There are 4 posts tagged Spam (this is page 1 of 1).
When I looked at my calendar yesterday, I noticed that it had a birthday listed for someone called "black girl":
I never added anyone to my OS X Contacts.app with the name "black girl", so I was puzzled as to where that was coming from and how it got on the calendar.
I opened the card for that contact in Contacts.app, here's what I saw: Continue reading
I really hate bounce-back spam! (I call it bounce-back spam, but the official name for it is Backscatter.) I've read, and been told by sysadmins, that there is not much that can be done about it. The Wikipedia page on bounce messages has a little section that explains why:
Excluding MDAs, all MTAs forward mails to another MTA. This next MTA is free to reject the mail with an SMTP error message like user unknown, over quota, etc. At this point the sending MTA has to inform the originator, or as RFC 5321 puts it:
If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path).
This rule is essential for SMTP: as the name says, it's a simple protocol, it cannot reliably work if mail silently vanishes in black holes, so bounces are required to spot and fix problems.
Today, however, most email is spam, which usually utilizes forged Return-Paths. It is then often impossible for the MTA to inform the originator, and sending a bounce to the forged Return-Path would hit an innocent third party. This inherent flaw in today's SMTP (without the deprecated source routes) is addressed by various proposals, most directly by BATV and SPF.
It looks like I'll have to just deal with it. (I could set up filters and such, but then I might miss a real bounce-back and not know that my message didn't go through!) I'm just grateful it comes in waves of a few hours every few weeks instead of non-stop! Has anyone else had to deal with this? If so, what did you do about it?
Wow, spammers are either becoming really desperate or totally creative. Here's a threatening email I received today:
From: [email protected]
To: [ concealed ]
Sent: Apr 23, 2008 13:03
Subject: She has already gone to hospital! ! !Hello, info.
Listen to me carefully, i don't know what your name is, but i'll find you and i'll cripple you, because this is you who tempted her!!!
She has already gone to hospital, you're next, this is evidence: [removed URL in case its virus infected]--
slyder mailto:[email protected]
As you may know, I run my own web hosting business called Akmai.net Web Hosting (soon to be CORBAWeb) and I host about 45 active domains for a small but dedicated base of 15-20 clients. Running a web hosting business is not particularly difficult, especially with software like CPanel (to give the customer easy access to common domain related functions like email, subdomains, etc), WHM (to allow the administrator to control nearly all aspects of running a web server, including DNS, shell access, etc) and WHM.AutoPilot (to assist with billing, invoicing and automatic account creation).
You might be thinking, "if running a web hosting business was so easy why wouldn't everyone be doing it?". Everyone is doing it and that is the reason 90% of the email on the Internet is spam! There are so many inexperienced web host administrators who don't understand the technology behind the software they're using because wonderful applications like CPanel and WHM remove that requirement (don't get me wrong, I love CPanel and WHM). All the people who jump at the chance to run their own web hosting business need to understand there is more to it than just creating accounts and watching your Paypal balance increase -- there is great responsibility that comes with running a web hosting business and there is no room for incompetence.
Let me give you an example. Late this morning my Blackberry beeped to indicate an incoming email. No big deal -- I hear that beep dozens of times throughout the day. But the beeping didn't stop -- it kept beeping as if it was an alarm. Sure enough, I had 12 "Mail Delivery Failed" messages. Then 13. Then 14. After about 40 seconds it was up to over 100 messages. I instantly knew what this meant. Someone, or some thing, was sending a huge number of emails from my web server and the vast majority of those were bouncing back because the recipient email address was invalid. A quick check of the server showed over 20,000 emails had already been sent.
With the help of an on-site engineer, at the data center where my server is located, I was able to track down the origin of the email spamming. It was coming from a mail form installed on one of the domain on my server. The form wasn't anything harmful, and neither was the domain (nor the person who owned the domain), but the mail form wasn't secure. It didn't have any type of captcha installed to prevent a spam bot from submitting endless requests to the script. A spam bot crawling the web for insecure forms found the script hosted on my server and started using it to send a 'Paypal Account Notice' email designed to phish account details from the recipient. I quickly deleted the script from my server and had any remaining messages purged from the mail queue.
This is a perfect example of how incompetent web host server administrators are to blame for all the Internet's spam. If I didn't allow myself to be bothered on my Blackberry with all the "Mail Delivery Failed" messages for my server (including legitimate ones), I wouldn't have discovered this was happening as quickly as I did. Most people simply let those emails drop into an Inbox somewhere and forget about them. If 20,000+ messages were sent out in the 5 minutes it took me to discover and fix the problem, how many messages would have been sent out if I didn't discover the problem for a few hours? Or a few days?
You cannot blame the creator of the mail script, because while the programmer might understand that his script needs additional security before being used in the real world, a web designer will simply upload the script to a web server and expect it to work. This means that there will always be instances where a faulty script is utilized in a malicious way by someone with bad intentions. So who is responsible? The system administrator is responsible. It's his job to make sure everything runs smoothly and there is no room for incompetence. How many web host administrators regularly read their logs for suspicious activity or broken software? I read akmai.net's logs on a daily basis.
Web hosting is not for everyone because many people lack the technical understanding, the competence, and the time required to properly manage a web server. If you're running your own personal web server at home, fine. If you're running your own mail server, I hope you know what you're doing. If you're running a web server that's located in a data center with lots of bandwidth and you're hosting domains, email, and DNS for people you don't know very well, then you'd damn well better know what you're doing and understand the nasty things that exist out there on the Internet. You will be attacked. Be prepared.
