Just a bit of stress relief, ....

For the generic offtopic chit-chat
Post Reply
ciaobaby

Just a bit of stress relief, ....

Post by ciaobaby »

I F****ng hate SPAMMERS!!!


Not content with bot-net brute force password attacks on our mail servers at the rate of 1,000 an hour for three days solid. They then proceed spoof a non-existent email address on a domain name which I happen to be 'catch-all' recipient of.

So this mornings mailbox collection had a little under 30,000 "back-scatter" messages along with a few vitriolic messages from disgruntled individuals who had taken exception at it being suggested they were receiving a generous tax refund and all they had to do was "click here".


Should I EVER happen across the scrotes who actually send these message, ... ... ...

Let's just say I do have the rusty hacksaw blade ready for the amputation of the, ... ... ummm sensitive[/bp parts of their anatomy!!
User avatar
Peter
Administrator
Administrator
Posts: 2694
Joined: Wed Jul 07, 2010 6:14 pm

Re: Just a bit of stress relief, ....

Post by Peter »

Can't you protect your service with 'fail2ban' or 'denyhosts'?
If bandwidth is a problem, you should consider switching to some DDOS hosting.
(If it's only a mail server, VPS hosting is fine.)

If it's an on-site server, you could use enterprise-grade anti-spam appliances.
Like the Barracuda Spam Firewall and things like that.

(just askin)
ciaobaby

Re: Just a bit of stress relief, ....

Post by ciaobaby »

Can't you protect your service with 'fail2ban' or 'denyhosts'?
denyhosts only 'protects' SSH, and this particular  server is a high end VM that operates as one of our shared servers so has about 70  client accounts and is running WHM and cPanel, DDoS attacks are not the problem, these are deliberate attacks aimed a specific email accounts and/or cPanel account names, which are easily identified from the domain name, though cPanel have recently (finally) provided a way to change the default name on existing accounts so it can be made harder to guess.

The "Brute force attack" blocking tool (cpHulk) is active, but as spammers get smarter in their attacks they are rotating their 'bot net proxies' and only using any one IP three or four times in ten - fifteen minutes, so they avoid triggering the automatic block. If I tighten up the blocking config to limit logins from any one IP  it often ends up catching genuine clients who have several mailboxes and users with multiple devices accessing those mailboxes from their office LAN via their external IP. It's a "damned if you do, damned if you don't" scenario.
Post Reply