no other web apps running.
" It's easy enough to configure squirrelmail to authenticate (and use port
587). "
Can you show me how plesae eric.
Thanks
----- Original Message -----
From: "Eric Shubert" <e...@shubes.net>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Thursday, April 08, 2010 7:49 PM
Subject: [qmailtoaster] Re: spam
Jake Vickers wrote:
On 04/08/2010 04:21 PM, madmac wrote:
Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is " non standard "
But I agree, this box is compromised " some how "
File count now at 9580 and counting
Are all of the files that are "infected" from mailboxes?
It does sound like your machine has been compromised. If you leave
Squirrelmail open (ie: no protection against password attacks) or have
other webapps running then this is the most likely place for them to get
in. Once they have an account's login credentials, they can upload things
to themselves and run them (don't ask me how - I never looked at how they
did it - I just fixed it) and then brute force passwords from the local
machine to obtain other access or whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he came in
the next day someone had emailed him his root password. He reinstalled
and put phpbb back on and had his machine compromised in about 2 hours
after that.
Good thoughts. Others:
If you have web apps (other than qmt) running on the host, I'd get rid of
the 127.: line in tcp.smtp and see if that blocks it. It's easy enough to
configure squirrelmail to authenticate (and use port 587).
If you have users that are not using TLS/SSL with pop3 and/or imap, it's
possible that their account logins have been compromised. It does happen.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com