2001-Aug-03

One of my first main sites whatcomnew.com is owned by someone else -- a squatter trying to make money off of ads. Oh well, I only made a couple hundred dollars off of the site, but I spent thousands of hours working on it. I hadn't really gave it much attention since spring of 1999. So I removed the whatcomnews.com from my Apache config and DNS, backed up the website to a tarball (on rainier) and deleted the site, and removed the user and email configs.

pilchuck received 61 Code Red scans between August 1 at 5:45 a.m. and 9:01 this morning. (The HTTP GET request wants "/default.ida?" followed by a bunch of junk.)

Well, I received well over 40 SirCam worm emails today. So I added a system message filter for exim.

# The W32/Sircam virus is sending messages with lower case date: headers
# (The upper-case CONTAINS makes the string comparison case sensitive.)
if $message_headers CONTAINS "ndate: " and
$message_headers contains "_Outlook_Express_message_boundary"
then
fail text "Suspect W32/Sircam virus message"
seen finish
endif

Plus I filter for sexyfun.net virus junk.

While I was reconfiguring Exim, I had exim verify the recipients as they are received from remote host (with "receiver_verify") -- so I don't waste time trying to email bounces back to non-existent accounts because they are probably spam anyways. (I feel Exim is bloated with numerous capabilities, but on the other hand, I feel it is very easy to use as long as I read the docs. It is definitely easier to configure and understand than sendmail.)