[Smaug] Need a security dude.

Meg McRoberts dreidellhasa at yahoo.com
Mon Dec 26 12:48:11 PST 2005


I just wrote to a couple of our security honchos at
Trend Micro for advice here.  We do have some mail
filtering software that I think will catch/stop this
sort of activity.  Here's a link if you're interested --
you can download a trial version for free to see if it
works:

http://www.trendmicro.com/en/products/smb/isvw-smb/evaluate/overview.htm

We do have separate products for email filtering and
FTP/HTTP filtering -- they provide more configuration
options and can be a bit more difficult to administer
but the protection is the same.

I'll let you know what I hear from the experts.

meg

--- Thomas Leavitt <thomas at thomasleavitt.org> wrote:

> Some bleeping Brazilian spammer is using the DataChaos backdoor script
> (dc.pl.htm) to get into my server and spam other Brazilians. I can't
> find enough information on the web to reverse engineer what he's doing,
> and there's nothing in the logs to backtrace it either...  I don't have
> the security chops to figure it out on my own. I'm pretty sure he's
> exploiting some php whole, as the messages appear to be generated via
> apache and send as local mail...
> 
> Is there a way to "lock down" all locally generated mail, and put it
> through some kind of approval filter?  (as an interm step) ... only
> programs generate this kind of email at this point, there are no shell
> accounts on the server.
> 
> I'd be willing to pay to have someone figure out how this bastard is
> getting in, and how to stop him.
> 
> Regards,
> Thomas Leavitt
> 
> 
> _______________________________________________
> Smaug mailing list
> Smaug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/smaug
> Smaug home page: http://www.scruz.org/
> 




More information about the Smaug mailing list