Subject: Advanced Persistent Threat (APT) hackers had hacked into my Virtualmin Linux Virtual Private Server (VPS) on 15 Dec 2025 Monday around noon time
Good day from Singapore, Today 17 Dec 2025 Wednesday around 12.30 PM, I was trying to use GMail (Google Mail) to send email to my email accounts hosted in Virtualmin Linux Virtual Private Server (VPS) (aka web hosting control panel). GMail reported the error "554 5.7.1 Relay access denied". Which means all of my email accounts hosted in Virtualmin Linux VPS could no longer receive emails. Advanced Persistent Threat (APT) hackers must have hacked into my Virtualmin Linux VPS and changed my server configuration. Webmin version: 2.520 Virtualmin version: 7.50.0 GPL Operating system: AlmaLinux 9.6 Usermin version: 2.420 Authentic theme version: 25.20 Linux Kernel and CPU: Linux 5.14.0-570.51.1.el9_6.x86_64 on x86_64 When I logged in to Roundcube Webmail, I noticed that I had stopped receiving emails with the email accounts hosted in Virtualmin Linux VPS since 15 Dec 2025 Monday around 12 noon Singapore Time. When I checked /var/log/maillog in Virtualmin Linux VPS, I observed that I had started getting "554 5.7.1 Relay access denied" errors since 15 Dec 2025 Monday around 12.28 PM (for my email accounts hosted in Virtualmin Linux VPS). Advanced Persistent Threat (APT) hackers must have hacked into my Virtualmin Linux VPS and changed my server configuration. When I checked /etc/postfix/main.cf on my Virtualmin Linux VPS, Advanced Persistent Threat (APT) hackers had changed the following line to: mydestination = $myhostname, localhost.$mydomain, localhost, ns1.turritopsis-dohrnii-teo-en-ming.com I had to change the above line back to: mydestination = $myhostname, localhost.$mydomain, localhost, ns1.turritopsis-dohrnii-teo-en-ming.com, teo-en-ming.com, teo-en-ming-corp.com And then restart Postfix daemon/service (systemctl restart postfix). For Virtual Server teo-en-ming-corp.com in Virtualmin Linux VPS: Advanced Persistent Threat (APT) hackers had changed my email account user's Login access to Database, FTP and SSH. I had to change it back to Database, Email, FTP and SSH. Advanced Persistent Threat (APT) hackers had also changed "Primary email address enabled" to No. I had to change it back to Yes. For Virtual Server teo-en-ming.com in Virtualmin Linux VPS: Advanced Persistent Threat (APT) hackers had changed my email account user's Login access to FTP and SSH. I had to change it back to Email, FTP and SSH. Advanced Persistent Threat (APT) hackers had also changed "Primary email address enabled" to No. I had to change it back to Yes. After making all of the above changes, I am able to start receiving emails with my email accounts hosted in Virtualmin Linux VPS since 1.15 PM today 17 Dec 2025 Wednesday. When I checked OpenSSH server logins and Virtualmin logins, only public IPv4 addresses belonging to me were present. There were no traces of Advanced Persistent Threat (APT) hackers gaining unauthorized entry into my Virtualmin Linux VPS at all. Of course, if they are Advanced Persistent Threat (APT) hackers, they must be very smart and intelligent (their intelligence quotient IQ sure way above me) to remove all traces of their unauthorized intrusions into my Virtualmin Linux VPS. How can I make a request to Advanced Persistent Threat (APT) hackers so that they will stop playing pranks on my Android (Linux) phones, home desktop computer, laptops, Virtualmin and Webmin Linux servers and other various numerous online accounts not secured with 2FA / MFA? Please advise. Thank you very much. Regards, Mr. Turritopsis Dohrnii Teo En Ming Extremely Democratic People's Republic of Singapore 17 Dec 2025 Wednesday 3.50 PM Singapore Time _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
