newbie with www user security problem
From: Ken Hawkins (ken_at_rosewoodblues.com)
Date: 08/11/05
- Previous message: Simon L. Nielsen: "Re: zlib"
- Next in thread: Stijn Hoop: "Re: newbie with www user security problem"
- Reply: Stijn Hoop: "Re: newbie with www user security problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: freebsd-security@freebsd.org Date: Thu, 11 Aug 2005 09:32:22 -0400
many, MANY apologies up front if i have sent this to the wrong place!
I am inherently a software engineer who now gets to monitor a mail
server (don't ask). anyway i get an email message that alerts me from
a user that we have been hacked by a spammer and the mail message
header is:
------------- Forwarded message follows -------------
X-Auth-No:
Return-Path: <web1.prosoundweb.com!www>
Received: from web1.prosoundweb.com [64.73.50.193] by compudox.com
with Novonyx SMTP Server $Revision: 2.75.1.9 $; Wed, 10 Aug
2005
14:25:40 -0700 (PDT)
Received: from web1.prosoundweb.com (localhost.prosoundweb.com
[127.0.0.1])
by web1.prosoundweb.com (8.13.3/8.13.3) with ESMTP id
j7AJiZZF016410;
Wed, 10 Aug 2005 14:47:04 -0500 (CDT)
(envelope-from www@web1.prosoundweb.com)
Received: (from www@localhost)
by web1.prosoundweb.com (8.13.3/8.13.3/Submit) id
j7AINncm031958;
Wed, 10 Aug 2005 13:23:49 -0500 (CDT)
(envelope-from www)
To: webmaster@prosoundweb.com
Subject: All warez and porno in one place
Reply-to: webmaster@prosoundweb.com
From: webmaster@prosoundweb.com
Message-ID: <fe61f25929ecaf805cb30bb1beba7dc5@srforum.prosoundweb.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Wed, 10 Aug 2005 13:23:49 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - srforum.prosoundweb.com
X-AntiAbuse: User_id - 2
X-AntiAbuse: Username - admin
X-AntiAbuse: User IP - 62.105.6.113
it appears that someone has hacked the www password. at least i
think, and here is where the questions start....
am i correct in thinking that someone has hacked the www password and
has used the phpBB2 functionality (forum nightmare) to send spam mail
out?
what can i do about it other than have the www password changed? if i
change it will this action at least deter the spammer? what else will
this affect by changing the password?
can anyone shoot me a URL / example / explanation of how to button up
this hole?
THANK YOU, THANK YOU, THANK YOU in advance!
ken;
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Simon L. Nielsen: "Re: zlib"
- Next in thread: Stijn Hoop: "Re: newbie with www user security problem"
- Reply: Stijn Hoop: "Re: newbie with www user security problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
