The other mailing list server I'm running and administering at the moment
was attacked by some idiot who had sent about 50 subsequent messages to
the majordomo address - each message containing +100 lines of the
majordomo command 'lists'. I'm doing load average checks in my majordomo
scripts but it is needless to say that the system got stuck for over 8
hours. The system is a Linux 2.0.29 box with 175MHz Pentium and 32MB of
RAM. Majordomo 1.94.4 version with Perl 5.004.
Currently Majordomo does not do any overall checking on the incoming
command message before starting executing the commands. Maybe we should
find some way to prevent situations like this.
The sendmail 8.8.8 (in my system) is configured to queue messages if the
LA exceeds 8.0 - and totally refuse connections with LA >15. These 50
majordomo attack messages got in before the load average rose above this
threshold - and since I'm running the queue every three minutes (I have a
very good reason to do it that often), there were quite a few majordomo
processes running there...
With regards, Marko Hotti mhotti@lists.oulu.fi
Oulu University CSC
Finland
Follow-Ups:
|
|
