On Aug 13, 2007, at 9:03 AM, Charles Mangin wrote:
since i took over hosting, all of these dictionary-style spams have
been going nowhere, being rejected out of hand with "<<< 550
Unrouteable address". i know i can't do anything more than ignore
them and hope they will move on to some other target but... sheesh.
six months? with nothing to show for it? you'd think there'd be
some sort of list purging in all that time.
Well, you can do something about it, you can blacklist IP addresses
that send too many bad messages where too many is a number you chose.
Depending on your OS, there are various choices. I am away from my
main computer, but the one I used is called something like denyrbl
and it blacklists server that send more than 100 bad addresses in
under 20 minutes for, iirc, 1444 minutes. The blacklist is at the
hosts.deny level, so the machines are prevented from connecting AT
ALL (on any port).
It's fairly easy to do, and you can do it yourself by simply parsing
the logs for hosts with a high reject count and adding them to
hosts.deny.dos and then adding
ALL: /var/tmp/hosts.deny.dos : deny
in /etc/hosts.allow (near the top).
This assumes a UNIX based system like linux, FreeBSD or OS X, naturally.
Just be conscious that you set a fairly high limit, depending on your
server's volume, or you might find yourself accidently banning large
ISPs.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
