Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 12, 2005 at 09:51:04AM +0000, Bob Brennan wrote:
> Here is a truncated logwatch indicating more than 1000 spams sent but
> seemingly a lot more denied, and most if not all bounced. I have
> truncated the "Relaying denied" list because it ran into pages. There
> are continuing attempts to relay through my server, every few minutes,
> all denied now. Hopefully the bast**ds will give up and move on
> soon...
> 

Probably a good idea to shut them off semi-permanently:
add these lines to your iptables firewall:
(Note - there are more general ways to script iptables setups)
(Read "better ways", but this is a specific example)


#  Next 8 lines specific to tfn.net.tw
# Log any connection attempts by tfn,net.tw
iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j LOG --log-prefix "static.tfn.net.tw"
iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP -j LOG --log-prefix "dynamic.tfn.net.tw "

# Drop dynamic.tfn.net.tw
iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP
# Drop static.tfn.net.tw
iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j DROP



>     2441/125: 219-81-152-11.static.tfn.net.tw [219.81.152.11]
>     1250/74: 61-31-142-15.dynamic.tfn.net.tw [61.31.142.15]
>     1200/78: 219-81-147-236.static.tfn.net.tw [219.81.147.236]

-- 
"The only system which is truly secure, is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, surrounded by nerve gas and very highly paid armed guards. Even
then, I wouldn't stake my life on it" - Gene Spafford 
http://kinz.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux