[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] serious help

Subject: [cobalt-users] serious help
From: "Joi" <joi@xxxxxxxx>
Date: Thu Jan 6 10:49:02 2000

My server is being dragged down by someone in China.

Last week, s/he sent several thousand emails with nobody@xxxxxxxxxxxx as the
reply address, causing me to receive (I own nodomain.com) nearly 20,000
emails (mostly from mailer daemons).  Towards the end of my cleanup, I
noticed that s/he was also aparently relaying through my SMTP service (which
I thought I had set to only allow SMTP connections on port 25 from certain
IPs.  I've put his/her IP in the DENY list, but that seems to be the only
way to slow it down (until they move on to another computer on the same
network).

I've emailed the network administrator there to no avail.  Perhaps he does
not speak English (I can't speak Chinese), or perhaps he's ignoring me.
In any case, I would love to block out the whole class C.  How do I do this
from the Admin panel, and more importantly, how do I do this in the actual
server files?  (I don't trust the admin panel at all).

Also, I noticed a couple connections to other ports (1039 and 1110 (TIME
WAIT)).  Are they portscanning me or am I just paranoid?

Thanks
Joe Colburn

------
http://www.nodomain.com   http://www.g0th.net

Follow-Ups:
- RE: [cobalt-users] serious help
  - From: Dan
- Re: [cobalt-users] serious help
  - From: Jeff Bilicki
- Re: [cobalt-users] serious help
  - From: Nikolas Samios
- Re: [cobalt-users] serious help
  - From: Nikolas Samios

Prev by Date: Re: [cobalt-users] Miva?
Next by Date: Re: [cobalt-users] Majordomo
Previous by thread: [cobalt-users] unable to login to raq2
Next by thread: RE: [cobalt-users] serious help

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index