DDOS spam attack on EpiphanyRadio

2006-08-11 02:02:00

Nothing like a nice denial-of-service to end your day. Last night at exactly 9pm CDT, my server was hit by some heavy DDOS spam siege. This site (Fleegix.org), and my Webcast radio station, EpiphanyRadio, are on the box -- along with a couple of other sites.

I still can't quite figure out if it was intended as an attack, or just a botched attempt to send spam for money-making purposes -- but the end result was a several thousand error messages for transient lookup failures filling my inbox, since poor Postfix couldn't keep up with the load. The epiphanyradio.org domain was getting hit by thousands upon thousands of messages to non-existent accounts of first and last names with three random characters in the middle (DonaldxJfWilson, ScottjDqMoore, StephencVoGonzalez, JeffreyrWpHarris, etc.) and it was pounding the box into oblivion.

After yanking epiphanyradio.org out of virtual_mailbox_domains and getting the service back up and running, I did a bit of logfile crunching, and found that there were 3347 unique IP addresses sending me this stupid crap, from all over the world. I guess that's a pretty fair-sized zombie army. I can't help but think it's some pretty amazing technological prowess -- coordinating all those machines to work together that way. Too bad it's deployed in the service of something so totally reprehensible, pointless, and stupid.

It has slowed to a trickle tonight, but I can still see these messages coming in occasionally as I tail the logfile. Somewhere out there are a few sad, unpatched Exchange servers still churning out e-mails uselessly for these spammer idiots trying to pitch their V14gr4, stock 'tips,' or whatever to Edwardu6fHarris, and MatthewntwPhillip, and AnthonyiojLewis, and Stepheni0cYoung, and JoseeUzWright, and ...


This is the blog for Matthew Eernisse. I currently work at Yammer as a developer, working mostly with JavaScript. All opinions expressed here are my own, not my employer's.


Previous posts

All previous posts ยป

This blog is a GeddyJS application.