Who doesn’t hate spammers?

Who doesn’t hate spammers?

So I finally figured out what’s been slowing down the server that this blog runs on. Evidently, some spammers had been using the sendmail software as a relay for sending out their junk and the volume of spam was slowing down my computer (and my Internet connection). In order to stop the spam, I shut down Sendmail. (I know I could have configured it to make it more secure, but that would have required learning how to set it up etc. and I just didn’t have the time.)

Of course, shutting down Sendmail also shut down comment notifications (since it relied on that to send out those emails), so I had to spend some time figuring out how to get them back. I ended up going with a for-pay email service. I don’t know if it will work out in the long run because depending on how many emails I send out it could get very expensive. If and when I move to a dedicated hosting service (okay, “when”), that should fix that problem but until then…

By the way, in a completely unrelated vein, if anyone would like to click on the “Donate” button at the top left, I would greatly appreciate the help in defraying the costs of running this site.

Oh and thank you all for your patience as I went through the process of upgrading the server and figuring out why this thing was so slow. If it was frustrating to me, I’m sure it was frustrating to you.

Written by
Domenico Bettinelli
7 comments
  • Dom – the notification feature is nice, but is it necessary?  I’d think that most people (myself, anyway) who leave a comment are interested in what others have to say about it, and therefore check back of their own accord.  If one is not interested in the comments (or retorts!) of others to what one has said, an email will be of no interest . . .

    And as to the default status of said notifying emails . . . could you please change it to “opt in” rather than “opt out”?  I spent two days deleting emails in my inbox because I’d forgotten to uncheck the box.

    Anyway, that’s just my two cents’ worth.  And I’m happy to donate to keep your blog alive.

  • You should see the emails I get when the notification is not working. No, people want it and I can understand why, especially in relation to older posts. If someone posts a comment on a thread that’s a week old, nobody will see it. The notification allows people to continue conversations without having to remember exactly which threads they’ve posted in.

    I’ll look into changing the box to “opt in”, although in some web browsers it remebers your last selection.

  • I’m one who appreciates the email notification. But Dom? The ones I got today actually had the comments in them. The only reason to come to the site was to verify who authored the comments. I think it better for the hit level on the site is to, if possible, revert back to the entry title and URL.

  • There are a couple of ways you can secure sendmail.  Probably the easiest is to leave it running as before, but adjust your router so that it no longer lets port-25 traffic come in.  sendmail will still be able to send mail outbound.

  • Kelly: Thanks for pointing that out. Fixed.

    RC: I’m running the server behind a router and the only port that’s open is for http, port 80. As I understand it, on most routers unless you specifically open a port it’s closed.

  • OK; then let’s suppose that they exploited your system through the port-80 interface. 

    The web server’s running some pretty old software versions:

    Apache/1.3.26 (Darwin)
    LittleDutchMoose/v10.1(Build 2A53)
    PHP/4.1.2
    DAV/1.0.3

    Does the web server log show a pattern of activity at the times when the mail server log shows the outgoing spams?

Archives

Categories

Categories