9 mbs all weekend ... phuck .. - GoFuckYourself.com

boldy · 06-23-2002, 03:14 PM

I cannot walk away from my console for 2 days ...

My server has been running on 9 mbs fulltime the whole weekend, some kind of smtp attack, like 1000's of emails where send to my smtp with various sizes 1-100 meg a email

is there a way to stop this kind of shit. I use postfix as smtp server.

thnx

Pipecrew · 06-23-2002, 03:15 PM

disable all email

pr0 · 06-23-2002, 03:20 PM

unplug your server & quit pissing off hackers

kmanrox · 06-23-2002, 03:56 PM

sounds like you need some cheap, reliable bandwdith,

http://www.cologroup.com

toddler · 06-23-2002, 04:12 PM

hmm, you don't happen to have any
of the default cgi's installed do you? some of them are really, really bad about not checking valid returns, etc. mailer.cgi is one i recall from not too long ago. do you need email on
this box? have you looked at the logs(mail and http) to see how they are doing it? its pretty easy to do, but also pretty easy to fix....

t

boldy · 06-23-2002, 04:13 PM

Quote:

Originally posted by toddler
hmm, you don't happen to have any
of the default cgi's installed do you? some of them are really, really bad about not checking valid returns, etc. mailer.cgi is one i recall from not too long ago. do you need email on
this box? have you looked at the logs(mail and http) to see how they are doing it? its pretty easy to do, but also pretty easy to fix....

t

Nope .. . dont have default scripts

E-van · 06-23-2002, 04:22 PM

disable smtp on your server.

if you are using it for your own mail, I suggest this little tool

http://www.postcastserver.com

it's a local smtp server, it will run in your machine and send any email you need, it's free too...

boldy · 06-23-2002, 04:25 PM

Quote:

Originally posted by E-van
disable smtp on your server.

if you are using it for your own mail, I suggest this little tool

http://www.postcastserver.com

it's a local smtp server, it will run in your machine and send any email you need, it's free too...

Thnx but trust me, i need smtp ..

GFED · 06-23-2002, 05:13 PM

I had formmail installed and someone used it to send about 20,000 SPAM mails. I'm still being bombarded with return receipts. Make sure you've got the updated version if you're using it.

FireFoz · 06-23-2002, 05:21 PM

make sure your server isnt an open relay... they get used for spam. So basicly make sure that your server required a login in order to SEND email through it. Once you did that, you can also limit the max size of an emal to 5mb or something like that so they wont send those 100mb emails anymore for sure.

pr0 · 06-23-2002, 05:52 PM

Quote:

Originally posted by GFED
I had formmail installed and someone used it to send about 20,000 SPAM mails. I'm still being bombarded with return receipts. Make sure you've got the updated version if you're using it.

playa · 06-23-2002, 06:43 PM

spammers using your server as a relay,,,

two ways to fix it,,, place a cap on the server and or close the smtp port,,, till you can prevent the problem again

mike503 · 06-23-2002, 08:50 PM

block their ip addresses using iptables, ipchains, or ipfw.

also, postfix by default does not allow foreign relaying... maybe it's people sending you messages, or someone faked headers so you get tons of returned emails (somewhat like a smurf attack but using email..) not sure. would have to see.

hit me up on icq if you want my help looking into it..

Smegma · 06-23-2002, 08:58 PM

Disable Relaying

kmanrox · 06-23-2002, 09:09 PM

does that make me a computer geek because i am madly in love with my computer?

i love it so much in fact, that i slip a pube in the a: every day so i can feel sexually connected.... is this normal?

quiet · 06-23-2002, 09:12 PM

hahaha

kmanrox · 06-23-2002, 09:13 PM

is this funny? so it is not normal??

darksoft · 06-24-2002, 01:40 AM

Just run qmail amd forget all the other shit.

mike503 · 06-24-2002, 01:48 AM

postfix by default is pretty secure, especially relay-wise. it's almost too strict. unless you fucked with the settings, it isn't a relay issue.

qmail is poopie to install. postfix is much better. however, i will give djb props on djbdns. i do use that and am proud to tell the world.

boldy · 06-24-2002, 04:00 AM

relaying is disabled ofcourse, and i blocked the fucker in my iptables and checkpoint firewall. He was not using it as a relay but he was just flooding my smtp. I dont know why, may b he dont like my gallerychecker.com stuff..

Anyway bandwdith is $$$ overhere so 9mbs a few days is not funny cashwise...

Mayb all his galleries got declined on TGPs using it. I dont know.

mike503 · 06-24-2002, 04:07 AM

yeah that sounded like the more viable issue.. postfix is good with relay security

sucks man. i feel your pain. been there, done that.

06-23-2002, 03:14 PM	#1
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	9 mbs all weekend ... phuck .. I cannot walk away from my console for 2 days ... My server has been running on 9 mbs fulltime the whole weekend, some kind of smtp attack, like 1000's of emails where send to my smtp with various sizes 1-100 meg a email is there a way to stop this kind of shit. I use postfix as smtp server. thnx __________________ MacDaddy Coder.

