Holiday Attacks and Spam

This article is from last year, but it still holds true. The holidays are crazy with infrastructure attacks. Read my synopsis from OG Consulting - http://www.og-consulting.com/2006/12/22/fighting-the-good-fight-against-...

This year, I am noticing the spammers have gotten really smart. I see emails slipping through the filters, and I almost have to applaud them. "Way to go, bravo." They are simple, short, have maybe one link and have subtle and sometimes relevant subject lines. I got one the other day that had a Thanksgiving theme. Inside was a viagra, abilify or some sort of pharmaceutical spam.

From my perspective, we are protected from nearly all attack emails, exe attachments, links to trojans, malicious javascript, viruses, etc., but a few errant text only ads do slip through. I won't worry too much about them, but I still do my best to minimize these annoying pests.

On the server level, I've seen a marked increase in the past couple of weeks. I've taken precautions by:

  • Making sure all software is upgraded and/or patched, and locked up tight (as usual)
  • Flushed the spamassassan bayes database (which was so large it was dragging things down). You will notice that even though spamassassin expires records, bayes_seen never diminishes in size. This seemed to have an impact on mail scanning efficiency. I noticed that things were running slow, and once I reset bayes_seen, spamassassin ceased to bog down.
  • Upgraded subscriptions to updates.spamassassin.org. These are the updated spam checking rules that are maintained on spamassassin.org. Howto is linked here
  • Created a few custom rulesets to more closely match the profile of a typical Altamente client email.

As is usual, these times of fun and merriment for most people seems to have a inverse effect on us sysadmins. The spammers and hackers are out there, but don't worry, we are here keeping the barbarians at the gate, protecting you and your business so you can get your work done. We love that.