Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Spam e-mail (=Windows Holes) is costing companies (even if they only use Linux)

  • Subject: Re: Spam e-mail (=Windows Holes) is costing companies (even if they only use Linux)
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Wed, 02 Aug 2006 11:06:34 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / ISBE, Manchester University / ITS
  • References: <1154512679.353922.299940@s13g2000cwa.googlegroups.com>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Wednesday 02 August 2006 10:57 \__

> Quote:
> ---------------
> To the list of unpleasant Monday happenings - answer the alarm clock,
> face morning traffic, trudge into the office - you can add one more
> chore.
> 
> Delete the weekend spam from your e-mail.
> ------------------
> End quote
> 
>
http://www.naplesnews.com/news/2006/aug/01/brent_batten_spam_email_costing_companies/?local_news
> 
> The vast majority of spam comes from compromised Windows machines.

This morning I had a clogup in my mail server. It turns out that Windows
zombies had my account exceed its limit in just one week, so no mail for 4
days. I thought 30 MB per week would suffice for a SPAM vacuum, but Windows
botnets only grow, with bandwidth limits becoming more generous, or
inexistent. I can't help but feel that Windows is costing me a lot of time.
I also reported the following this morning...

__/ [ canadafred ] on Wednesday 02 August 2006 06:01 \__

> Roy Schestowitz wrote:
>> I would generally hate to turn away legit crawlers, but a particaulr
>> address ( sls-gc8p11.dca2.superb.net ) has been harvesting one of my sites
>> for 4 days, taking up about 300 MB of pages per day. What can it be? Using
>> HTTP on that address gives the default Apache installtion page. Should I
>> just block all such mysterious requests? Any idea what it might be?
> 
> This web site exists. It is weird though. It says stuff about the
> Apache server being installed correctly?
> 
> http:// sls-gc8p11 .dca2. superb.net/


__/ [ Stacey ] on Wednesday 02 August 2006 06:16 \__

> From the looks of this
>
http://www.google.com/search?hl=en&lr=&rls=GGLG,GGLG:2005-40,GGLG:en&q=%22sls-gc8p11.dca2.superb.net/%22
> I would block it.
> 
> Stacey


Reported to ISP

,----[ Snippet ]
| The following hostname launches SPAM attacks on guestbooks and
| mass-spidering of pages (akin to DDOS attacks).
| 
| sls-gc8p11.dca2.superb.net
| 
| If you need more details, let me know.
`----


It remains to be seen if it's a compromised Windows box that is /passively/
used for spamming.

Subject line aptly modified.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index