1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Debian Repositories "deb.debian.org" Listed as a Threat or Maliciou

    From Roy J. Tellason, Sr.@21:1/5 to All on Mon Dec 16 20:10:01 2024
    On Monday 16 December 2024 08:09:08 am Poon Weng Chee wrote:
    Dear Debian,

    We have discovered that the public IP address of deb.debian.org, which is used to access the Debian repositories, is listed as a threat or malicious IP address on http://brightcloud.com/support/lookup.php.
    Despite attempting to submit this IP address for removal from the threat list, it has been repeatedly reclassified as a threat or malicious IP address within a one to two day timeframe.
    We suspect that your public IP address may be under attack or being misused by others. We would appreciate it if you could investigate this matter further.

    That kind of thing can be SO annoying...

    I was having a great deal of trouble exchanging emails with one particular individual a while back. Tracing out the trouble it turned out to be this kind of thing. Reportedly the mail servers that my hosting company was using also had malicious users
    that were generating this nonsense, and I was being hit with the result. Their suggestion was "try again later" when I'd possibly (but not for sure) end up connecting to a different mail server.

    I ended up changing hosting companies, and the problem went away.

    --
    Member of the toughest, meanest, deadliest, most unrelenting -- and
    ablest -- form of life in this section of space,  a critter that can
    be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
    -
    Information is more dangerous than cannon to a society ruled by lies. --James M Dakin

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From George at Clug@21:1/5 to Sr. on Mon Dec 16 20:40:01 2024
    On Tuesday, 17-12-2024 at 06:08 Roy J. Tellason, Sr. wrote:
    On Monday 16 December 2024 08:09:08 am Poon Weng Chee wrote:
    Dear Debian,

    We have discovered that the public IP address of deb.debian.org, which is used to access the Debian repositories, is listed as a threat or malicious IP address on http://brightcloud.com/support/lookup.php.
    Despite attempting to submit this IP address for removal from the threat list, it has been repeatedly reclassified as a threat or malicious IP address within a one to two day timeframe.
    We suspect that your public IP address may be under attack or being misused by others. We would appreciate it if you could investigate this matter further.

    That kind of thing can be SO annoying...

    I was having a great deal of trouble exchanging emails with one particular individual a while back. Tracing out the trouble it turned out to be this kind of thing. Reportedly the mail servers that my hosting company was using also had malicious users
    that were generating this nonsense, and I was being hit with the result. Their suggestion was "try again later" when I'd possibly (but not for sure) end up connecting to a different mail server.

    Many email server providers allow users to specificy specific email addresses that are permitted, by passing their spam filters. This feature has helped me out one time.



    I ended up changing hosting companies, and the problem went away.

    --
    Member of the toughest, meanest, deadliest, most unrelenting -- and
    ablest -- form of life in this section of space,  a critter that can
    be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
    -
    Information is more dangerous than cannon to a society ruled by lies. --James
    M Dakin



    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Poon Weng Chee on Mon Dec 16 21:20:01 2024
    Hi Poon,

    [Note that you have emailed a large number of Debian addresses, most of
    which are read by volunteers who do not speak for Debian. I'm one of
    those.]

    On Mon, Dec 16, 2024 at 01:09:08PM +0000, Poon Weng Chee wrote:
    We have discovered that the public IP address of deb.debian.org, which is used to access the Debian repositories, is listed as a threat or malicious IP address on http://brightcloud.com/support/lookup.php.

    deb.debian.org is hosted by the Fastly CDN as are literally millions of
    other sites, because that is the point of a CDN. So:

    1. There's no point complaining to Debian. This is a bit like you
    complaining to Martha's Bait and Unix Store that some other site also
    on Cloudflare is naughty and harming their reputation. They are just
    not in a position to do anything about it.

    2. You should complain to Fastly, but they are probably not going to be
    interested in what this brightcloud organisation has to say and will
    want to know which exact malicious site you are talking about. They
    have probably already removed it from their service.

    3. Hopefully as a consequence of (1) and (2) you will see that blocking
    your own connectivity based on shared reputation in an increasingly
    centralised world has many pitfalls.

    We would appreciate it if you could investigate this matter further.

    I don't think it is likely that anyone at Debian is going to do
    anything about this. I also don't rate your chances with Fastly, but
    they at least would be the correct people to talk to about one of their
    IP addresses being listed by some arbitrary reputation database.

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Henrik Ahlgren@21:1/5 to Andy Smith on Mon Dec 16 22:40:02 2024
    On Mon, 2024-12-16 at 20:12 +0000, Andy Smith wrote:
    deb.debian.org is hosted by the Fastly CDN as are literally millions of
    other sites, because that is the point of a CDN.

    Furthermore, it is not a single IP address, but there is some
    geolocation going on, so deb.debian.org resolves to different addresses
    around the world, depending on where you ask.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)