An insidious spam botnet attacks Charly

BOT POSSE

Author(s):

While going about his normal duties, Linux Magazine author Charly Kühnast was hit with a mean attack. Charly’s separate anti-spam server, which sits in front of his mail server, saved him from the mail storm.

A sunny Tuesday in July. I’m just typing my Sysadmin column for Linux Magazine. It’s 2.00 pm by the time I take a glance at the monitor that gives me the latest load and traffic data for the critical servers I manage. Lo and behold, the reject line in the spam filter graph has just skyrocketed (See Figure 1). The article will have to wait. The server is rejecting large quantities of mail at an early stage of the SMTP dialog. I suspect a wave of spam with clumsily spoofed envelopes. That’s nothing new: for each legitimate email I receive, I get at least two spam mails. But I still decide to open an SSH connection to the spam filter, which is running on a separate machine, and I can’t believe my eyes when I discover 140 parallel SMTP connections. That’s ten times the normal level. And it’s unusual for the server just to drop the connections like that.

Read full article as PDF:

Bot_Attack.pdf (177.56 kB)

Related content

  • Spam Test

    Spam filters can help smooth the waves in your inbox, as long as they are reliable and don’t have too many side effects. We’ll show you what we found when we tested five antispam appliances and two service providers.

  • Charly's Column

    At the Niederrhein University future admins implement spam defense mechanisms by attracting the attention of the Viagra Mafia. The results are pertinacious blacklists and expert knowledge of methods for combating the menace.

  • Amavisd-new

    Sometimes the best time to stop bad mail is before it arrives. AmavisdNew is an Open Source interface for integrating spam and virus filtering with your mail server.

  • Blocking Spam Intro

    Spammers charge real money for their dubious services, and hundreds of advertisers are willing to pay. We’ll show you some innovative techniques for controlling and containing spam, including strategies for slowing down spam bots, keeping spammers from getting your address, and separating spam from legitimate email.

  • Charly's Column

    The Postfix Policyd plugin fights spam using techniques such as greylisting, source detection, volume measurements, blacklisting, and HELO rotation detection.

comments powered by Disqus

Direct Download

Read full article as PDF:

Bot_Attack.pdf (177.56 kB)

News