Re: newbie with www user security problem

From: Stijn Hoop (stijn_at_win.tue.nl)
Date: 08/11/05

  • Next message: jimmy_at_inet-solutions.be: "Re: newbie with www user security problem" 
    Date: Thu, 11 Aug 2005 15:46:50 +0200
To: Ken Hawkins <ken@rosewoodblues.com>

    On Thu, Aug 11, 2005 at 09:32:22AM -0400, Ken Hawkins wrote:
    > we have been hacked by a spammer

    [snip]

    > X-AntiAbuse: Board servername - srforum.prosoundweb.com

    Ouch. You appear to be running a phpBB installation from 2002 (version
    2.0.6). That's asking for trouble. A lot of exploits have been found
    in phpBB since that time, see

    http://www.phpbb.com/support/documents.php?mode=changelog

    and

    http://www.vuxml.org/freebsd/pkg-phpbb.html

    There are lots of automated scripts running on already compromised
    machines that scan other machines for these vulnerabilities. Assuming
    that is how the spammer got in, there is no telling what he has done
    after that.

    You must assume that your machine has been fully compromised. The
    only way to know for sure that your machine is clean again is to build
    a new machine from scratch and transfer all your _non-executable_ data
    to it.

    You _might_ be able to get away with identifying any and all
    processes, removing suspicious data from /tmp, /var/tmp and any other
    OS place, changing passwords on _all_ accounts (but especially
    sensitive ones like root, your own and www). But you might not find
    the one backdoor that the spammer left and then you're back to square
    one again.

    It's your choice.

    To prevent this from happening, perform regular port updates and make
    sure to subscribe to the announcement list of highprofile publicly
    accessible software that you run.

    Good luck.

    --Stijn 

    -- 
A "No" uttered from deepest conviction is better and greater than a
"Yes" merely uttered to please, or what is worse, to avoid trouble.
		-- Mahatma Ghandi

  • Next message: jimmy_at_inet-solutions.be: "Re: newbie with www user security problem"

    Relevant Pages

    • Re: How to properly manage a custom profile?
      ... You think some guy on usenet asking a legitimate, ... spammer is going to go through such a hassle to get email addresses ... Not even spammers are that stupid. ... How would that get _you_ into trouble? ...
      (comp.os.linux.setup)
    • Re: Spam - Small Claims - Damages
      ... effectively said that they are happy to have to go to some trouble to ... law, and the second if they send via a compromised PC, under computer ... point in sending spam unless the sender hopes to profit from it in ... Whatever route the spammer uses to get money from you can ...
      (uk.legal)
    • Re: The Lord takes another ruinous heathen: D&D creator passes away
      ... Then why did you specifically call me a spammer? ... Which was spam, and obviously spam. ... university and get you in trouble or something? ... Terry, Terry, Terry. ...
      (rec.games.frp.dnd)
    • Pigeon group has disappeared
      ... It seems to have closed down, no postings there for weeks. ... trouble with a spammer. ... Prev by Date: ...
      (rec.birds)