aab on Wed, 8 Aug 2001 07:20:07 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Attacked by spammers


Code Red shouldn't be attacking your mail server until you are also
running a web server on the same host.  Are you running software to
do antivirus checking on there?  We've been getting flogged by this
Sircam virus ... but the details of our tribulations should only be
typed up once the entire situation is resolved (and it ain't yet).

andrew.

On Wed, 8 Aug 2001, Chuck Peters wrote:

> My guess is that these spam attacks originated from a couple of Microsoft
> NT or 2000 machines which were comprimised by the new varient of the code
> red worm.  Some users on the svlug list have speculated that we will be
> seeing worse varients of the Code Red worm.
> 
> I think that I am missing something though, 2223 rejected spams over 7
> hours isn't all that much mail that it should have stopped the mail server
> 29 times.  And this machine isn't getting nearly as many hits from the
> worm, maybe 1500 during the spam attack.  A couple of years ago we had
> some mail bomber send something like 64,000 messages one day.  Its the
> same machine, a 166 Mhz with 64 megs of ram.  The OS and smtp server has
> changed, we used to run BSDi with sendmail and now we have Debian with
> exim.  Here is one of the errors in syslog:
> Aug  7 22:55:55 mercury inetd[269]: smtp/tcp server failing (looping),
> service terminated
> Any clues?
> 
> Thanks,
> Chuck
> 
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
> 
> 


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug