[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bob Goofed and gave the spammers free reign...
- To: email@example.com, firstname.lastname@example.org
- Subject: Bob Goofed and gave the spammers free reign...
- From: Nanook <email@example.com>
- Date: Fri, 9 Dec 2005 14:10:42 -0800 (PST)
- Cc: firstname.lastname@example.org
- List-help: <mailto:email@example.com?subject=help>
- List-post: <mailto:firstname.lastname@example.org>
- List-subscribe: <mailto:email@example.com?subject=subscribe>
- List-unsubscribe: <mailto:firstname.lastname@example.org?subject=unsubscribe>
- Resent-date: Fri, 9 Dec 2005 14:10:46 -0800
- Resent-from: email@example.com
- Resent-message-id: <QhyizD.A.x0.mDgmDB@ultra7.eskimo.com>
- Resent-sender: firstname.lastname@example.org
Last night while attempting to add SSL capability to the main server (so far unsuccessfully) I accidentally put the OLD 1.3.17 binary back in place when I gave up for the night instead of the non-SSL 1.3.34. The result were the spammers discovered this and decided to really hammer it while they had the chance. I had 750 or so bounces in my INBOX from this when I logged in to day, the spool directories were full of spam and the web server was working hard sending out spam. I fixed the binary, got back to 1.3.34 and erased all the spam still in queue. My apologies to everyone here that may have been deluged. The spam in question would have come from 18.104.22.168. I have erased the old binary entirely to make sure there is no possibility I might put it back in the future. 3.1.17 has an exploit the spammers hav been able to use to relay spam. Because the server, even the root process, runs does not run as root, and sendmail runs with priviledge seperation, this did not give them root access, but unfortunately they didn't need it to use the box as a spam relay. To the folks at AOL who were the main, but not exclusive, target of these spammers, I apologize. This has been corrected. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.