On 10/8/13 5:15 PM, li...@sbt.net.au wrote:
I'm still perplexed with access: the user claims no one else had ftp
password, ftp password was a random 8-char alpha/numeric string,
can there be any other reason that leaked password...?
There are several Windows PC viruses, including the common
On Fri, October 11, 2013 4:56 am, Robert L Mathews wrote:
On 10/8/13 5:15 PM, li...@sbt.net.au wrote:
There are several Windows PC viruses, including the common Gumblar
family, that steal saved FTP passwords from files on the computer.
They simply have a list of file locations where various
On Fri, October 11, 2013 10:49 am, li...@sbt.net.au wrote:
On Fri, October 11, 2013 4:56 am, Robert L Mathews wrote:
There are several Windows PC viruses, including the common Gumblar
family, that steal saved FTP passwords from files on the computer. They
thanks for explanation, that makes a
Am 08.10.2013 07:44, schrieb Stan Hoeppner:
I've removed the script, I stopped ftp (it seems it was ftp'd)
at the time I've posted, I was on a 4 mobile, and, I was looking for a
stop gap measure to 'stop further damage' from that point
Understood. For a more permanent solution to this
On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote:
i never allowed any webserver in the past 10 years to
use the sendmail binary for a lot of reasons like header
injections and so on
Good, but possibly would not have helped. For me it looks obvious like
'Stealrat' which opens a socket
Am 08.10.2013 11:32, schrieb Manuel Bieling:
On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote:
i never allowed any webserver in the past 10 years to
use the sendmail binary for a lot of reasons like header
injections and so on
Good, but possibly would not have helped. For me it
On 10/08/2013 01:44 AM, Stan Hoeppner wrote:
Understood. For a more permanent solution to this script problem, you
may want to consider locking down or disabling the pickup service, and
configuring all web applications and MUAs to use the submission service
with auth. This will prevent
Am 08.10.2013 15:16, schrieb Michael Orlitzky:
On 10/08/2013 01:44 AM, Stan Hoeppner wrote:
Understood. For a more permanent solution to this script problem, you
may want to consider locking down or disabling the pickup service, and
configuring all web applications and MUAs to use the
On Tue, October 8, 2013 4:44 pm, Stan Hoeppner wrote:
On 10/7/2013 11:19 PM, li...@sbt.net.au wrote:
there was a php script uploaded and called
I've removed the script, I stopped ftp (it seems it was ftp'd)
at the time I've posted, I was on a 4 mobile, and, I was looking for a
stop gap
On 10/8/2013 3:08 PM, li...@sbt.net.au wrote:
On Tue, October 8, 2013 4:44 pm, Stan Hoeppner wrote:
...
Understood. For a more permanent solution to this script problem, you
may want to consider locking down or disabling the pickup service, and
configuring all web applications and MUAs to use
On Wed, October 9, 2013 10:41 am, Stan Hoeppner wrote:
On 10/8/2013 3:08 PM, li...@sbt.net.au wrote:
Stan, Michael and other who responded, thanks
Others responded with some good ideas here, mostly locking down PHP
itself so it can't use the sendmail binary. But it sounds like this is a
On 10/8/2013 7:15 PM, li...@sbt.net.au wrote:
On Wed, October 9, 2013 10:41 am, Stan Hoeppner wrote:
On 10/8/2013 3:08 PM, li...@sbt.net.au wrote:
Stan, Michael and other who responded, thanks
Others responded with some good ideas here, mostly locking down PHP
itself so it can't use the
It seems one of my users has been hacked, my postfix server is spewing spam
from many.na...@adomain.tld, how best to prevent any outbound mails from
adomain.tld till I can look at this?
--
Sent from Kaiten Mail. Please excuse my brevity.
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
It seems one of my users has been hacked, my postfix server is spewing
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post your postconf -n and a log
On Tue, October 8, 2013 11:31 am, Simon B wrote:
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post your postconf -n and a log snippet of an outgoing
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
On Tue, October 8, 2013 11:31 am, Simon B wrote:
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post
On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
Without the log entries Simon asked for we can't do anything more to
help you, as we don't know how the spam is being injected. Please provide
logging that demonstrates the problem.
Stan,
On 10/7/2013 11:19 PM, li...@sbt.net.au wrote:
On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
Without the log entries Simon asked for we can't do anything more to
help you, as we don't know how the spam is being injected. Please provide
18 matches
Mail list logo
