AC Capehart/DDOS via email?

Created Tue, 12 Apr 2005 01:56:38 +0000 Modified Mon, 22 Mar 2021 01:42:32 +0000
478 Words

I always get a lot of spam attempts. I assume everyone does. But lately, it’s been insane. In my current mail log (which begins on April 10 at 4:00 AM) I have all sorts of entries like:

`I always get a lot of spam attempts. I assume everyone does. But lately, it’s been insane. In my current mail log (which begins on April 10 at 4:00 AM) I have all sorts of entries like:

`

Where all of the “to” usernames are gibberish like that. It has slowed my mail server to a crawl. Legitimate mail coming in and out of accapehart.com has a hard time getting through. My first thought was that it must just be a couple of spam hosts really trying to get their email to me. I figured I could just use the firewall to block those IPs and be done with it. So, I did a…

``I always get a lot of spam attempts. I assume everyone does. But lately, it’s been insane. In my current mail log (which begins on April 10 at 4:00 AM) I have all sorts of entries like:

`I always get a lot of spam attempts. I assume everyone does. But lately, it’s been insane. In my current mail log (which begins on April 10 at 4:00 AM) I have all sorts of entries like:

`

Where all of the “to” usernames are gibberish like that. It has slowed my mail server to a crawl. Legitimate mail coming in and out of accapehart.com has a hard time getting through. My first thought was that it must just be a couple of spam hosts really trying to get their email to me. I figured I could just use the firewall to block those IPs and be done with it. So, I did a…

``

(the cuts were just to pull out the ip address where the connection was coming from. Given that I ended up WC’ing, the “sort” was unnecessary.)

But I learned that there are 15,848 UNIQUE hosts trying to send email to accounts that don’t exist on my machine. I pulled out the “sort” and “uniq” to see how many attempts…

239,188 messages deliveries have been attempted to bogus usernames at accapehart.com since yesterday morning at 4 am. It’s a 600Mhz celeron handing mainly web, mail and dns services for my vanity domain (and my wife’s).

Is anyone else seeing this kind of activity? Does anyone have any suggestions for curbing it?

Thanks!

-AC