Welcome to WebmasterWorld Guest from 54.146.221.231

Forum Moderators: phranque

Message Too Old, No Replies

Incredible spam assault today

like nothing I've seen before

     
7:49 pm on Mar 1, 2008 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


On a typical day my main Inbox will receive 150-200 spam messages. Today I connected to the mail server and there are 70052 messages waiting. That's right: seventy thousand and fifty two. I predict perhaps 6 or 7 of them will be legit.

They're still downloding... so far most of them look identical with a blank subject line, and a body message hawking - oh the irony - email advertising services. Definitely a brute force effort spamming messages to someWord@myDomain.com, anotherWord@myDomain.com, etc... multiplied by a robust portion of my domains

I never expected this morning that it would take several hours to check my e-mail

Oh, and according to my virus filter at least one of the messages contained a Trojan

(sigh)
I hope the powers that be catch this spammer and nail his yaddayadda to the wall

8:40 pm on Mar 1, 2008 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


50 minutes later, and I'm almost 17% done downloading them all. Math says this will take about 4.6 hours
8:59 pm on Mar 1, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 28, 2002
posts:505
votes: 0


someWord@myDomain.com, anotherWord@myDomain.com,

Take care that your server does not receive more spam mails faster than you can retrieve them ...

So, as a first measure, it may be wise to switch 'catch-all' off ...

11:01 pm on Mar 1, 2008 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2007
posts:6
votes: 0


Over the years I have had different spam filters ranging from spam-assassin in our server, Postini and even a long list of custom filters on my mail server.
Strangely a few years ago I tried Yahoo as a webserver for multiple of our domains. When I left I think they sold our alias list of names because since then our spam quadrupled.
I recently changed over to www.spamstopshere.com and setup multiple domains to pas the MX records thru.
My SPAM is down from 1000ís a day to just a few a day. Their GUI is the easiest to use and well worth the $$$$$

Alan Dobbs
Houston

11:04 pm on Mar 1, 2008 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2007
posts: 6
votes: 0


Oh a quick note your server may be set as a "Open Relay" check into it as my old Cobalt year ago was accidently set and the flood gates of spam were pouring in.
A open relay is having a 3rd party use your server to distribute spam so they cannot be traced.
12:13 am on Mar 2, 2008 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


7:13 PM, and still downloading...
12:33 am on Mar 2, 2008 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 27, 2001
posts: 12166
votes: 51


7:13 PM, and still downloading...

Do you receive emails from some of your websites? Do you have any type of .exe running that sends out a newsletter or promotion?

There was a time where I thought we were under a brute email spam assault. Come to find out, one of our .exe's for email promotions got stuck due to an invalid character somewhere in the email. The system didn't catch it and the emails bled out over a period of 5 hours before it was caught. All to the same recipient. Got us Blacklisted too. :(

3:12 am on Mar 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 4, 2002
posts:1687
votes: 0


Brutal. My sympathies. Be glad you're not on dial-up. If that happened to me, it would take days :-)

Have you checked to see if there's an IP# or range responsible that you can block?

10:59 am on Mar 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 24, 2002
posts:894
votes: 0


Instead of downloading all these messages, why don't you delete them on the server ?
1:04 pm on Mar 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 16, 2002
posts:2744
votes: 0


Instead of downloading all these messages, why don't you delete them on the server ?

My thoughts exactly.

I had similar problems while using my website mail service until I switched to Gmail.

Now I can quickly delete any problems BEFORE downloading to my computer.

3:27 pm on Mar 2, 2008 (gmt 0)

Full Member

10+ Year Member

joined:Sept 7, 2005
posts:242
votes: 0


With this type of attack, you're probably not the intended target. The spammer most likely intended for the messages to bounce the invalid account names instead of collecting in your "catch all" box. Certain MTAs, such as Qmail, will bounce these messages, with the receipient being the forged return header. So if you get rid of the catch all, your mail server may bounce the messages, basically sending out mail for the spammer, who's intended recipient is the forged return address.