homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Incredible spam assault today
like nothing I've seen before
httpwebwitch




msg:3588943
 7:49 pm on Mar 1, 2008 (gmt 0)

On a typical day my main Inbox will receive 150-200 spam messages. Today I connected to the mail server and there are 70052 messages waiting. That's right: seventy thousand and fifty two. I predict perhaps 6 or 7 of them will be legit.

They're still downloding... so far most of them look identical with a blank subject line, and a body message hawking - oh the irony - email advertising services. Definitely a brute force effort spamming messages to someWord@myDomain.com, anotherWord@myDomain.com, etc... multiplied by a robust portion of my domains

I never expected this morning that it would take several hours to check my e-mail

Oh, and according to my virus filter at least one of the messages contained a Trojan

(sigh)
I hope the powers that be catch this spammer and nail his yaddayadda to the wall

 

httpwebwitch




msg:3588958
 8:40 pm on Mar 1, 2008 (gmt 0)

50 minutes later, and I'm almost 17% done downloading them all. Math says this will take about 4.6 hours

Romeo




msg:3588964
 8:59 pm on Mar 1, 2008 (gmt 0)

someWord@myDomain.com, anotherWord@myDomain.com,

Take care that your server does not receive more spam mails faster than you can retrieve them ...

So, as a first measure, it may be wise to switch 'catch-all' off ...

jtek




msg:3589016
 11:01 pm on Mar 1, 2008 (gmt 0)

Over the years I have had different spam filters ranging from spam-assassin in our server, Postini and even a long list of custom filters on my mail server.
Strangely a few years ago I tried Yahoo as a webserver for multiple of our domains. When I left I think they sold our alias list of names because since then our spam quadrupled.
I recently changed over to www.spamstopshere.com and setup multiple domains to pas the MX records thru.
My SPAM is down from 1000ís a day to just a few a day. Their GUI is the easiest to use and well worth the $$$$$

Alan Dobbs
Houston

jtek




msg:3589017
 11:04 pm on Mar 1, 2008 (gmt 0)

Oh a quick note your server may be set as a "Open Relay" check into it as my old Cobalt year ago was accidently set and the flood gates of spam were pouring in.
A open relay is having a 3rd party use your server to distribute spam so they cannot be traced.

httpwebwitch




msg:3589039
 12:13 am on Mar 2, 2008 (gmt 0)

7:13 PM, and still downloading...

pageoneresults




msg:3589042
 12:33 am on Mar 2, 2008 (gmt 0)

7:13 PM, and still downloading...

Do you receive emails from some of your websites? Do you have any type of .exe running that sends out a newsletter or promotion?

There was a time where I thought we were under a brute email spam assault. Come to find out, one of our .exe's for email promotions got stuck due to an invalid character somewhere in the email. The system didn't catch it and the emails bled out over a period of 5 hours before it was caught. All to the same recipient. Got us Blacklisted too. :(

Stefan




msg:3589089
 3:12 am on Mar 2, 2008 (gmt 0)

Brutal. My sympathies. Be glad you're not on dial-up. If that happened to me, it would take days :-)

Have you checked to see if there's an IP# or range responsible that you can block?

Staffa




msg:3589216
 10:59 am on Mar 2, 2008 (gmt 0)

Instead of downloading all these messages, why don't you delete them on the server ?

Tropical Island




msg:3589269
 1:04 pm on Mar 2, 2008 (gmt 0)

Instead of downloading all these messages, why don't you delete them on the server ?

My thoughts exactly.

I had similar problems while using my website mail service until I switched to Gmail.

Now I can quickly delete any problems BEFORE downloading to my computer.

BananaFish




msg:3589326
 3:27 pm on Mar 2, 2008 (gmt 0)

With this type of attack, you're probably not the intended target. The spammer most likely intended for the messages to bounce the invalid account names instead of collecting in your "catch all" box. Certain MTAs, such as Qmail, will bounce these messages, with the receipient being the forged return header. So if you get rid of the catch all, your mail server may bounce the messages, basically sending out mail for the spammer, who's intended recipient is the forged return address.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved