SORBS Corruption Cause for False Positive Surge - ORF Forums

SORBS Corruption Cause for False Positive Surge RSS Back to forum


Over the last two days, sporadic reports have surfaced about an increased number of email misclassifications. It has now come to light that the sudden surge in false positives was caused by a corruption of the SORBS blacklist.

At this point, the issue has already been addressed by SORBS, still we advise affected ORF users to temporarily disable the SORBS blacklist, or putting the logs under deeper scrutiny in the following days.

According to Michelle Sullivan, founder of the now GFI-owned SORBS, there was a corruption of the database during a database migration that caused over 79 000 entries to be incorrectly flagged as spammers. Since most entries contained more than one IP address/domain, it is yet unclear how many domains were affected, but the numbers are possibly in the millions.

Sullivan explained that SORBS stores historic data on previously reported dynamic IP ranges that have since been repurposed as static. During the migration, the cleared flags were dropped from the historical entries, causing large network blocks to be falsely included in the blacklist. This problem was further deepened by an apparent DoS (Denial-of-Service) attack on SORBS servers simultaneously.


by Peter Karsai (ORF Team) 8 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2