Ukraine Pirate Party hit by Spam Attack
[Editor’s note] Last month the Ukrainian Pirate Party came under attack. How they reacted and coped can show other Pirate Parties what to do in such cases.
From 1 May 2013 we faced with problems on our mail server — some emails were being delayed. Also, all our public emails, that were published on our site, started receiving incredible amounts of spam. We discovered this in the logs, while trying to find problem causing the delay. Mostly those emails were just common ads and the spam filter successfully deleted them.
On 3 May the situation changed. Instead of common spam our emails filled with “junk” mails, which contained autogenerated text and even paragraphs from various books. There was no doubt about the cause of such activity. At that moment we have already analyzed the mail logs and discovered nearly 10 000 zombies. Someone paid for this bot-net and it was generating approximately 50 000 mails a day for each target email.
We informed our hosting provider about the attack. It continued till the 5 May and then suddenly stopped. We thought attack was finished because they couldn’t harm us. But early in the morning on Monday 6 May our chairman Sergey Yarygin started receiving calls from different people who were saying that we were spamming them. Some of them forwarded this spam for us to see – it was blank email with just one link to our site. Some hours later the manager from our hosting provider called and told us, that Spamhaus was requiring us to stop spam activity. Their bot resolved our server’s IP from that link and sent an abuse notice to their datacenter, which forwarded it to our provider.
Because we had already informed them earlier about this attack and they had mail logs indicating the zombies (the same bot-net that was sending spam with the link), the manager told us that they would help us with abuses. This new attack affected users of Ukrainian free mail services and corporate emails, that were published in contact section on websites. We’ve received many calls from journalists, asking about details. As they told us, their public email accounts were getting 20-100 spam letters a day.
Attack continued till 13 May 2013. But what is interesting is that many of the people, who contacted us, were supporting us. Almost nobody believed we were responsible for this disaster. And we want to thank all of them.
Featured image CC BY-NC-SA by Vince Lamb