[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help. My system cracked and used to spam

On Thu, Aug 08, 2002 at 11:29:58PM -0400, David Teague wrote:
> 
> Hi 
> 
> 
> Please CC: response to teague@jackson.main.nc.us
> 
> The Subject line says it all. One of my machines was 
> cracked and A spam forwarder was installed on it. 

Hmm... If the machine truly was "cracked", then probably the best thing
to do is to take a copy of any data from the machine, then wipe and do I
complete reinstall.  Otherwise it's just a mess trying to work out what
was trojaned and what wasn't.

> 
> It is an old 486 running Debian 2.0.
> 
> I disconnected it from the net, since stopping
> the spam forwarding is very important.
> 
> Please, will someone give me pointers to FAQs,
> HOWTOs and books on how to find what was done
> to the mailer (Exim?) to make it behave so, and
> how to find how to fix it..

So, was Exim running properly locked down, and then they broke in and
unlocked it?  If so, then they must have found another vulnerability to
get in (were you keeping up to date with security updates?).  If exim
was configured as an open relay and they just happened to find it, then
one of the exim experts on here should be able to chime in and help.

Hope that helps...

- Chris
Reply to: