[BlueOnyx:01519] Re: Slammed with Spammer

Chuck Tetlow chuck at tetlow.net
Sat Jun 27 19:03:46 -05 2009 

Also check your webmail package logs.  We had one guess a username/password and was using a BQ server as a relay with SMTP Auth.  I shut that down and it was OK for a couple days.  Then I noticed a ton of crap going thru us again. Turns out he was using the OpenWebMail package to send it out. 

I finally just blocked his whole stinkin' country with our front-door router.  Fixed that garbage!  Of course - I also deleted the account he was using.  Any user stupid enough to change his password to the same thing as his username is too stupid to use my service!!

Chuck

---------- Original Message -----------
From: "Charles Bowman" <charlesbowman at wknet.co.uk> 
To: <blueonyx at blueonyx.it> 
Sent: Sat, 27 Jun 2009 19:03:04 +0100 
Subject: [BlueOnyx:01515] Re: Slammed with Spammer

> Check your secure logs: 
> #more /var/log/secure 
> Look for *lots* of connections, verifying the IP address will give you 
> anything obvious; i.e. Taiwanese IP logging-in. 
> Check the webspace for the user for any Phisting scams & web back doors. 
> Check the rest of the box has not been compromised... 
> 
> Cheers, 
> Charles 
> 
> -----Original Message----- 
> From: blueonyx-bounces at blueonyx.it 
> [mailto:blueonyx-bounces at blueonyx.it]On Behalf Of Steve Davis 
> Sent: 27 June 2009 18:05 
> To: blueonyx at blueonyx.it 
> Subject: [BlueOnyx:01513] Slammed with Spammer 
> Importance: Low 
> 
> Having an issue with an old enemy on a new BO box. 
> 
> net.tw, 
> gov.tw 
> org.tw 
> net.tw 
> com.tw 
> 
> take your pick. 
> 
> Some how, they must know one of the emails userid and password on the 
> box and are sending 4000 - 5000 spams per hour into my mail queue. 
> 
> I have turned off PopBeforeSMTP, so probably not sending email out. 
> Probably. 
> 
> How do I tell which account is being used to connect. 
> 
> Any other suggestion of course is always appreciated. 
> 
> Steve 
> 
> _______________________________________________ 
> Blueonyx mailing list 
> Blueonyx at blueonyx.it 
> http://www.blueonyx.it/mailman/listinfo/blueonyx 
> 
> _______________________________________________ 
> Blueonyx mailing list 
> Blueonyx at blueonyx.it 
> http://www.blueonyx.it/mailman/listinfo/blueonyx 
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090627/b2df05e0/attachment.html>

More information about the Blueonyx mailing list