Re: [exim] abuse report

----- Original Message -----
From: "Mike Lima" <mikelima@???>
<snip>
> Let's see my case for example: I had a site using NukePHP. My system was
> invaded and the cracker used Nuke webmail module to send spam during 2
> days. They included my IP on the list without warning. When I started to
> receive bounced mail from several servers, I contacted sorbs. Then, I
> discovered that my server was invaded. I fixed my server.
<snip>

Mike,

Pray tell, how would you have discovered your server was compromised, if you
had not been blacklisted? Forced you to investigate your server and close
the hole, didn't it?

Sounds to me like the blacklist worked exactly as it should. Imagine all
those poor recipients of spam coming through your machine for how long, had
you not been alerted? Having made such a mistake once, how is the rest of
the world to be certain it won't happen again? Answer: By making it cost
you something when you make the mistake. If people did not suffer at all
for their transgressions, the world would rapidly become unliveable, because
almost no one would bother to fix things that were screwed up. Even
innocent mistakes are still mistakes.

BTW, consider joining a security hole listing service. There are free ones
available (e.g. qualsys.com). Had you done this, you might have known about
the security holes in NukePHP before it was compromised.

Regards,
Jim Roberts