HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Urgent help needed clearing e-mail queue

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#100536 (In Topic #19740)
TQ
Avatar

Honoured member

Cron Bridge issuing 100's of duplicate e-mails

Hi all,

Last night brought the worst attack on my OCP to date. Unfortunately the attacker's rating was below my spammer block threshold so a "A possible spammer was detected by the xxxxxxxxxxx.httpbl.org service (IP: 216.54.216.26). Validation has been forcibly enabled for their request" was issued and the attack proceeded with gay abandon.

Emails started arriving at a rate of 1 every 3-4 seconds so I connected to the server and blocked the IP manually. At this time I could see that the spammers BOT was making 20-30 connections per second. In total, they must have been connected to my server for about 15 minutes.

The Windows server's task schedule for the cron_bridge.php is every 10 minutes and as soon as this re-triggered the server was trashed, my connection to the server went from lightening fast to dial-up modem speed.

I killed the site and killed the task as soon as I sussed what was going on and, after rebooting the server, everything else is back to normal.

I am now sitting in front of the server itself and have just restarted the cron_bridge task. Within 5 minutes I have received 690 duplicates of the above mentioned email and the only way I can stop it is to kill and disable the task as I'm guessing there are 1000's still to come.

Finally, the Question: How can I flush the email queue? I have access to the web site files and the mySQL database.

I'm reluctant to restore a backup at this time as it's 10 or more days old and I will loose 40-50 new members plus other content but I may ultimately have to do so as I have now discovered that I have 1800+ broken links to members avatars and a bunch of other link errors too (none were there before this episode).

Finally, I should declare right now that this is probably a problem of my own making, the batch files supplied with OCP for a Windoz servers kill my site so I may have made untold mistakes with the privileges in my attempt to do it manually thereby providing the BOT with the necessary access to my files and folders to trash it.

Awaiting the response of much greater men than I.

Nick


Last edit: by TQ
Back to the top
 
Posted
Rating:
#100537
Avatar

You can safely empty the logged_mail_messages table.

Missing files does not sound related to this. Even with incorrect Windows file permissions, a bot should not be able to access your server's filesystem without having an account on the server.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100538
TQ
Avatar

Honoured member

Chris Graham said

You can safely empty the logged_mail_messages table.

Missing files does not sound related to this. Even with incorrect Windows file permissions, a bot should not be able to access your server's filesystem without having an account on the server.

Thank you :thumbs:  thank you  :thumbs: thank you  :thumbs:.
Site now back open again… Time to backup!
Much appreciated chris.
Nick
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: