|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Attacked by spammers
|
One of our volunteers reported (22:13) not being able to send email with
his Outlook mail client. At first when I looked at the problem it
appeared the mail server was down, but it was more severe than that.
Our mail server was under attack from some pacbell.net DSL machines from
2001-08-07 15:18:29 to 2001-08-07 23:45:52. I counted 2223 rejected spams
and reported the problem to pacbel.
The mail server went up and down from 15:20:10 to 22:55:55 29 times.
The past 3 days have shown that the Code Red worm is increasing
our hits here at CCIL. On one machine we have 63366 hits attempting to
infect us with the worm.
My guess is that these spam attacks originated from a couple of Microsoft
NT or 2000 machines which were comprimised by the new varient of the code
red worm. Some users on the svlug list have speculated that we will be
seeing worse varients of the Code Red worm.
I think that I am missing something though, 2223 rejected spams over 7
hours isn't all that much mail that it should have stopped the mail server
29 times. And this machine isn't getting nearly as many hits from the
worm, maybe 1500 during the spam attack. A couple of years ago we had
some mail bomber send something like 64,000 messages one day. Its the
same machine, a 166 Mhz with 64 megs of ram. The OS and smtp server has
changed, we used to run BSDi with sendmail and now we have Debian with
exim. Here is one of the errors in syslog:
Aug 7 22:55:55 mercury inetd[269]: smtp/tcp server failing (looping),
service terminated
Any clues?
Thanks,
Chuck
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|