We all complain about it. It bombards our mailboxes and we all would love to get rid of it.
You might think the people behind servers like ISP’s and server administrators like me don’t do a thing…
But know this spam issue is becoming a big problem, not only for you, final users, but also for the people transporting this crap to your mailbox.
We have known about this phenomenon for so many years and still, it is getting worse and worse. And we all try to avoid it.
As a little idea the following screen-dump is mail traffic on a server I manage. It is a low traffic server with not to many accounts, none known to be a problem and the stats are what is coming in the server, not what is generated as mail from the server, clearly spam coming from the outside world to accounts on the server
at the moment I took the stats, the exim server for mail processed 799 mails, no viruses seen but only 105 mails were not detected as spam, leaving 78,8% as high scoring spam (above 20) and 8% most probably spam (above 5).
I use on this linux driven server a combination of Exim as mail server, Spamassassin and Clamav (antivirus), all this managed trough a most easy and performing script called Mailscanner. A few days ago I had to tweak it a lot to stop the overwhelming amount of new spam type. you know those spams with text embedded in images. All traditional spam scanners fail since most just use algorithms looking for keywords. And if there are to many from these words, it is set as spam. But images can’t be scanned in this way…
All this shows you that a huge majority of mails traveling around the world is spam, on this server it is near 87% of mails. Multiply this by x and imagine how many mails are processed daily by servers worldwide … for nothing. I had a discussion lately with people managing data centers (big boys) and how this is affecting servers. The computer power needed to try to clean as much as possible of this crap so it doesn’t reach your mailboxes. What would happen if we all stopped to clean… in many cases your mailboxes would reach maximum quota daily… stopping mail coming in… you cleaning each day out hundreds of junk mails..
Just about impossible for each of us. Many of you have already spam scanners on your local machines since you’re as annoyed as we are and filter incoming straight to trash or special directory… but keep in mind you see just a few percent of what was really coming your way. Sometimes you wonder why accounts or internet connectivity is costing so much… this is one of the reasons. The servers needed to process all this spam have to be more and more powerful… and someone has to pay the bill… as usual the final user.
Now we ask ourselves, where does all this spam come from ? On a general note 2 camps. Servers that are badly managed by non professional people that are wide open to abuse. THis has been for long an issue but cooling of. Hiring a server in a datahouse to host or fool around is cheap these days. Even if you didn’t do stupid things, you have an insecure script, not latest patches to secure the os etc… a server is quickly compromised if you don’t have your nose in it all the time to keep all holes closed. A script I always keep on very close watch and that is very popular is PHPBB… there are so many add-ons that are so poorly scripted…. easily used to create a hole in a server trough which nasty things can happen like sending spam.
Here is a list from Cpanel (much used hosting software) and how they categories common scripts ad their security
I can tell you that these days data houses keep close eyes on servers and if they feel it is an origin of spam or illicit usage, they are quick to turn the button off and often without warning. It still happens that servers are abused but in many cases it doesn’t take long to get closed down.
We can then ask, if those servers aren’t online enough to spit out all those spams, where do they come from ?
Your desktop computer ! Yes, believe it or not.. local computers are hijacked
High-speed Internet access is now available to most people throughout the world, many of whom have DSL, cable modem hookups, and other methods of high-speed Internet access to their own home personal computers. Unfortunately, most of these personal computers are connected directly to the Internet and are not well-secured–leaving them open to attack and exploitation.
Many spammers have discovered that a single personal computer, probably much like the one you are using to read this message, can (in the hands of a spammer) be transformed into a powerful email spam-delivery server capable of delivering hundreds of thousands of email messages per hour. Because of the great number of personal computer systems that are connected to the Internet, and because more are being connected every day, spammers are often able to “hop” from one personal computer to the next. In some cases, spammers exploit dozens of systems at the same time to continue delivering spam across the Internet.
The problem of unprotected personal computer systems continues to grow each day. Protecting against spam and other malicious use from these systems also continues to grow more challenging.
And just to show you where most spam comes from
Taken from Spamhaus organisation Some say they are overdoing it… That’s another debate.
What can we all do home :
install a hardware or software firewall and set the connection stealth. This is preventing from robots to detect your computer.. the hackers won’t find you..
install an antivirus if you’re on Microsoft products and set it to highest security level and set automatic updating at least daily. Linux and MacIntosh are not targeted these days but with the increasingly usage, sooner or later they will also need tighter anti virus systems.
install anti adware, that’s another nasty way to install backbdoors.
And never ever let any program install a script without you knowing about it and approving it.
If we all do our cleaning, then hackers/spammers will have less sources to send out spam. Server admins will continue to do their best to clean most out before it reaches your box, but if we don’t stop the sending… they’ll never be able to cope with the massive amount of spam.
Similar Posts:
- ConfigServer Security & Firewall
- PHP 5.2.0
- Server move
- To Digg or not to Digg for traffic?
- MacLockPick : Crack a MacIntosh with a simple USB stick
Good article. You mention firewalls in your text and I just want to warn people not to put too much trust in them. They’re important to have, but always assume they’ll be breached and have secondary security measures. That’s why it’s important not to put external services behind a firewall with private computers. If the service has a security hole, all the private hosts are now vulnerable. I’ve written more about this on my firewall placement page.
Hey Brian,
read your article, good stuff in there and some comments are also revelant.
Running a firewall on each server in a lan network is something I’d say is basic good sense. Having an extra independant firewall box between your lan and wan is another one if you can pay it. It is true when you have heavy traffic a firewall can become a load to much for a server. If the outer wall already filters out crap, pings, ddos etc… your lan firewalls just have their basic work to do in a lazy manner.
As I always say, there is no OVER protected machine, wan or lan. Once you open it to the outside via a network, wan or lan.. it is open to attacks, malicious code etc.
And many don’t belief it till they have their machine down… as usual, most learn the hard way
Here at work we have multiple layers to the wan but didn’t have much for the internal nertwork, till… someone popped in a usb key with a virus (not intended) and apocalyps started
one thing good, we didn’t infect the outside world since the layer prevented to spread to wan… but heuu who cared with over 100 machines to clean 
infected….
That reminds me of another item! My corporate firewall includes rules to block outgoing SMTP traffic unless it is being sent via a trusted email server. That prevents mail worms that include their own SMTP engine from being able to spread outwards. I wrote this up in a new email egress rules article.