[Smaug] Need a security dude.

Rob Beckett subwolf at gmail.com
Mon Dec 26 12:46:26 PST 2005


Sent you an email. :)

Rob Beckett
SCT

On 12/26/05, Thomas Leavitt <thomas at thomasleavitt.org> wrote:
> Some bleeping Brazilian spammer is using the DataChaos backdoor script
> (dc.pl.htm) to get into my server and spam other Brazilians. I can't
> find enough information on the web to reverse engineer what he's doing,
> and there's nothing in the logs to backtrace it either...  I don't have
> the security chops to figure it out on my own. I'm pretty sure he's
> exploiting some php whole, as the messages appear to be generated via
> apache and send as local mail...
>
> Is there a way to "lock down" all locally generated mail, and put it
> through some kind of approval filter?  (as an interm step) ... only
> programs generate this kind of email at this point, there are no shell
> accounts on the server.
>
> I'd be willing to pay to have someone figure out how this bastard is
> getting in, and how to stop him.
>
> Regards,
> Thomas Leavitt
>
>
> _______________________________________________
> Smaug mailing list
> Smaug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/smaug
> Smaug home page: http://www.scruz.org/
>



More information about the Smaug mailing list