My mail client gave me a rather unusual message this evening. It told me that contact with my mail server had been lost.

Okay… unusual, but not too concerning. However, the fact that I could not get to any of the web sites we host was a bit unusual.

It took a while, but once I logged into the machine I noticed it was slow. Also, I had a load average of 89.15. Since the normal load average is about 0.15, this concerned me.

The culprit was httpd – the Apache web server. It was trying to serve data to nearly 150 clients at one time – not a lot by most standards, but this machine isn’t made for that sort of use. I saved a dump of the network connections and killed the web server ASAP.

Examination of the network dump revealed that most of my connections were coming from one netblock … in Syria. Checked the logs… yep, it’s a spambot run out of control. Plus, I’m probably not that popular in Syria. Luxembourg? Hell, yes! But not Syria.

So, I added them to the IP filter list, turned down the clients that the http server would talk to and turned things back on. All seems well. For now, anyway.