This blog is retired.


Self-made DoS of the bbantispam server

According to Wikipedia, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Recently it happended to bbantispam.com and bbspam.com. More precisely, it was not a DoS-attack, but a DoS-suicide.

Textual Confirmation is an antispam tool for phpBB. In the community edition, it sends a copy of detected spam registrations to the central database, which is located on this server.

The current rate is a few notifications per second. It’s not a big load. But imagine that something is happened and the operating system (OS) has few free memory.

Sendmail (a mailer daemon) tries to save the notification in a database. By design, an external helper is used. But the program can’t be run because the OS is out of memory.

Therefore, sendmail defers saving of the notification. But additionally, it tries to send a problem report. Now we have two letters instead of one!

Now things go worse. Sending the report takes a time due to the network latency. Meanwhile, a new spam notification arrives. Again, it can’t be delivered immediately, and the process repeats. And yet another notification comes in…

After a while, the mail queue is jammed, the memory is fully occupied, and the system doesn’t provide any services anymore.

At the moment, a temporary workaround is implemented. All the incoming notifications are just thrown away. Now I’m waiting till the mail queue becomes empty. It will take a day or two. Then I’ll investigate how to solve the problem correctly.