Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Mon, 14 Mar 2005 08:03:25 +0100, Roger Grosswiler <roger@xxxxxxxx> wrote:
>> Roger Grosswiler schrieb:
>> > Bob Brennan schrieb:
>> > [snip]
>> >
>> >>> Probably a good idea to shut them off semi-permanently:
>> >>> add these lines to your iptables firewall:
>> >>> (Note - there are more general ways to script iptables setups)
>> >>> (Read "better ways", but this is a specific example)
>> >>>
>> >>> #  Next 8 lines specific to tfn.net.tw
>> >>> # Log any connection attempts by tfn,net.tw
>> >>> iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j LOG --log-prefix
>> >>> "static.tfn.net.tw"
>> >>> iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP -j LOG
>> >>> --log-prefix "dynamic.tfn.net.tw "
>> >>>
>> >>> # Drop dynamic.tfn.net.tw
>> >>> iptables -A INPUT  -i eth0 -s  61.31.0.0/16 -j DROP
>> >>> # Drop static.tfn.net.tw
>> >>> iptables -A INPUT  -i eth0 -s  219.81.0.0/16 -j DROP
>> >
>> > [/snip]
>> >
>> > Hi Bob,
>> >
>> > Good way to get the spammer of your ports ;-)
>> >
>> > See here 2 links, where you chan check your mailserver immediately for
>> > your "open relay". There is no need to register or whatever - just type
>> > your ip and go. You will see if your mailserver is secure enough or
>> > which methods still could be used, to send spam via your mailserver.
>> >
>> > http://www.relaycheck.com/test.asp
>> > http://www.antispam-ufrj.pads.ufrj.br/
>> >
>> > Have you built-in RBL-Support for your mailserver? This perhaps could
>> > get your spammer even off your mailserver. See 3 free lists below.
>> >
>> > bl.spamcop.net,
>> > relays.ordb.org,
>> > sbl.spamhaus.org,
>> >
>> > btw. preferably you use by today no longer pop-before-smtp, either use
>> > smtp-auth. If you authenticate your users in pop/imap against mysql you
>> > COULD use the same database for smtp either.
>> >
>> > HTH
>> > Roger
>> >
>> btw. doing perror 13 in shell gives the following:
>>
>> [roger@link ~]$ perror 13
>> Error code  13:  Permission denied
>>
>> ...i had this too, this was an issue from selinux. You could either
>> disable mysql-support in selinux (system-config-securitylevel) or try to
>> relabel your system. This helped me, in some way (...)
>>
>> /sbin/fixfiles relabel
>>
>> make also sure, that your /var/lib/mysql is chowned -R mysql:mysql
>
> Hi Roger,
>
> Thanks very much for all of the handy tips - I remember seeing the
> "/sbin/fixfiles relabel" trick in previous postings on this list and I
> will try that right away - I am anxious to re-enable SELinux asap.
>
> I still got more than 500 attempts by the spammer(s) yesterday but
> hopefully the iptables  fix from Jeff Kinz will finally put an end to
> that today. I think their persistant, but futile attempts to send
> proves that it is simply Windoze zombie machines out there wasting our
> time and bandwidth.
>
> Thanks again for the help,
> bob
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

as soon as you don't need e-mails out of those ranges, it's quite helpful, i even blocked some ranges in the
beginning. when i set up rbl-checking, i had to have patience for about 1 month, since then, i just have 2-3 attempts
per day. RBL sorts in good quality good from bad traffic. Unfortunately, it doesn't block those zombies - perhaps
infected by a worm.

But, at least for those IP's you can save yourself also dns-traffic ;-)

Roger



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux