RMFO-Blogs.com Mailbombing Causing Server Slowness
A spammer is performing a botnet-based spamming attack on various non-existent addresses on rmfo-blogs.com right now, and that’s causing significant load on the server. It’s not thing that the server can’t handle, but it is working extra hard, and so other services may be slow. Because of the distributed nature of this mailbombing, there’s really no way to ban specific IP addresses and have that solve the problem for us.
Oddly enough, I’m not sure that there’s ever been a legitimate email address on rmfo-blogs.com.
February 9th, 2008 at 9:49 am
Firewall port 25 from any internet address.
February 9th, 2008 at 11:13 am
I’m unwilling to inconvenience all other users when I don’t have to. If I could firewall it on that specific IP address, I would.
I might be able to do that with iptables. I’ll try and figure it out.
February 10th, 2008 at 4:36 pm
Hey Geof,
If you aren’t using that domain for mail, why not just delete the MX record(s) for that domain in your DNS?
February 10th, 2008 at 4:41 pm
The NOC suggested that I just set it to 127.0.0.1.
They’re as evil as I am.
February 10th, 2008 at 8:18 pm
haha…that’s classic. I’ll remember that one. I would have done something like setting it to 1.2.3.4 or something like that, but probably wouldn’t have come up with the 127.0.0.1 idea.
February 10th, 2008 at 8:44 pm
Given that this is a distributed attack, it won’t do TOO much, but it’ll at least stop the incoming.