Vulnerable Servers Warned

WASHINGTON, D.C. -- The Federal Trade Commission has identified more than 1 million IP addresses that provide open proxies or open relays, which spammers can tap to hide their identities, and is alerting server owners that they might be inadvertently helping spam.

The FTC and 36 other government agencies from 26 countries have launched Operation Secure Your Server. The effort calls for the agencies to send e-mail to owners of tens of thousands of servers, asking them to check their server configurations for possible open relays or open proxies. Operation Secure Your Server will direct the owners to information on how to inexpensively check servers and close the openings.

"We're certain that a lot of people we're going to contact are not aware of the problem," says Don Blumenthal, coordinator of the FTC Internet Lab. "It's a significant problem."

Wrong Address

An open proxy or relay is one way a spammer can co-opt another server address when sending unsolicited e-mail. Sometimes a bulk mailer just provides a false return address as part of the mass mailing.

Identifying and taking advantage of open relays is also a favorite tactic of some viruses and worms. Some people suspected that last summer's Sobig virus was dispatched by purveyors of bulk e-mail.

The FTC e-mail sent to server owners will direct them to Secure Your Server, which tells how businesses can fix vulnerabilities. The FTC's Web site provides more information on closing holes. The FTC will send the e-mail for at least a couple of weeks, Blumenthal says.

The message, being sent in 21 languages to server operators around the world, explains that "open relays and open proxies are servers that allow any computer in the world to bounce or route e-mail through them to other Internet mail addresses. Open relays and open proxies are often exploited by people who flood the Internet with spam. This abuse creates problems for consumers worldwide, as well as for law enforcement and your organization."

Vulnerabilities Everywhere

The FTC doesn't have information on which countries have the most open relays or open proxies, but Blumenthal says he expects that a number of U.S. businesses will be contacted.

Operation Secure Your Server is sponsored by the FTC and agencies around the world. International participants include agencies in Albania, Argentina, Australia, Canada, Brazil, Bulgaria, Canada, Chile, Colombia, Denmark, Ecuador, Finland, Hungary, Jamaica, Japan, Lithuania, Norway, Panama, Peru, Romania, Serbia, Singapore, South Korea, Switzerland, Taiwan, and the United Kingdom.

Last year, the FTC and other international government agencies conducted a campaign against open relays, identifying businesses with potential vulnerabilities and urging them to close the relays.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon