Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bob Goofed and gave the spammers free reign...




     Last night while attempting to add SSL capability to the main server (so
far unsuccessfully) I accidentally put the OLD 1.3.17 binary back in place when
I gave up for the night instead of the non-SSL 1.3.34.  The result were the
spammers discovered this and decided to really hammer it while they had the
chance.  I had 750 or so bounces in my INBOX from this when I logged in to day,
the spool directories were full of spam and the web server was working hard
sending out spam.

     I fixed the binary, got back to 1.3.34 and erased all the spam still in
queue.  My apologies to everyone here that may have been deluged.

     The spam in question would have come from 204.122.16.64.

     I have erased the old binary entirely to make sure there is no possibility
I might put it back in the future.  3.1.17 has an exploit the spammers hav
been able to use to relay spam.  Because the server, even the root process,
runs does not run as root, and sendmail runs with priviledge seperation, this
did not give them root access, but unfortunately they didn't need it to use the
box as a spam relay.

     To the folks at AOL who were the main, but not exclusive, target of these
spammers, I apologize.  This has been corrected.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.