January 2, 2008
Restoring security and function to my mail and websites
OK. Here’s the story as I now know it.
- monash.com was hit by a massive mail-bomb Christmas Eve. My email and websites went down for a while as a consequence. What’s more, with a flooded mail queue, there were further mail problems through at least 12/28. Some mail bounced, and other mail that appeared to go through was lost forever. If you’ve mailed me since 12/24 and I haven’t answered, please send again.
- The mail-bomb paved the way for an injection of some malware. I started noticing possible trojans on monash.com 12/31. Melissa Bradshaw, my stellar web designer, noticed Javascript that she hadn’t written, both on monash.com and dbms2.com. So far as we could tell, standard anti-malware client protections were sufficient to keep any trojans from being successfully downloaded to clients.
- My very attentive web hosting company, Dimension Servers, is rebuilding its Linux kernel accordingly. Scheduled downtime for all my sites and mail is midnight to 3:00 am Eastern tonight, but that’s obviously just a rough estimate. Company president Jonathan MacAllister telephoned me to tell me this personally, notwithstanding that his wife delivered a baby by emergency C-section today. (Wife and baby are OK!)
- Jonathan also told me that after the attack, he bought a Cisco appliance. Every web hosting company needs to do that, as appliances are much more efficient at dealing with overloading attacks than the servers themselves. Cisco was a brand choice pretty much dictated by his remote data center.
- David Ferris and Richi Jennings have convinced me to move monash.com email to Google’s free mail hosting service. This is what they’re doing with ferris.com mail and all of Richi’s domains as well. NO analysts are more reliable on email than David and Richi. And hosting is surely no exception, as David and I did a research project together some years ago uncovering the Critical Path sham.
- The net effect of that move will be that monash.com and dbms2.com have their email managed quite separately, so if you can’t get me at one, please try the other. Generally, if you don’t know me you should write to monash.com, and I’ll probably write back from dbms2.com.
- I’ll post about all this again after things seem to have worked out, possibly over on the Monash Report.
Happy New Year,
CAM
Categories: Spam and antispam
Subscribe to our complete feed!
Comments
2 Responses to “Restoring security and function to my mail and websites”
Leave a Reply
I’ve been a subscriber to Text Technologies for several months and just recently added DBMS2. Relevant to your second bullet on malware, a colleague experienced a winrsya.exe trojan after I recommended a recent DBMS2 blog entry to him. Fortunately, our antivirus software discovered and quaranteed the file. Good luck cleaning up your site. I would like to feel comfortable recommending your content again.
The operating system recompile happened last night, and things seem cleaned up now. This particular vector of attack also won’t succeed again, for three separate reasons (better patching, appliance protecting against mailbombs, and the targeted domain being moved to Gmail anyway).
Thus, I think all is safe now — but PLEASE let me know if there are any further difficulties!!!
Thanks,
CAM