rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#1273 — FS#5277 — Emailvision violent spam 83.136.208.0/21 82.138.77.0/24 193.25.198.0/24

Attached to Project— E-mail
Modernization
all
CLOSED
100%
Following the attacks in the form of very violent spam we have repeatedly received from the following networks we set protections on our network to return to normal operation.

83.136.208.0/21
82.138.77.0/24
193.25.198.0/24
Date:  Thursday, 31 March 2011, 17:40PM
Reason for closing:  Done
Comment by OVH - Wednesday, 30 March 2011, 17:14PM

As the reponsibles of Emailvision confirmed, a form of
Sponsorship installed on the website of one of their customers
http://www.theaa.com/services/breakdowncover/membergetmember/refer.jsp
was hacked to simulate a double opt-in (a registration to
newsletter with the confirmation of registration). Or
there is no hack as the tool does not offer
double opt-in and anyone can subscribe anyone
without any confirmation. We do not have enough detail
at this level. We just have the following information:
----
XX@XXX has been inserted and sent multiples of this email
starting on the 18th March it seems as this email address
has date joins on the 18/03/2011, 24/03/2011, 25/03/2011,
27/03/2011 and for each date they were inserted multiple times.
----

Consequence: tens of thousands of emails were
sent to our network. It's is since several days.

The number of sent emails and the sending violence
were detected by our robots which manage the attacks.
Many working hours of our teams were necessary
on Sunday the 27th in order to clean our infra from the
emails which we have received till the saturation of some
elements. So in order to avoid that the problem is reproduced
again, we have put the security measures which will help us
protect our infrastructure.

It is not the first time in which we experienced problems
with the Email vision for nearly the same reasons every time.
Despite the serious repeated incidents, the problems are not
yet fixed. There is no dialogue. People do not seem to understand
that they are putting in danger the network and are generating
unnecessary work to the other networks/sysadmin team.
Therefore, if our network is again attacked tomorrow, we will
take exactly the same measures.


Comment by OVH - Thursday, 31 March 2011, 13:11PM

The protections were taken off. We receive again the traffic
from the email vision network.
We are waiting from the part of the persons in charge
for the evolution in the facts in order to avoid eventual problems
in the future.


Comment by OVH - Thursday, 31 March 2011, 13:11PM

$ ping 81.92.116.1
PING 81.92.116.1 (81.92.116.1) 56(84) bytes of data.
64 bytes from 81.92.116.1: icmp_seq=1 ttl=58 time=1.03 ms

--- 81.92.116.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.032/1.032/1.032/0.000 ms

$ ping 81.92.115.1
PING 81.92.115.1 (81.92.115.1) 56(84) bytes of data.
64 bytes from 81.92.115.1: icmp_seq=1 ttl=57 time=1.12 ms

--- 81.92.115.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.123/1.123/1.123/0.000 ms

$ ping 81.92.113.1
PING 81.92.113.1 (81.92.113.1) 56(84) bytes of data.
64 bytes from 81.92.113.1: icmp_seq=1 ttl=57 time=0.905 ms

--- 81.92.113.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.905/0.905/0.905/0.000 ms

$ ping 81.92.112.1
PING 81.92.112.1 (81.92.112.1) 56(84) bytes of data.
64 bytes from 81.92.112.1: icmp_seq=1 ttl=57 time=0.952 ms

--- 81.92.112.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.952/0.952/0.952/0.000 ms

$ ping 193.25.198.1
PING 193.25.198.1 (193.25.198.1) 56(84) bytes of data.
64 bytes from 193.25.198.1: icmp_seq=1 ttl=58 time=0.998 ms

--- 193.25.198.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.998/0.998/0.998/0.000 ms