[Smaug] Need a security dude.
Thomas Leavitt
thomas at thomasleavitt.org
Mon Dec 26 12:28:11 PST 2005
Some bleeping Brazilian spammer is using the DataChaos backdoor script
(dc.pl.htm) to get into my server and spam other Brazilians. I can't
find enough information on the web to reverse engineer what he's doing,
and there's nothing in the logs to backtrace it either... I don't have
the security chops to figure it out on my own. I'm pretty sure he's
exploiting some php whole, as the messages appear to be generated via
apache and send as local mail...
Is there a way to "lock down" all locally generated mail, and put it
through some kind of approval filter? (as an interm step) ... only
programs generate this kind of email at this point, there are no shell
accounts on the server.
I'd be willing to pay to have someone figure out how this bastard is
getting in, and how to stop him.
Regards,
Thomas Leavitt
More information about the Smaug
mailing list