Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roger Grosswiler schrieb:
Bob Brennan schrieb:
[snip]

Probably a good idea to shut them off semi-permanently:
add these lines to your iptables firewall:
(Note - there are more general ways to script iptables setups)
(Read "better ways", but this is a specific example)

# Next 8 lines specific to tfn.net.tw
# Log any connection attempts by tfn,net.tw
iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix "static.tfn.net.tw"
iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG --log-prefix "dynamic.tfn.net.tw "


# Drop dynamic.tfn.net.tw
iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP
# Drop static.tfn.net.tw
iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j DROP

[/snip]

Hi Bob,

Good way to get the spammer of your ports ;-)

See here 2 links, where you chan check your mailserver immediately for your "open relay". There is no need to register or whatever - just type your ip and go. You will see if your mailserver is secure enough or which methods still could be used, to send spam via your mailserver.

http://www.relaycheck.com/test.asp
http://www.antispam-ufrj.pads.ufrj.br/

Have you built-in RBL-Support for your mailserver? This perhaps could get your spammer even off your mailserver. See 3 free lists below.

bl.spamcop.net,
relays.ordb.org,
sbl.spamhaus.org,

btw. preferably you use by today no longer pop-before-smtp, either use smtp-auth. If you authenticate your users in pop/imap against mysql you COULD use the same database for smtp either.

HTH
Roger

btw. doing perror 13 in shell gives the following:

[roger@link ~]$ perror 13
Error code  13:  Permission denied

...i had this too, this was an issue from selinux. You could either disable mysql-support in selinux (system-config-securitylevel) or try to relabel your system. This helped me, in some way (...)

/sbin/fixfiles relabel

make also sure, that your /var/lib/mysql is chowned -R mysql:mysql

HTH
Roger
begin:vcard
fn:Roger Grosswiler
n:Grosswiler;Roger
email;internet:http://www.gwch.net
tel;home:+41 56 496 36 93
tel;cell:+41 78 797 61 53
x-mozilla-html:FALSE
version:2.1
end:vcard


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux