Well, said, Indigo!!
We configured my friends server, running Apache, to log any and all traffic,
and on our latest review of
all the log files we ran across everything from virus to DDoS bot attempts.
Some even re-configured themselves to return to a different port within
seconds, trying a littany of port settings. Roughly 70% have come from UAE,
China and South America.
Apache has its own firewall, but we also run a second before the router. I
consider we have been lucky so far in catching all attempts, but that may
not last long.
Indigo is totally correct.
Tom bennett
----- Original Message -----
From: "Indigo Nights" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Saturday, September 07, 2002 2:40 PM
Subject: Re: sent virus
> And I may as well update Tom and the rest of you with
> the latest info learned.
>
> For months, I was being sent those cyber bombs and had
> a few candidates as to whom it might have been. Seems
> to me, after doing more research, I was wrong.
>
> Tom is correct. The virus that is going around masks
> the name of the sender.
>
> HOWEVER, with that said, and with the intention to NOT
> insult anyone, here is what was happening to me as a
> list owner.
>
> I kept getting attempts to bomb me cyberally for
> months. I use virus protections on the computers I
> use AND I use an interface for any email program I
> use. To compound my protections, I IMMEDIATELY sort
> my mail by size (largest to smallest) and I resort
> several times while I'm going through mail. In this
> way, I can usually spot the virus attempt. The virus
> usually appears as a note (at least in Yahoo) of about
> 122K (plus or minus).
>
> The other day, I received one abnormal in size. Not
> knowing from where it was coming or if it were just a
> long winded friend, I clicked (again using computer
> virus protections and an interface). Sure as heck, it
> was that same stupid pattern.
>
> This time, I got smarter about it. I checked the long
> headers. Since I had already clicked, and if the
> demons COULD get to me, the damage was already done, I
> clicked on another I had already trashed.
>
> In both instances, the notes came from the same sender
> and it came from a free email domain site.
>
> I attempted to use the automated complaint feature on
> that email site. It turns out that the party in
> question uses a free email service that allows people
> from all over the world EXCEPT the US, United States,
> or America to use their service, and country is a
> required field, with the above names omitted from
> their pull-down menu. I tried to then cheat and say I
> was from Canada. It still wouldn't take my note.
>
> I will tell you now that the domain in question came
> from the United Arab Emirates.
>
> I hate war and contention. I hate it when people are
> at odds with one another.
>
> In the era of the computer, the wars are being fought
> in a different fashion. We saw the cyber attacks on
> commercial sites when the plane went down in China.
> There was a long-standing cyber war on both sides of
> the firewalls.
>
> Now the sabers are being rattled again. 9/11 quickly
> approaches, and the memories of the attacks will not
> soon be forgotten or will the war against Al Qaeda.
>
> I do not intend to turn this into a political
> discussion. I do not intend to say one side is good
> and the other side is bad. But Al Qaeda is reported
> to be heavily using technology in its efforts to
> combat what it considers to be the enemy, and there
> are cells everywhere as the news is quick to report.
>
> I don't like the virii. I hate having to be so damned
> cautious. But the museums list is an open forum to
> which any can join (and should for the free exchange
> of information). We should be able to celebrate our
> samenesses and explore and learn about our differences
> in peace. But civilization has only had something
> like 250 years of uninterrupted warfare (or so I read
> last week sometime), and perhaps (wo)man is incapable
> of being a peace loving society for long.
>
> Do what you can to protect yourself and your computer.
> Do make backups regularly. Update your virus
> protections. Just know that cyber terrorists are
> always inventing new and improved ways to get to the
> unsuspecting, and ultimately, we may not able to stop
> them.
>
> I asked Yahoogroups to block the domain in question.
> While I did not get a response from them, the very
> next day, I lost an unprecedented 12 members in the
> count, with only two unsubs and an equal or greater
> number of ads. Not only that, but I was temporarily a
> hard bounce on all lists til I resubbed myself. I
> believe they acted on my request.
>
> Therein lies the rub. Spammers and terrorist may just
> reinvent themselves over and over again on the same
> domain, and the only way to block
> them--temporarily--is to block the domain.
>
> The SOB that has been sending them to me has been
> willful. These were not just oops, the virus got
> volleyed from Tom with Roy's name on it.
>
> So be cautious, and let's hope there is peace and
> cyber tolerance in the days ahead.
>
>
>
>
> --- "Tom D. Bennett" <[log in to unmask]> wrote:
> > A note to all:
> >
> > depending on the virus it could have been sent from
> > anyone, anywhere. Many
> > of them are spread through a person's addressbook,
> > so that if you are in
> > another's addressbook, you may well be getting it
> > from them without their
> > knowing it. Pretty devious stuff.
> >
> > If you want to check your machine for free online at
> > any time, just go to
> > http://housecall.antivirus.com/
> > This is Trend Micro's site and it does an excellent
> > job. You can use it as
> > often as you like.
> >
> > Also, just because you have a Mac doesn't exempt you
> > from virus infection,
> > so don't let yourself be lulled into a false sense
> > of security!
> >
> > Tom Bennett
> > Exhibit Support, AK
> > [log in to unmask]
> >
> >
> =========================================================
> > Important Subscriber Information:
> >
> > The Museum-L FAQ file is located at
> > http://www.finalchapter.com/museum-l-faq/ . You may
> > obtain detailed information about the listserv
> > commands by sending a one line e-mail message to
> > [log in to unmask] . The body of the
> > message should read "help" (without the quotes).
> >
> > If you decide to leave Museum-L, please send a one
> > line e-mail message to [log in to unmask]
> > . The body of the message should read "Signoff
> > Museum-L" (without the quotes).
>
>
> =====
> Indigo Nights
> [log in to unmask]
>
> Looking for a Job? Try Got Links?, Your One-Stop Portal
> http://victorian.fortunecity.com/stanmer/414
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
>
> =========================================================
> Important Subscriber Information:
>
> The Museum-L FAQ file is located at
http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed
information about the listserv commands by sending a one line e-mail message
to [log in to unmask] . The body of the message should read "help"
(without the quotes).
>
> If you decide to leave Museum-L, please send a one line e-mail message to
[log in to unmask] . The body of the message should read "Signoff
Museum-L" (without the quotes).
=========================================================
Important Subscriber Information:
The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes).
If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).
|
