News:

Click here for Toll-Free Service for your business starting at $2.00 per month

Main Menu

EU down (Spammer)

Started by admin, February 06, 2014, 11:43:43 AM

Previous topic - Next topic

admin

The EU server is down right now due to an abuse request.  We are investigating the request and should have service restored shortly.

Update:
We had the server enabled again but it was disabled before we could suspend the client spamming.

If we are given the opportunity to clean the queue out before getting cut off again, we will do so.


Update:
We have managed to get this client suspended and all of the mail removed.

admin

All should be back to normal as well as another spam outbreak does not happen.

admin

We also found similar mail queued up on the lax server.  The user those messages had originated from has also been suspended and all queued mail removed before that provider unplugs us.

admin

EU down again, they unplugged it again.

I am waiting for a response from their abuse department to see what the problem is now.

admin

I guess we will have to find another provider for the EU region, but the better solution may be to just not offer services in that region or move everyone to another server.  Unfortunately, with the server shut down, I do not have access to any of your files until they decide to bring it back online.

They haven't provided further abuse reports, so I am assuming they are getting reports from the large number of emails that were sent today.

If this type of abuse continues we may be forced to not offer email accounts (or allow sending mail for that matter).  This latest outbreak was sent using SMTP by using someone's mail account information.

It is unfortunate that not everyone has changed their passwords from a year ago when Plesk had the vulnerability, but that seems to be the case.

admin

The EU server is currently shut off by the provider due to abuse.  We are awaiting a reply from the provider to see about getting this machine brought back online.

admin

Sorry, still no response 30 minutes later.

admin


admin

Still no response.  We are starting the process of finding another provider to serve this region.

admin

#9
For those that use the EU server, please ping the following address and respond to plesk at lvcs dot net with the times you get.

If all goes well, this will be the replacement.  The only other key will be to get the other provider to turn us on long enough to copy all sites and content over.  We still haven't received any response on any of our tickets.

It may not come to having to move to this new machine if they get us up and running again, but we will be leery of using this in the future.

admin

It's back up right now.  Not sure for how long as I still haven't received a reply to my tickets yet.

admin

The response was finally received.  They said >1000 SMTP connections were going from the server again.

admin

#12
We have closed the relay ability on EU.  (Previously you could relay if you authenticated, that is no longer available.)

#This has been enabled again.

admin

Emails for the disabled user are now properly being denied.

admin

#14
EU is down again.  This time we will keep the SMTP relay service disabled.

(Hopefully they don't take 5.5 hours to respond to the ticket again like they did yesterday.)

##Update
I also see similar messages from the other servers, so this is likely a hole in either OS or Plesk packages.

I have a way that might prevent this, so I am putting that in place as soon as EU returns.