Big drop in SPAM volume?

traced traced at
Mon Nov 24 23:16:29 GMT 2008


all my boxes are running ssh with changed port, an as good as no tries 
to break in.


Drew schrieb:
> On Mon, Nov 24, 2008 at 2:55 PM, Scott Silva <ssilva at 
> <mailto:ssilva at>> wrote:
>     on 11-24-2008 1:56 AM Ronny T. Lampert spake the following:
>      >> Hi,
>      >>
>      >> Is anybody else seeing a big drop off in SPAM volume over the last
>      >> week or so? or is it just me?
>      >
>      > I'm down to "more normal levels" on
>      >
>      > - total connections
>      > - RBL blocks (= 50% of total connections for last 3 hours)
>      > - "is spam" by MS (down by about 20%).
>      >
>      > No way in hell we should allow McColo to go live again.
>      > But then again it's only Monday morning so spammers might wake up
>     later...
>      >
>      > Cheers.
>     Trouble is, there seems to be other ways to get a block back up,
>     even if for
>     only a short time. If they manage to do this, the bots will get new
>     code and
>     come back. What is needed is for someone in power to take this block
>     for a few
>     weeks and log all systems that try and get instructions, and trace
>     them back
>     through the ISP. Then the ISP needs to inform those users they are
>     infected.
>     But it won't happen since someone will have to foot the bill.
> One thing I *have* noticed since spam volume dropped is a huge increase 
> in ssh attacks, and not just on mail servers. I'm pulling information 
> from close to 500 systems when I say "huge" - I'm talking about nearly 
> 1000 attempts per machine per day. Whoever is doing it is smart enough 
> to be using many many IP addresses from all over the world, and just 
> making a few attempts from each IP, then backing off to keep automated 
> firewall add/remove tools from blocking too many attempts. Anyone else 
> noticed this?

More information about the MailScanner mailing list