I have heard that it's hard to get through to a person at dreamhost; once you do, surely it will just be a matter of explaining the situation.
posted by rebeccablood at 10:38 AM on May 3, 2002
no, it doesn't work that way. spamcop parses the headers and then lists the ones that appear to be the culprits. it's up to the person reporting to send the reports on, and it's up to the host to respond accordingly.
but you would have to be in the headers in order to be listed. mistakes happen--sometimes human error (I reported my husband once) and sometimes just header confusion (I reported myself once, when I didn't notice that my domain was erroneously listed).
presumably a human at your hosting service can look at the facts and make a reasonable decision about how to handle the situation.
when I reported myself, my host didn't peep--it was a one-time thing. if they got, say, 6 reports about me, I have no doubt they would shut down my account.
I have heard that it's hard to get through to a person at dreamhost; once you do, surely it will just be a matter of explaining the situation.
posted by rebeccablood at 10:38 AM on May 3, 2002
I'm torn by the ability to actually shut down a real spammer and the possible abuse it will receive against people that have done nothing wrong.
But, the biggest issue I see is that this goes after 'spammers' that are easy, which, in most cases, won't be a real spammer.. since tracking down the actual host and sender of real spam is usually quite impossible.
posted by rich at 10:58 AM on May 3, 2002
But, the biggest issue I see is that this goes after 'spammers' that are easy, which, in most cases, won't be a real spammer.. since tracking down the actual host and sender of real spam is usually quite impossible.
posted by rich at 10:58 AM on May 3, 2002
Oh, on a separate vien, if you received no notice from Dreamhost and it's cost you money, and they did no due dilligence before shutting you down, then you should have a case for damages against them.
Which, again has me torn that they have a hard anti-spammer policy, meaning they don't allow spammers to use their services to annoy the hell out of the rest of us, but it leaves it open to false-positives like this, and the guilty before proven issue.
posted by rich at 11:01 AM on May 3, 2002
Which, again has me torn that they have a hard anti-spammer policy, meaning they don't allow spammers to use their services to annoy the hell out of the rest of us, but it leaves it open to false-positives like this, and the guilty before proven issue.
posted by rich at 11:01 AM on May 3, 2002
There's no way to guard against baseless accusations from SpamCop users or any other source.
The problem here is that DreamHost shut down a long-time customer in good standing, presumably because they're using some kind of software to identify and shut down spamming customers in response to complaints, rather than having a human look into these things.
I recently got shut down by ValueClick because of a false accusation I was running some kind of script to get fake click-through revenue. I can't even find a human being at ValueClick willing to respond to my e-mail about the shutdown, much less revive my account.
My guess is that we'll be seeing more of these problems because the surviving dot-coms have been laying off so many of their employees to stay afloat. You ought to move to a new host, halcyon. Even if you work this out with Dreamhost, it sounds like customer service is going to remain a problem.
posted by rcade at 11:06 AM on May 3, 2002
The problem here is that DreamHost shut down a long-time customer in good standing, presumably because they're using some kind of software to identify and shut down spamming customers in response to complaints, rather than having a human look into these things.
I recently got shut down by ValueClick because of a false accusation I was running some kind of script to get fake click-through revenue. I can't even find a human being at ValueClick willing to respond to my e-mail about the shutdown, much less revive my account.
My guess is that we'll be seeing more of these problems because the surviving dot-coms have been laying off so many of their employees to stay afloat. You ought to move to a new host, halcyon. Even if you work this out with Dreamhost, it sounds like customer service is going to remain a problem.
posted by rcade at 11:06 AM on May 3, 2002
I highly recommend pair for reliability and outstanding service. also consider cornerhost, a host specifically for weblogs run by old-time weblogger sabren.
posted by rebeccablood at 11:10 AM on May 3, 2002
posted by rebeccablood at 11:10 AM on May 3, 2002
I think the email in question was sent by the owner of TheRealHouse.com (where I live) through their servers.
He was letting his personal list of people know about the Globalgasm event that was happening inside therealhouse on May 1st. Apparently someone on his list reported it as Spam rather than unsubscribing. Since I access the net through TheRealHouse.com’s network, Dreamhost checked the headers and assumed the reported email was from me.
It was a reasonable mistake by Dreamhost (although I wish we could have had the discussion BEFORE they shut me down) and I hope we get it all cleared up ASAP.
posted by halcyon at 11:18 AM on May 3, 2002
He was letting his personal list of people know about the Globalgasm event that was happening inside therealhouse on May 1st. Apparently someone on his list reported it as Spam rather than unsubscribing. Since I access the net through TheRealHouse.com’s network, Dreamhost checked the headers and assumed the reported email was from me.
It was a reasonable mistake by Dreamhost (although I wish we could have had the discussion BEFORE they shut me down) and I hope we get it all cleared up ASAP.
posted by halcyon at 11:18 AM on May 3, 2002
Can't you just configure FormMail's
posted by kirkaracha at 11:57 AM on May 3, 2002
@referers
to only allow forms on your servers? (I have version 1.9, which has this feature.) The latest version, 1.92, was updated on April 21, 2002 (release notes).posted by kirkaracha at 11:57 AM on May 3, 2002
Dreamhost notified me that I should be back up in 3 hours.
Thanks for helping me figure this out, and figure out what info I needed to get to Dreamhost.
What a fragile existence this digital life can be.
posted by halcyon at 12:34 PM on May 3, 2002
Thanks for helping me figure this out, and figure out what info I needed to get to Dreamhost.
