|
|
| Author |
Message |
| 25 new of 293 responses total. |
gull
|
|
response 137 of 293:
| 
Jul 31 18:04 UTC 2002 |
See #20 in the System Announcements item (#3). Grex is being hit with a
DDoS attack. The webserver has been taken down to reduce the impact.
|
keesan
|
|
response 138 of 293:
|
Jul 31 19:36 UTC 2002 |
Cannot send out mail - is that related to the webserver?
|
dpc
|
|
response 139 of 293:
|
Jul 31 19:46 UTC 2002 |
A couple of hours ago e-mail to me from her work at cornerhealth.org
was bounced, saying Grex was not accepting e-mail from that address.
Any ideas why?
|
russ
|
|
response 140 of 293:
|
Aug 1 00:23 UTC 2002 |
I got an odd message after trying to send some mail, something about
"grex.cyberspace.org does not seem to exist", or words to that effect
(they scrolled off because of the Agora login message).
|
dpc
|
|
response 141 of 293:
|
Aug 1 13:13 UTC 2002 |
My wife tried (again) to send mail to me from cornerhealth.org.
Here are the basics of the bounce message she got:
The following addresses had permanent fatal errors -
dpc@cyberspace.org
Reason: 553 I can't accept mail from XXX@cornerhealth.org
via w162.z208177186.det-mi.dsl.cnc.net.
What, if anything, is Grex trying to say here?
|
carson
|
|
response 142 of 293:
|
Aug 1 15:03 UTC 2002 |
(that it's overloaded with connection attempts from other places?
possibly? just maybe?)
|
jep
|
|
response 143 of 293:
|
Aug 1 16:16 UTC 2002 |
Backtalk is back. The system is a bit quicker this afternoon, too.
Many thanks to the hero(es) who have been dealing with this mess. If
you folks aren't the best, then you're definitely up and coming
contenders.
|
mdw
|
|
response 144 of 293:
|
Aug 2 05:08 UTC 2002 |
A transformer supplying the building grex is in, and the whole block,
apparently blew up. Grex was down until we were pretty sure power was
back (ie, when I stopped by to see if the power was on a few minutes
ago). The power does work now. The DSL router is deader than a door
nail now though -- I guess it didn't survive whatever the transformer
did.
|
dpc
|
|
response 145 of 293:
|
Aug 2 13:43 UTC 2002 |
Since the DSL router has departed this life, does its demise
mean that (1) all off-site incoming e-mail is being bounced,
and/or (2) that all outgoing e-mail is being blocked?
FWIW, the last off-site e-mail I received came in at 12:51 p.m.
August 1.
|
carson
|
|
response 146 of 293:
|
Aug 2 13:52 UTC 2002 |
(outgoing mail wouldn't necessarily be blocked, but it's not going
anywhere until a DSL router is put in place. incoming would be
another matter; I know that [either] we [or another system] have
had mail queued for delivery at an alternate location in the past.
dunno what's being done in this instance.)
(glad to hear Grex itself is OK. what's the prognosis for getting
another router? do we need a bake sale?)
|
rcurl
|
|
response 147 of 293:
|
Aug 2 16:08 UTC 2002 |
/a/r/c/rcurl who
raheim ttypf Aug 2 11:56 (216.93.104.37)
rcurl ttytb Aug 2 11:57 (216.93.104.37)
All alone, by the telephone....
Tra la trala....
|
gull
|
|
response 148 of 293:
|
Aug 2 17:13 UTC 2002 |
Generally mail that can't be delivered due to network problems is held at
the system trying to send it. Usually error messages are sent back to the
sender periodically until the message is about 4 days old, and then it's
bounced. So if Grex can get a new router within the next three days, you
probably won't lose any mail. Mailing lists may kick you off, though,
depending on how the software is configured.
|
jp2
|
|
response 149 of 293:
|
Aug 2 19:33 UTC 2002 |
This response has been erased.
