homepage Welcome to WebmasterWorld Guest from 54.167.138.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
massive spam attacks taking down server
new IPs every night, how to stop?!
amznVibe




msg:3178446
 9:27 am on Dec 5, 2006 (gmt 0)

I've never experienced anything like this and we can't seem to make it stop.

Every night <snip> is spamming our server and loads are going through the roof halting all activity.

We block their IP and then the next night they are back with new IPs.

Any advice on how to stop this in a more automated fashion?

(apache 1.3x server with cpanel)

Thanks for any ideas!

[edited by: trillianjedi at 3:03 pm (utc) on Dec. 5, 2006]
[edit reason] No specifics please.... [/edit]

 

phranque




msg:3178451
 9:38 am on Dec 5, 2006 (gmt 0)

<snip>

[edited by: trillianjedi at 3:05 pm (utc) on Dec. 5, 2006]
[edit reason] Specifics are not required, thanks.... [/edit]

amznVibe




msg:3178454
 9:44 am on Dec 5, 2006 (gmt 0)

<snip>

apparently they have quite a wide network of IPs and bandwidth

[edited by: trillianjedi at 3:05 pm (utc) on Dec. 5, 2006]

phranque




msg:3178469
 10:16 am on Dec 5, 2006 (gmt 0)

you can use mod_rewrite to redirect the request to some other url which might be useful for the purpose based on a request header value.

please see this:
[httpd.apache.org...]

amznVibe




msg:3178651
 2:22 pm on Dec 5, 2006 (gmt 0)

mod_rewrite is for web access, this is email

Someone sent me some interesting info about <snip> on <snip>

[edited by: amznVibe at 2:22 pm (utc) on Dec. 5, 2006]

[edited by: trillianjedi at 3:03 pm (utc) on Dec. 5, 2006]
[edit reason] No specifics please ;) [/edit]

Red_Eye




msg:3178667
 2:38 pm on Dec 5, 2006 (gmt 0)

Do you have a catchall account setup? At one point I had one, and one christmas I had my server fill up with 30,000 emails (which made it go slow) I have since removed the catchall account. I still get spam but only spam to email accounts that exist. I am using exchange 2003.

trillianjedi




msg:3178706
 3:06 pm on Dec 5, 2006 (gmt 0)

Let's not name names here, please. Our TOS refers and the specifics are not required.

Thanks,

TJ

Romeo




msg:3178879
 5:41 pm on Dec 5, 2006 (gmt 0)

You may take a closer look on that mail spam.
Is it spam for company XYZ or in their name (may be a joe-job?) -- or does it really originate from IP addresses belonging to them? Or from arbitrary random IP addresses?
If it is originating from *their* IP addresses, then identify their IP address ranges and block entire ranges, not just single addresses.
If you can find those IP addresses listed on SORBS or SPAMHAUS or other RBLs, then let your mailserver use these RBLs. If they originate from a network of zombified spam bots on enduser dial-up addresses, then use a DUL RBL.
Depending on your specifics, this may help a lot -- or not.

Kind regards,
R.

jtara




msg:3178892
 5:50 pm on Dec 5, 2006 (gmt 0)

What is the call to action in the spam? That is your clue to identifying the spammer, which may or may not be who they appear to be on the surface.

If they want you to go to a web site, check the URL carefully. Does it go to the site it claims to be? Use WHOIS to see if it really belongs to the company they are claiming to be. Check for affiliate codes in the URL. Do they want you to call a phone number? There are reverse-number directories.

If there's an affiliate code, contact the company and tell them that one of their affiliates is spamming.

If they've set-up a fake site using similar name, etc. also contact the company they are faking - their legal department has better resources than you do, and an interest in making them stop.

If there is a phone number, it is almost certainly the number to a third-party call center, 900-program operator, etc. They generally don't want the liability of being associated with spam, and can bring pressure on the spammer or even cut-off their phone service.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved