Re: [T3] issue with @aol.com subscribers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [New Search]

Re: [T3] issue with @aol.com subscribers

To: type3@vwtype3.org
Subject: Re: [T3] issue with @aol.com subscribers
From: Aaron Clow <lists1@gloomychicken.com>
Date: Wed, 12 Jul 2006 13:06:33 -0400
In-reply-to: <59554.169.229.38.33.1152721824.squirrel@169.229.38.33>
List-help: <mailto:type3-request@vwtype3.org?subject=help>
List-post: <mailto:type3@vwtype3.org>
List-subscribe: <mailto:type3-request@vwtype3.org?subject=subscribe>
List-unsubscribe: <mailto:type3-request@vwtype3.org?subject=unsubscribe>
Old-return-path: <lists1@gloomychicken.com>
References: <59554.169.229.38.33.1152721824.squirrel@169.229.38.33>
Reply-to: type3@vwtype3.org
Resent-date: Wed, 12 Jul 2006 10:06:43 -0700 (PDT)
Resent-from: type3@vwtype3.org
Resent-message-id: <mz0gQC.A.rtE.jwStEB@cedant5.abac.com>
Resent-sender: type3-request@vwtype3.org
User-agent: Thunderbird 1.5.0.4 (Windows/20060516)

<x-flowed>Greg Merritt wrote:

Everyone,

One or many AOL users have been reporting type3@vwtype3.org e-mail
messages as junk mail.  This has happened as much as a couple of hundred
times in the last few days.

As a result of this, AOL is getting ready to block 100% of messages coming
from the vwtype3.org e-mail server to any AOL recipient.

Greg,

Do you have any control over the host server, or is it a package? I managed a server a few years ago where someone exploited a weakness in Apache and installed a rootkit on my machine. They didn't do much but install a script that connected to another machine a few times a day and sent spam from my machine. That's how I first found out about it. I got abuse reports and couldn't imagine how they got in. The server was completely locked down except for http port open.

I now use http://www.modsecurity.org/ (mod_security) and it is amazing how many people try to run Apache/IIS exploits on the machines I run (one check of audit_log and you can see all the attempts). There is a ruleset there as well. So just a word of helpful advice to listmembers who might also be running web servers, even having the latest patched release of any http server with all other ports closed off isn't enough.

I think though, that this might not apply to type3.org because if I recall, you're getting full hosting?

Anyway, thought I'd mention it. Another great tool for those of you who keep the ssh port open is "ssh black" at http://www.pettingers.org/code/sshblack.html

It uses iptables to blacklist potential crackers dynamically. Two, three, four invalid attempts (you set the number, along with criteria for invalid attempts -- wrong passwords, bad usernames, etc.) and they're immediately blocked. Much easier than trying to maintain an IP blacklist. I figured the chances of someone breaking in via ssh were pretty slim, but I just hated seeing all those "guesses" in my log files.

Sorry for the off-topic post, but these are just two tools I've found extremely helpful and hopefully they'll help any other server admins on the list to sleep more peacefully...

Aaron


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List info at http://www.vwtype3.org/list | mailto:gregm@vwtype3.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

</x-flowed>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [New Search]