06-23-2002, 03:20 PM	#3
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	unplug your server & quit pissing off hackers __________________ __________ Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

06-23-2002, 03:56 PM	#4
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,295	sounds like you need some cheap, reliable bandwdith, http://www.cologroup.com __________________ Crypto HODLr Crypto mining Angel investor

06-23-2002, 04:22 PM	#7
E-van Confirmed User Join Date: Jul 2001 Location: Mex Posts: 447	disable smtp on your server. if you are using it for your own mail, I suggest this little tool http://www.postcastserver.com it's a local smtp server, it will run in your machine and send any email you need, it's free too... __________________ Virtual accounts 39 cents per gig! Dedicated Servers starting at 31 cents per gig

06-23-2002, 05:13 PM	#9
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,121	I had formmail installed and someone used it to send about 20,000 SPAM mails. I'm still being bombarded with return receipts. Make sure you've got the updated version if you're using it. __________________ https://www.flow.page/savethechildren

06-23-2002, 03:15 PM	#2
Pipecrew Master of Gfy.com Industry Role: Join Date: Feb 2002 Posts: 14,887	disable all email

06-23-2002, 04:12 PM	#5
toddler Confirmed User Join Date: Jun 2002 Location: austin, tx Posts: 1,911	hmm, you don't happen to have any of the default cgi's installed do you? some of them are really, really bad about not checking valid returns, etc. mailer.cgi is one i recall from not too long ago. do you need email on this box? have you looked at the logs(mail and http) to see how they are doing it? its pretty easy to do, but also pretty easy to fix.... t

06-23-2002, 05:21 PM	#10
FireFoz Confirmed User Join Date: Apr 2002 Posts: 480	make sure your server isnt an open relay... they get used for spam. So basicly make sure that your server required a login in order to SEND email through it. Once you did that, you can also limit the max size of an emal to 5mb or something like that so they wont send those 100mb emails anymore for sure.

06-23-2002, 06:43 PM	#12
playa Confirmed User Join Date: Feb 2001 Location: atlanta, GA Posts: 6,432	spammers using your server as a relay,,, two ways to fix it,,, place a cap on the server and or close the smtp port,,, till you can prevent the problem again

06-23-2002, 08:50 PM	#13
mike503 Confirmed User Industry Role: Join Date: May 2002 Location: oregon. Posts: 2,243	block their ip addresses using iptables, ipchains, or ipfw. also, postfix by default does not allow foreign relaying... maybe it's people sending you messages, or someone faked headers so you get tons of returned emails (somewhat like a smurf attack but using email..) not sure. would have to see. hit me up on icq if you want my help looking into it.. __________________ php/mysql guru. hosting, coding, all that jazz.

06-23-2002, 08:58 PM	#14
Smegma Confirmed User Join Date: Feb 2002 Posts: 1,751	Disable Relaying

06-23-2002, 09:09 PM	#15
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,295	does that make me a computer geek because i am madly in love with my computer? i love it so much in fact, that i slip a pube in the a: every day so i can feel sexually connected.... is this normal? __________________ Crypto HODLr Crypto mining Angel investor

06-23-2002, 09:12 PM	#16
quiet we'll miss you our friend. RIP Industry Role: Join Date: Sep 2001 Location: Fernie, BC Posts: 25,115	hahaha

06-23-2002, 09:13 PM	#17
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,295	is this funny? so it is not normal?? __________________ Crypto HODLr Crypto mining Angel investor

06-24-2002, 01:40 AM	#18
darksoft Confirmed User Join Date: Mar 2001 Location: BumFuck Ohio Posts: 768	Just run qmail amd forget all the other shit.

06-24-2002, 01:48 AM	#19
mike503 Confirmed User Industry Role: Join Date: May 2002 Location: oregon. Posts: 2,243	postfix by default is pretty secure, especially relay-wise. it's almost too strict. unless you fucked with the settings, it isn't a relay issue. qmail is poopie to install. postfix is much better. however, i will give djb props on djbdns. i do use that and am proud to tell the world. __________________ php/mysql guru. hosting, coding, all that jazz.

06-24-2002, 04:00 AM	#20
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	relaying is disabled ofcourse, and i blocked the fucker in my iptables and checkpoint firewall. He was not using it as a relay but he was just flooding my smtp. I dont know why, may b he dont like my gallerychecker.com stuff.. Anyway bandwdith is $$$ overhere so 9mbs a few days is not funny cashwise... Mayb all his galleries got declined on TGPs using it. I dont know. __________________ MacDaddy Coder.

06-24-2002, 04:07 AM	#21
mike503 Confirmed User Industry Role: Join Date: May 2002 Location: oregon. Posts: 2,243	yeah that sounded like the more viable issue.. postfix is good with relay security sucks man. i feel your pain. been there, done that. __________________ php/mysql guru. hosting, coding, all that jazz.