What a fragile existence this digital life can be.
posted by halcyon at 12:34 PM on May 3, 2002
Hmmm... so that's why I had people trying to access my deleted form-mail script. I thought it was weird. Good think I removed it.
posted by mkn at 12:38 PM on May 3, 2002
posted by mkn at 12:38 PM on May 3, 2002
Can't you just configure FormMail's
posted by kirkaracha at 12:58 PM on May 3, 2002
@referers
to only allow forms on your servers? (I have version 1.9, which has this feature.) The latest version, 1.92, was updated on April 21, 2002 (release notes).posted by kirkaracha at 12:58 PM on May 3, 2002
After reading the original post on Zeldman (it has been changed) I emailed Dreamhost to let them know that I was not happy with what how they had handled the situation. I received a prompt and thorough reply from a member of the support staff at Dreamhost explaining their side of the story, which was not explained in Zeldman's post. The issue was resolved surprisingly fast by my estimation and I was impressed at the level of service I received, especially since I'm not even a customer.
posted by jaden at 5:15 PM on May 3, 2002
posted by jaden at 5:15 PM on May 3, 2002
Digression: folks who are using formmail really should consider using something else. The code is crap, written by a kid who (at the time) was just learning programming. There has been a never-ending litany of bugs and patches, none addressing the underlying suckiness.
How about a free, secure, plug-compatible replacement?
Sorry for the rudeness; I typically don't trash free software. This script, however, has been the source of much evil damage and spammage.
posted by chipr at 1:12 AM on May 4, 2002
How about a free, secure, plug-compatible replacement?
Sorry for the rudeness; I typically don't trash free software. This script, however, has been the source of much evil damage and spammage.
posted by chipr at 1:12 AM on May 4, 2002
Let me defend SpamCop:
SpamCop sends full headers of the originating email: it's up to the admins of the sites being notified to determine their (and their customers') possible involvement in spam. If the admin is a jackass and doesn't have the skill to interpret these headers, then they should leave well enough alone. I'd hardly blame SpamCop for any of the problems mentioned here, or on Zeldman's site. It's a reporting service. It gives you information. In addition, unless I am completely mistaken, it includes the body of the original spam. It should be pretty obvious reading a spam message if it's trolling SpamCop, and they do. There's one kind of spam going around now that says something like, "Get your site listed just like these!" and then list more than 400 very popular web sites like CNN, MotleyFool, etc.
Spamcop misread the header information on his email and interpreted the spam as coming FROM my site, when in reality, he received the email on my site.
I have found SpamCop to be pretty good at recognizing forged headers, but it's not perfect. I get all kinds of spam that is not only *to* me but also apparently *from* me. Also, when reporting to SpamCop, it's not uncommon that because the spam recipient's own domain was mentioned in the spam (or implicated in a forged header) to find that the spam recipient's own ISP is included in the list of people to be notified of the spam. There are check boxes for this: you have to read those pages after submitting spam to make sure you aren't artificially reporting yourself or your own ISP.
posted by Mo Nickels at 7:29 AM on May 4, 2002
SpamCop sends full headers of the originating email: it's up to the admins of the sites being notified to determine their (and their customers') possible involvement in spam. If the admin is a jackass and doesn't have the skill to interpret these headers, then they should leave well enough alone. I'd hardly blame SpamCop for any of the problems mentioned here, or on Zeldman's site. It's a reporting service. It gives you information. In addition, unless I am completely mistaken, it includes the body of the original spam. It should be pretty obvious reading a spam message if it's trolling SpamCop, and they do. There's one kind of spam going around now that says something like, "Get your site listed just like these!" and then list more than 400 very popular web sites like CNN, MotleyFool, etc.
Spamcop misread the header information on his email and interpreted the spam as coming FROM my site, when in reality, he received the email on my site.
I have found SpamCop to be pretty good at recognizing forged headers, but it's not perfect. I get all kinds of spam that is not only *to* me but also apparently *from* me. Also, when reporting to SpamCop, it's not uncommon that because the spam recipient's own domain was mentioned in the spam (or implicated in a forged header) to find that the spam recipient's own ISP is included in the list of people to be notified of the spam. There are check boxes for this: you have to read those pages after submitting spam to make sure you aren't artificially reporting yourself or your own ISP.
posted by Mo Nickels at 7:29 AM on May 4, 2002
folks who are using formmail really should consider using something else.
Strange, I was just looking through some logs and found something that confirms chipr's concerns about using FormMail. Someone was testing my cgi-bin with different variations of the FormMail.cgi script to see if they could send spam through it. Luckily they were just sending test emails to see which one worked and I have already removed the offending script.
FormMail.pl?&email=schmoke@pimp.com&subject=dan.hersam.com&recipient=schmoke66@aol.com
I'm tempted to subscribe this email address to every email list known to man, but I won't.
posted by jaden at 1:33 PM on May 4, 2002
Strange, I was just looking through some logs and found something that confirms chipr's concerns about using FormMail. Someone was testing my cgi-bin with different variations of the FormMail.cgi script to see if they could send spam through it. Luckily they were just sending test emails to see which one worked and I have already removed the offending script.
FormMail.pl?&email=schmoke@pimp.com&subject=dan.hersam.com&recipient=schmoke66@aol.com
I'm tempted to subscribe this email address to every email list known to man, but I won't.
posted by jaden at 1:33 PM on May 4, 2002
For the record, I have cancelled my subscription to Yahoo Internet Life magazine, partly because they listed Cocky Bastard as one of the sites they hate, yet noted The Heidi FAQ and mariahcarey.com as sites they love.
Hangin's too good fer'm.
posted by ZachsMind at 12:32 PM on May 6, 2002
Hangin's too good fer'm.
posted by ZachsMind at 12:32 PM on May 6, 2002
You are not logged in, either login or create an account to post comments
posted by moz at 9:05 AM on May 3, 2002