Big drop in SPAM volume?
traced
traced at xpear.de
Mon Nov 24 23:16:29 GMT 2008
Hi,
all my boxes are running ssh with changed port, an as good as no tries
to break in.
Regards,
Bastian
Drew schrieb:
>
>
> On Mon, Nov 24, 2008 at 2:55 PM, Scott Silva <ssilva at sgvwater.com
> <mailto:ssilva at sgvwater.com>> wrote:
>
> on 11-24-2008 1:56 AM Ronny T. Lampert spake the following:
> >> Hi,
> >>
> >> Is anybody else seeing a big drop off in SPAM volume over the last
> >> week or so? or is it just me?
> >
> > I'm down to "more normal levels" on
> >
> > - total connections
> > - RBL blocks (= 50% of total connections for last 3 hours)
> > - "is spam" by MS (down by about 20%).
> >
> > No way in hell we should allow McColo to go live again.
> > But then again it's only Monday morning so spammers might wake up
> later...
> >
> > Cheers.
> Trouble is, there seems to be other ways to get a block back up,
> even if for
> only a short time. If they manage to do this, the bots will get new
> code and
> come back. What is needed is for someone in power to take this block
> for a few
> weeks and log all systems that try and get instructions, and trace
> them back
> through the ISP. Then the ISP needs to inform those users they are
> infected.
> But it won't happen since someone will have to foot the bill.
>
> One thing I *have* noticed since spam volume dropped is a huge increase
> in ssh attacks, and not just on mail servers. I'm pulling information
> from close to 500 systems when I say "huge" - I'm talking about nearly
> 1000 attempts per machine per day. Whoever is doing it is smart enough
> to be using many many IP addresses from all over the world, and just
> making a few attempts from each IP, then backing off to keep automated
> firewall add/remove tools from blocking too many attempts. Anyone else
> noticed this?
>
More information about the MailScanner
mailing list