Date: Wed, 30 Apr 2014 00:29:40 +0000 From: David Joyce <davidj@softcom.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Spam to list participants (from openhosting.com & softcom.com) Message-ID: <3af52f184cc94a02946d36dd7e259d71@CorpEX01.ad1.softcom.biz> References: <20140430073351.4383f0d2@X220.alogt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Erich,=0A= =0A= I occasionally read this list and use FreeBSD once in a while.=0A= =0A= Unlike that other provider we didn't just block a couple IP addresses.=0A= We identified all servers purchased using similar information and shut=0A= them down once we were made aware of the issue.=0A= =0A= I did receive some spam messages after my post here, originating from=0A= another hosting provider.=0A= =0A= Unfortunately I can't provide too much information, but when looking at=0A= the servers I found no obvious botnet traffic. There was no evidence=0A= that the server was compromised. It appears the person who ordered the=0A= server installed a PHP based application that was creating MySQL=0A= connections to an Amazon AWS server, likely to obtain lists of fresh=0A= email accounts to spam.=0A= =0A= Again, if you notice any other of our servers involved in this, please=0A= let me know by emailing abuse@myhosting.com so that I can do a more=0A= detailed analysis and disable them as soon as possible.=0A= =0A= Best Regards,=0A= David=0A=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3af52f184cc94a02946d36dd7e259d71>