[Smaug] Need a security dude.
Meg McRoberts
dreidellhasa at yahoo.com
Mon Dec 26 12:48:11 PST 2005
I just wrote to a couple of our security honchos at
Trend Micro for advice here. We do have some mail
filtering software that I think will catch/stop this
sort of activity. Here's a link if you're interested --
you can download a trial version for free to see if it
works:
http://www.trendmicro.com/en/products/smb/isvw-smb/evaluate/overview.htm
We do have separate products for email filtering and
FTP/HTTP filtering -- they provide more configuration
options and can be a bit more difficult to administer
but the protection is the same.
I'll let you know what I hear from the experts.
meg
--- Thomas Leavitt <thomas at thomasleavitt.org> wrote:
> Some bleeping Brazilian spammer is using the DataChaos backdoor script
> (dc.pl.htm) to get into my server and spam other Brazilians. I can't
> find enough information on the web to reverse engineer what he's doing,
> and there's nothing in the logs to backtrace it either... I don't have
> the security chops to figure it out on my own. I'm pretty sure he's
> exploiting some php whole, as the messages appear to be generated via
> apache and send as local mail...
>
> Is there a way to "lock down" all locally generated mail, and put it
> through some kind of approval filter? (as an interm step) ... only
> programs generate this kind of email at this point, there are no shell
> accounts on the server.
>
> I'd be willing to pay to have someone figure out how this bastard is
> getting in, and how to stop him.
>
> Regards,
> Thomas Leavitt
>
>
> _______________________________________________
> Smaug mailing list
> Smaug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/smaug
> Smaug home page: http://www.scruz.org/
>
More information about the Smaug
mailing list