EMERGENCY - need to secure my server against an ongoing SPAMMER
Bob Brennan
rbrennan96 at gmail.com
Fri Mar 11 12:49:31 UTC 2005
> If you don't know how your server was compromised, you must reformat the
> hard drive and reinstall from scratch.
>
> The attacker has probably left a back door by which the attacker can gain
> access and seize control of your server again, at will.
Thanks for the warning Sam, that was the first thing I looked for. All
evidence so far (first concern was to stop the flood) points to an
open relay with mail originating from a yahoo account. The spam itself
was chinese, addressed and cc-ed to seemingly random yahoo and hotmail
accounts, a "dictionary attack" I think, with the bulk of it rejected
and sitting in my outgoing mail queue.
I have full SELinux firewalling fully enabled and am fairly closed-up
except for http, email, and ftp.
bob
More information about the fedora-list
mailing list