« To Avoid Funding Gay Marrieds, Catholic Charities Denies Benefits to All Spouses | Home | Recent Comments | Categories | Saturday Morning Breakfast Cereal »
Fucking spammers
What do you do if you suddenly get 200 bounce messages in your inbox?
You turn off your mail server.
Check the mail queue. See it still increasing.
You turn off your web server.
Check the mail queue. No more increases.
Check the webserver logs.
Disabled the abused virtual host
Start the web server.
Check the mail queue. No more increases.
Clean the mail queue of the 15 thousand pieces of garbage. I’m pretty sure the clients of ABSA bank in South Africa, who were targeted with a phishing mail, are happy they’ll not receive this from my server.
Start the mailserver.
Down time incoming mail: zero, thanks to secondary mx servers
Down time outgoing mail: 20 minutes.
Down time web server: 10 minutes.
Fuck you, spammers at 95.108.128.242 (spider72.yandex.ru) and 94.247.165.49 (94.247.165.49.not.updated.openip-cs.net).
|
The virtual host had SMTP relay enabled? The webserver somehow proxied to port 25? Or…?
the virtual server had a script that had a vulnerability that allowed upload of php scripts, which proceeded to tell the local sendmail to deliver lots and lots of messages.
Hmm. I saw that my webserver was being taxed, so I checked server-status (yes, from the SSH console, I don’t expose that, yadda yadda). Saw that “spider72.yandex.ru” hostname show up for a bunch of Apache threads, Googled that and found this. Hello, route add host reject…