>We've had someone spamming / attacking our network last night / today.
>We finally tracked it down. They were "relaying" off of a formmail script
>on a website.
Ah, yes. That's nasty stuff, the modern version of yesterday's open
relay. Formmail and proxies.
>I've since blocked the IP addresses being used and so far, so good.
Until the next spammer uses it.
>Anyone see this kind of abuse / attack / "relay" before?
Yes, it's quickly becoming very common.
>Any good way to block the abuse of someone's formmail or other script?
I'm not familiar with the formmail script, but I've heard that the latest
version prevents this problem.
>Also, I've tracked this down to a provider in Virginia. Don't they have
>some tough
>laws down there? Anyone familiar with it and what can realistically be
>done there?
Does "tracked down" mean that the web logs show an IP of an ISP in
Virginia? If it is a dialup user of theirs, you're lucky -- you just have
to produce a subpoena and you'll get the contact information the user
provided (if any), which is likely fake. If you're not lucky, the IP is an
open proxy of some sort, and the spammer was coming from another location.
The easiest way to really track them down is to look at some of the spam,
and track them down the same way you would if you were buying their wares
(which will lead you to a PO box, a street address, a phone number, a
merchant account, etc.).
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
