Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Spamming ...
  • From: Robert Klein <RoKlein@xxxxxxxxxx>
  • Date: Fri, 1 Mar 2002 09:56:59 +0100
  • Message-id: <E16ghrX-0006Zk-00@xxxxxxxxxxxxxxxxxxxxxxxx>
Hi,

> Since some days I get Returned Mails from unknown mail-users
> which seems that someone is spamming from our machine.

> But when i analyze the header of the original mail i fin a
line:
> >> Received: from 210.97.42.1 (HELO scc.co.at)
> >> (210.97.42.1) <<
>
> Although the IP of scc.co.at is 193.81.182.39
>
> The IP 210.97.42.1 will change permanently when reading other
> similar mails.

210.97.42.1 is in an address range (210.97.42.0 - .63) that
belongs to a Korean elementary school. (whois <ip-address> is
your friend, here.

> My questions:
> 1) Is it possible that someone beoke into our machine and sent
> this mail directly over scc.co.at

Don't think so. Open relaying is denied at that server, but
it's probably been hacked...

> 2) What can I do to stop those spammers ...
Shoot them? There's probably someone out there to annoy you big
time. You could go and ask the admins of the originating
servers to try to get hold of them (in case their server's been
hacked, things like, connection times from "foreign" computers
and stuff. So you can trace back them to their ISP, if enough
people are willing to cooperate. Don't be surprised if it's
someone living round the corner...

tired,
Robert

< Previous Next >
References