[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] spam exploits
- Subject: RE: [cobalt-users] spam exploits
- From: "Manny Tau" <mtau@xxxxxxx>
- Date: Fri Apr 11 14:56:00 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Exploited, meaning that an unauthorized person is using my email/webserver
to relay their spams...USA.net responded saying that the sender's email is
spoofed, actually, here's the message:
<<Thank you for your notification. These email addresses are being forged
by the spammer. Most of the addresses are invalid, but he/she has used
valid addresses for almost 150 customers.
Other service providers have found that they are a relay due to a hack
where machines running Windows with ports 135 and 139 open now have
proxy.exe running on them to send this spam. You should check your
system for this hack.>>
Not too helpful since I'm running Linux/Apache.
Manny
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dan Kriwitsky
Sent: Friday, April 11, 2003 2:40 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] spam exploits
> I've got a static IP account for my webserver.
>
> My webserver has been exploited for porno spams over the last
> 48 hours. My logs say it's being relayed from 66.159.211.40,
> which belongs to DSLExtreme, provider of my static IP, and is
> NOT my static IP, though close.
>
> I've done various things on my 550 webserver, like IP Address
> Allocation to no longer accept the above.
>
> So, what needs to be done now to plug this up and can DSLE do
> anything?
>
What do you mean by "exploited"?
--
C2003 Dan Kriwitsky
Please reply to the list only. Off list replies are not read.
_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users