Well William for me it was pretty easy to identify the account being used. Because they were authenticating against the server, I pulled my logs and looked for the encrypted entry and then used a base 64 decoder to see what the account name was and then changed the password for that account. This was an old account on the server that hadn't been deleted yet because of our transition to Exchange. We are now using Exchange on the inside and have a very strong password policy in place, and the old accounts on the mta in question will be going away shortly.
At 03:31 PM 10/9/2009 +0200, William Stucke wrote: >Hi Phil, > >This is a major problem. It seems to be the "flavour of the month" for >spammers to exploit MTAs. It's happened to me, on two separate MTAs >(running different mail software) in the last couple of months. > >The problem is, it's not all that easy to: - >a) Identify exactly which account was compromised >b) Get thousands of mail users to change their passwords to something >more secure... > >A lesser, but still real, problem is that it's actually very hard to >have a truly secure password - that the user is able to remember. For >example, some years ago, an MTA crashed, badly. I used one of the >cracking tools, and fed it with all the usernames and known passwords. >In 10 minutes, it had successfully cracked 87% of the passwords! After >24 hours of running, we had cracked all but a dozen passwords. We called >those customers and asked them their passwords, and were up and running >again. > >BTW: Even more fun - hMailServer for one appears to be unable to process >passwords that contain punctuation characters, if those passwords are >applied using a script - e.g. from a web form. So much for secure passwords! > >Any suggestions about dealing with (a) and (b) above? > >William > >------------------------------------------------------------------------------ >Come build with us! The BlackBerry(R) Developer Conference in SF, CA >is the only developer event you need to attend this year. Jumpstart your >developing skills, take BlackBerry mobile applications to market and stay >ahead of the curve. Join us from November 9 - 12, 2009. Register now! >http://p.sf.net/sfu/devconference >_______________________________________________ >Assp-user mailing list >Assp-user@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
