LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

Just a question. Has anyone notice a sever increase in spam over the past week. Our connections which have been normally 10 a minute have increased to 100-1000 a min. Sometimes to the point where Spamfilterisp will recieve Socket errors and have to be restarted. A majority of the emails have a <> "Blank" From Email (over 240,000 a night). I usually block if no From Email is listed, but had to set it to quarantine to help lower the traffic, as the source continues to try if rejected. Just thought I would toss this out there. Looks though as if someone is a little upset we have a spam filter and are trying intentionally a DoS.

Edited by Thing

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Thing Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 30 September 2005 Status: Offline Points: 10	Post Options Post Reply Quote Thing Report Post Thanks(0) Quote Reply Topic: Spam Pounding Posted: 12 June 2006 at 4:30pm
	Just a question. Has anyone notice a sever increase in spam over the past week. Our connections which have been normally 10 a minute have increased to 100-1000 a min. Sometimes to the point where Spamfilterisp will recieve Socket errors and have to be restarted. A majority of the emails have a <> "Blank" From Email (over 240,000 a night). I usually block if no From Email is listed, but had to set it to quarantine to help lower the traffic, as the source continues to try if rejected. Just thought I would toss this out there. Looks though as if someone is a little upset we have a spam filter and are trying intentionally a DoS. Edited by Thing

Marco Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 07 June 2005 Location: Netherlands Status: Offline Points: 137	Post Options Post Reply Quote Marco Report Post Thanks(0) Quote Reply Posted: 13 June 2006 at 3:57am
	sounds as if you're targeted. no increase here , but we're just a small company. Edited by Marco
	Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams

lyndonje Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192	Post Options Post Reply Quote lyndonje Report Post Thanks(0) Quote Reply Posted: 13 June 2006 at 8:25am
	Shouldn't the IP Cache blacklist stop this?

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 13 June 2006 at 12:45pm
	If they have a whole slew of zombies at their disposal they could rotate them through during the attack. It helps to use AuthorizedTo list expecially if its a dictionary attack. Edited by WebGuyz
	http://www.webguyz.net

Thing Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Thing Thanks(0) Quote Reply Posted: 13 June 2006 at 1:57pm
	All unique IPs, I'm sure they are forged. It is an unique attack.

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 13 June 2006 at 2:03pm
	They can't (easily) forge the final IP just when SFI receives it. Maybe there is something common in the contect itself that can be blocked or is it just various spam messages?
	http://www.webguyz.net

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Spam Pounding