[Smaug] Need a security dude.
subwolf at gmail.com
Mon Dec 26 12:46:26 PST 2005
Sent you an email. :)
On 12/26/05, Thomas Leavitt <thomas at thomasleavitt.org> wrote:
> Some bleeping Brazilian spammer is using the DataChaos backdoor script
> (dc.pl.htm) to get into my server and spam other Brazilians. I can't
> find enough information on the web to reverse engineer what he's doing,
> and there's nothing in the logs to backtrace it either... I don't have
> the security chops to figure it out on my own. I'm pretty sure he's
> exploiting some php whole, as the messages appear to be generated via
> apache and send as local mail...
> Is there a way to "lock down" all locally generated mail, and put it
> through some kind of approval filter? (as an interm step) ... only
> programs generate this kind of email at this point, there are no shell
> accounts on the server.
> I'd be willing to pay to have someone figure out how this bastard is
> getting in, and how to stop him.
> Thomas Leavitt
> Smaug mailing list
> Smaug at lists.svlug.org
> Smaug home page: http://www.scruz.org/
More information about the Smaug