Stop the spam bots from .tw AKA iptables crash course.

by Vid Luther on December 1, 2006

in Uncategorized

I’m noticing a lot of connections and relay attempts from .hinet.net and .tw to port 25, i’m not sure why but my spam filter didn’t block all of these messages, so I noticed about 56,000 messages in my mailq. I had to delete all of them, and come up with a quick way to block all these connection attempts…

First order of business, delete all messages from queue.. (if you use postfix)

postsuper -d ALL

Then, block all connections from the offending ips.. I’m a little pissed right now, so I’ve blocked the entire .tw range..
You can download the script to do this here: Block all incoming traffic from .tw

  • Linda
    I’m a senior citizen, not computer savvy, and probably in over my head. Me and few friends wanted to have a forum for local chit chat. Liked a php forum and got a local computer tech to put it on internet. He threw me in the water as administrator ; but I can’t swim! (he did server stuff). Anyway, today was bombarded with around 15 new members with “crazy names”: Cbgdgvil (gbinaqpo@seafg.com); Jckcjyed; Vikonta (vitekara@bk.u); Loxsmoommal (coldmoumb@babusya.com), and a whole bunch more. They try to become Members but I get an email where I have to approve them. I do not. But then I have to go into Admin Tools and manually delete them all. This is time consuming and I’m sick of doing this every day. I do NOT understand the “ban and unban” words in the Admin Tools. Could someone write out exactly WHAT has to be typed to shut these people out? Am confused with do I use a dash (-) before and after, or do I use an asterisk (*). I want ALL these people from babusya.com, hgfdggfm.com, etc. OUT OF MY LIFE !! (I have sent myself the link I can find this later.) Thank you very much for any help you can give me. Linda, Upstate NY (I am Sooooooooooo sorry! I typed a word wrong in my address to you. Just fixed it)
  • Linda
    I'm a senior citizen, not computer savvy, and probably in over my head. Me and few friends wanted to have a forum for local chit chat. Liked a php forum and got a local computer tech to put it on internet. He threw me in the water as administrator ; but I can't swim! (he did server stuff). Anyway, today was bombarded with around 15 new members with "crazy names": Cbgdgvil (gbinaqpo@seafg.com); Jckcjyed; Vikonta (vitekara@bk.u); Loxsmoommal (coldmoumb@babusya.com), and a whole bunch more. They try to become Members but I get an email where I have to approve them. I do not. But then I have to go into Admin Tools and manually delete them all. This is time consuming and I'm sick of doing this every day. I do NOT understand the "ban and unban" words in the Admin Tools. Could someone write out exactly WHAT has to be typed to shut these people out? Am confused with do I use a dash (-) before and after, or do I use an asterisk (*). I want ALL these people from babusya.com, hgfdggfm.com, etc. OUT OF MY LIFE !! (I have sent myself the link I can find this later.) Thank you very much for any help you can give me. Linda, Upstate NY
  • Catalin Cebuc
    Hello,
    Same problem here,solved it.Great post,thanks for submitting it.
blog comments powered by Disqus

Previous post:

Next post: