Month: September 2003

Testing New Email Anti-Virus Solution: We are

Wed Sep 24 15:04:27 PDT 2003 — Testing New Email Anti-Virus Solution: We are currently testing a new anti-virus solution on, our dedicated backup MX servers for customers with their own mail servers. If the test goes well we will deploy the system on both our inbound and outbound mail servers. The new anti-virus solution is based on MIMEDefang and Clamav which are both open source projects.

If you have any questions or comments, please bring them to news:// -Kelsey

Sendmail Buffer Overflow: There has been yet…

Wed Sep 17 19:24:19 PDT 2003 — Sendmail Buffer Overflow: There has been yet another buffer overflow announced in sendmail. We’ve just completed upgrading sendmail on all of our hosts and urge customers using this standard unix MTA to patch their installations before an exploit is available. Customers running unix should also note that OpenSSH has released a new version which fixes another potential security problem in sshd. -Kelsey and Russ

DNS server changes: As some of you may be…

Wed Sep 17 17:01:04 PDT 2003 — DNS server changes: As some of you may be aware, VeriSign, who controls the .net and .com DNS registries, recently changed the behavior of their gTLD servers to capture web traffic destined to non-existent domains with their own ‘sitefinder’ portal., and many other service providers, are concerned by VeriSign’s actions which, we believe, have had far-reaching negative affects on the Internet at large. In order to restore what we feel is the correct behavior of the .net and .com gTLD name servers on our network we replaced BIND on our name servers with a patched version that enforces receiving delegation-only responses from these servers.

For more information about this please see news://

-Kelsey service issues: The out…

Wed Sep 17 16:24:36 PDT 2003 — service issues: The out sourced NNRP provider that services is currently reporting authentication problems for connections from our network. We’ve brought on another out sourced NNRP provider available at in response to altnews’ (webusenet/ispnews) ongoing stability problems. For more information please see our support FAQs and news:// -Sonic Operations

OpenSSH exploit in the wild.

Tue Sep 16 11:56:09 PDT 2003 — OpenSSH exploit in the wild. There are reports of a worm in the wild that exploits a bug in OpenSSH. Folks running OpenSSH are strongly encouraged to upgrade to the very latest version, and examine their machine for intrusion problems.

All vulnerable hosts have either been upgraded or firewalled, preventing intrusion on these servers. -Kelsey and Scott (aka timber) public MySQL…

Sun Sep 14 12:18:47 PDT 2003 — (aka timber) public MySQL server is currently offline due to some kind of hardware failure. We’ll be swapping the hardware out with spares and should have services restored shortly. -Kelsey

UPDATE Sun Sep 14 13:04:06 PDT 2003 — The MySQL server has been replaced with new hardware and is currently back-online. Please report any issues to support. -Kelsey

Extended maintenance report from carrier.

Fri Sep 12 08:11:32 PDT 2003 — Extended maintenance report from carrier. One of our providers has been performing maintenance that has lasted longer than their expect window. Our redundant connections via multiple carriers and transport providers has insulated us from a service affecting situation. -Operations

New Microsoft RPC vulnerability.

Wed Sep 10 18:10:10 PDT 2003 — New Microsoft RPC vulnerability. Microsoft announced today a new vulnerability in Windows NT, 2000, XP and others that is very similar to the security flaw that the Blaster worm used. Patches for this new flaw have been released and are available at Windows Update ( ) and we urge our customers to patch their systems immediately. — Eli, Support

Web Server Instability: Over the past few…

Wed Sep 10 14:11:04 PDT 2003 — Web Server Instability: Over the past few days we have been seeing some instability in our webserver cluster that has been resulting in periodic slow downs or refused connections. We have disabled a suspect user cgi that appears to have been accidentally DoSing the servers. -Sonic Operations