[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] RAQ3 - Baffling SPAM Message Relay & Restore CD

Subject: RE: [cobalt-users] RAQ3 - Baffling SPAM Message Relay & Restore CD
From: "Efrem Habteselassie" <efrem@xxxxxxxxxxxxxxxxxx>
Date: Fri Oct 19 15:01:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

It turned out the spammer was using an exploit on formmail.pl
(see my previous post)

But the point you mention raises a serious concern.

Our server is co-located in a remote secure site that is not easy to
access. Also do not have CD drive for RAQ3.
I suspect many people are in a similar situation.

Are there any less painful options for disaster recovery?
Is there an online archive image of the restore CD where we can try
to do partial restore of damaged system files?
Or are we up sh#$ creek on this one?

Right now, our NSCD file is damaged, where do I get a clean copy for the
RAQ3?

Any comments from Cobalt support ?

Thanks again.

Efrem H.
ACIS Consulting.

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Jay Summers
Sent: Friday, October 19, 2001 12:52 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay


> Hello All;
> Our server is being used to relay Spam messages to hundreds of addresses.
>
> Have been working to try and fix this for two weeks now.
> We tried all of the following:
> - Read a lot of (very helpful) advice on this forum.
> - Have installed all of the latest RPMs on Cobalt site.
> - Found the T0RN rootkit and deleted and replaced all of affected files.
> - Installed POP b4 Relay
> - Switched to SSH and killed telnet
>
> SPAM still continuing!
> The emails appear to be originating from=admin
> I also see relay=admin@localhost
>
> Questions:
> 1) How do I turn off ALL relaying? Simply using the UI panels does not
seem
> to work.
> 2) Any suggestions as to what might this be?
>
> Any comments welcome!

If you found a T0RN kit and you're machines been rooted, then the only
solution is a full restore with the restore CD. That is the only way that
you'll know your machine is clean. Most likely Mr. h4x0r has a number of
back doors into your system. Bummer deal...

HTH,
j

--
http://www.bizmanuals.com

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
  - From: Jay Summers

Prev by Date: RE: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
Next by Date: RE: [cobalt-users] Server Spamming
Previous by thread: Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
Next by thread: RE: [cobalt-users] RAQ3 - Baffling SPAM Message Relay

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index