Spam and exploit scans are out of control

  • Thread starter Thread starter graphic7
  • Start date Start date
  • Tags Tags
    Control
Click For Summary

Discussion Overview

The discussion revolves around the increasing issue of spam and exploit scans targeting mail and web servers, with a focus on the prevalence of these attempts from specific geographic IP ranges, particularly in Asia. Participants express concerns about the effectiveness of ISPs in addressing these issues and share their experiences with server security.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • One participant reports over 50 relay attempts through their mail server, primarily from Asian IP ranges, expressing frustration over ISPs' lack of action.
  • Another participant questions whether Asia hosts more proxy servers than other regions, noting that they have found Asian proxies to be more anonymous and secure.
  • Several participants express a preference for Apache over IIS, citing security vulnerabilities associated with IIS and discussing their own server configurations.
  • One participant mentions that they are being probed for IIS vulnerabilities without actually running IIS themselves, indicating ongoing security concerns.

Areas of Agreement / Disagreement

Participants express varying opinions on the effectiveness of ISPs in handling abuse reports and the security of different server types. There is no consensus on the best approach to mitigate the issues discussed, and multiple viewpoints regarding server preferences and the nature of proxy servers are present.

Contextual Notes

Participants reference specific geographic IP ranges and server types, but the discussion does not resolve the broader implications of these observations or the effectiveness of proposed measures.

Who May Find This Useful

Individuals interested in server security, network management, and the implications of geographic IP usage in cybersecurity may find this discussion relevant.

graphic7
Gold Member
Messages
450
Reaction score
2
I woke up this morning, and I noticed I had over 50 attempts for relaying through my mail server (mostly from Asian net ranges). I feel strongly that this has gotten out of control, and I wish I could report the individual IPs to their corresponding ISPs, knowing they would take the appropiate actions. As we all know, ISPs are very, very lazy when it comes to customer abuse. Bellsouth, for instance, still uses a real-time blacklist that, as the author says, should no longer be used, and encourages people to contact their respective ISPs and alert them that the blacklist is no longer maintained.

To add more grunts and groans, I checked my web server logs and noticed a ton of IIS exploit attempts (isn't Code Red over?). This, I believe, is more serious than spam, and actions should definitely be taken against this garbage; however, ISPs are lazy.

The only protective measure I've been able to implement is filtering out the netranges (three Class A's and a few B's and C's - all Asian).

:devil: :devil: :devil:
 
Computer science news on Phys.org
You mention the IP ranges mostly coming from Asia, isn't Asia the host to more proxy servers than another other place? I know the few times I've used a proxy, they were located all throughout Asia. Also, I noticed most of the Asian proxies are far more anonymous and secure than those in Europe and the United States.
 
IIS? It will take me only a few seconds to tell you why i would never have IIS as my webserver. I'm straight-up apache. Hey, Cod since you live in Georgia could I send you a private message regarding colleges in Georgia?
 
Cod said:
You mention the IP ranges mostly coming from Asia, isn't Asia the host to more proxy servers than another other place? I know the few times I've used a proxy, they were located all throughout Asia. Also, I noticed most of the Asian proxies are far more anonymous and secure than those in Europe and the United States.

Even more of a reason to block the Asian netblocks.

cipher said:
IIS? It will take me only a few seconds to tell you why i would never have IIS as my webserver. I'm straight-up apache. Hey, Cod since you live in Georgia could I send you a private message regarding colleges in Georgia?

I'm aware of IIS's flaws. In my previous post I never said I ran IIS. I merely stated that I'm being constantly probed for IIS security vulenerbilities.
 
ok graphic7, good to know that you don't run IIS.
 
cipher said:
IIS? It will take me only a few seconds to tell you why i would never have IIS as my webserver. I'm straight-up apache. Hey, Cod since you live in Georgia could I send you a private message regarding colleges in Georgia?
Sure buddy. I'd be glad to help you in any way possible.
 

Similar threads

  • Sticky
Physics Forums Global Guidelines
  • · Replies 2 ·
Replies
2
Views
507K