|
mdw
|
|
response 150 of 293:
|
Aug 2 20:24 UTC 2002 |
The router has been replaced, at unknown expense. Grex itself has
slightly more generous time limits for mail that can't be sent right
away -- it will wait a whole day before complaining about queued mail
(the default is 4 hours), and will wait 5 days before bouncing it
(default is 3 days).
|
drew
|
|
response 151 of 293:
|
Aug 2 20:33 UTC 2002 |
I *AM* on a dialup, and sz is refusing to work claiming that I'm telnetted
in.
|
drew
|
|
response 152 of 293:
|
Aug 2 20:40 UTC 2002 |
Okay, it worked that time. It must have freaked out on the abandoned process,
which I deleted.
|
munkey
|
|
response 153 of 293:
|
Aug 2 23:34 UTC 2002 |
From the MOTD: Grex's web service is back up. It turns out the problem was
not an
attack, but instead somebody trying to host an extremely popular web page
on Grex.
Who was the "extremely popular web page"?
|
scott
|
|
response 154 of 293:
|
Aug 3 00:09 UTC 2002 |
It had something to do with IRC bots. It wasn't a big page, but basically
it suddenly had a huge number of people accessing it.
|
orinoco
|
|
response 155 of 293:
|
Aug 3 01:51 UTC 2002 |
Now I'm confused. Was it too many web hits, a power supply problem, or both?
|
gelinas
|
|
response 156 of 293:
|
Aug 3 02:24 UTC 2002 |
Sounds like three separate problems, consecutively:
1) A popular web page saturated the DSL link
as that got resolved
2) A transformer blew its coil
which resulted in
3) A dead router
Dave, your problem with cornerhealth may be related to anti-spamming rules.
(Just a guess; I've not tried to look at grex's mail configuration.)
"cornerhealth.org" does not have an address record in DNS, and
it's "mail-exchange" record eventually resolves to something to the
w162.z208177186.det-mi.dsl.cnc.net name you mention. In other words,
a quick check would make it seem that someone is claiming to be something
(someone) they are not.
Some might argue that is not sufficient cause to reject mail; I don't
know what grex is actually doing.
|
mdw
|
|
response 157 of 293:
|
Aug 3 03:04 UTC 2002 |
grex sendmail will say "I can't accept mail from", but will also always
include a url that points to badsys.html after that. This is why
reporting the complete error message is of value; people like Joe who
don't know much about mail at grex, would still have given you a much
better answer if they had known about the URL. Actually, the url points
to a very old web page complaining mostly about obselete reasons why we
didn't accept mail from certain machines (in the bad old days with ppp,
where path mtu discover broke some things,) but at the end, I think we
also had something about that non-specific catchall, spam. That is to
say, we block mail from machines which we think only send spam. We've
done this for a while, but we've recently become much more aggressive
about this.
We've seen spam from machines at "cnc.net" for a long time. The
earliest record I have is from 20001201, when I blocked one subnet I
think in San Jose California, which appeared to be used for DSL lines.
Another staffer blocked more DSL lines in what might be Miami, Florida,
20011130, for sending "smut spam". That same staffer added *.cnc.net on
20020706, after apparently concluding that the entire domain ".cnc.net"
was only used for sending "Spammitty spam!"
|
richard
|
|
response 158 of 293:
|
Aug 4 04:56 UTC 2002 |
question is what can grex do about its susceptibility to somebody setting
up a grex web page as a pointer to something else that gets a lot of
hits. I mean what if somebody sets up a grex web page to use as a pointer
to some popular porn site or something. it would be easy for someone to
use such methods to attack grex. just that one page getting all those
hits slowed down grex considerably.
|
scott
|
|
response 159 of 293:
|
Aug 4 11:36 UTC 2002 |
So, we should stop hosting web pages then?
|
carson
|
|
response 160 of 293:
|
Aug 4 11:48 UTC 2002 |
<carson suspects that a certain someone misunderstands the problem, but
that someone is trying, to say the least>
|
keesan
|
|
response 161 of 293:
|
Aug 4 20:28 UTC 2002 |
Threetimes in a row kermit has dialed, gotten nothing, then redialed before
reaching grex.
|
