Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 14 Mar 2005 08:03:25 +0100, Roger Grosswiler <roger@xxxxxxxx> wrote:
> Roger Grosswiler schrieb:
> > Bob Brennan schrieb:
> > [snip]
> >
> >>> Probably a good idea to shut them off semi-permanently:
> >>> add these lines to your iptables firewall:
> >>> (Note - there are more general ways to script iptables setups)
> >>> (Read "better ways", but this is a specific example)
> >>>
> >>> #  Next 8 lines specific to tfn.net.tw
> >>> # Log any connection attempts by tfn,net.tw
> >>> iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j LOG --log-prefix
> >>> "static.tfn.net.tw"
> >>> iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP -j LOG
> >>> --log-prefix "dynamic.tfn.net.tw "
> >>>
> >>> # Drop dynamic.tfn.net.tw
> >>> iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP
> >>> # Drop static.tfn.net.tw
> >>> iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j DROP
> >
> > [/snip]
> >
> > Hi Bob,
> >
> > Good way to get the spammer of your ports ;-)
> >
> > See here 2 links, where you chan check your mailserver immediately for
> > your "open relay". There is no need to register or whatever - just type
> > your ip and go. You will see if your mailserver is secure enough or
> > which methods still could be used, to send spam via your mailserver.
> >
> > http://www.relaycheck.com/test.asp
> > http://www.antispam-ufrj.pads.ufrj.br/
> >
> > Have you built-in RBL-Support for your mailserver? This perhaps could
> > get your spammer even off your mailserver. See 3 free lists below.
> >
> > bl.spamcop.net,
> > relays.ordb.org,
> > sbl.spamhaus.org,
> >
> > btw. preferably you use by today no longer pop-before-smtp, either use
> > smtp-auth. If you authenticate your users in pop/imap against mysql you
> > COULD use the same database for smtp either.
> >
> > HTH
> > Roger
> >
> btw. doing perror 13 in shell gives the following:
> 
> [roger@link ~]$ perror 13
> Error code  13:  Permission denied
> 
> ...i had this too, this was an issue from selinux. You could either
> disable mysql-support in selinux (system-config-securitylevel) or try to
> relabel your system. This helped me, in some way (...)
> 
> /sbin/fixfiles relabel
> 
> make also sure, that your /var/lib/mysql is chowned -R mysql:mysql

Hi Roger,

Thanks very much for all of the handy tips - I remember seeing the
"/sbin/fixfiles relabel" trick in previous postings on this list and I
will try that right away - I am anxious to re-enable SELinux asap.

I still got more than 500 attempts by the spammer(s) yesterday but
hopefully the iptables  fix from Jeff Kinz will finally put an end to
that today. I think their persistant, but futile attempts to send
proves that it is simply Windoze zombie machines out there wasting our
time and bandwidth.

Thanks again for the help,
bob


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux