[qmailtoaster] Re: spam

Thu, 08 Apr 2010 18:49:31 -0700 

Jake Vickers wrote:

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is " non standard "
But I agree, this box is compromised " some how " File count now at 9580 and counting 

Are all of the files that are "infected" from mailboxes?

It does sound like your machine has been compromised. If you leave 
Squirrelmail open (ie: no protection against password attacks) or have 
other webapps running then this is the most likely place for them to get 
in. Once they have an account's login credentials, they can upload 
things to themselves and run them (don't ask me how - I never looked at 
how they did it - I just fixed it) and then brute force passwords from 
the local machine to obtain other access or whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he came 
in the next day someone had emailed him his root password. He 
reinstalled and put phpbb back on and had his machine compromised in 
about 2 hours after that.


Good thoughts. Others:


If you have web apps (other than qmt) running on the host, I'd get rid 
of the 127.: line in tcp.smtp and see if that blocks it. It's easy 
enough to configure squirrelmail to authenticate (and use port 587).



If you have users that are not using TLS/SSL with pop3 and/or imap, it's 
possible that their account logins have been compromised. It does happen.


--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

























					Reply via email to