Results 1 to 7 of 7

Thread: Hacker Problem

  1. #1
    Join Date
    May 2003
    Melbourne, Australia

    Hacker Problem

    I have a hacker on an old server - which I've left now and will shutdown very soon. What I'm worried about is he may have all the email passwords from the old server and then use them on the new server to open one of our clients email accounts. What I'm most concerned about is that he will send an email with a virus to an account on the new server to again try to re-gain root access. I thought of configuring exim to deny any emails with attachments for say a few weeks - what do people think of this solution? How would I do this?

    I've got an Anti-Virus clamav setup but it runs say every hour or so - plus it takes about 30 mins to complete one scan, during this time the hacker could send a virus in an email to new server and open attachment and maybe gain root access again? Actually is this how trojans work?

    I'm also going to email all clients about updating their passwords - but there will always be some who don't.

    Anyone got a better solution to this problem? Can anyone tell me how to config exim to block attachments - if this is the only solution.
    Last edited by bjdea1; 04-05-2004 at 10:01 AM.

  2. #2
    Join Date
    Apr 2003
    Lebanon, PA
    Why not use clamav to scan incoming mails instead of the entire system? There are plenty of howtos on setting that up. I would also run nessus against your new server to find any potential exploits someone could use to gain root access. You shouldn't worry about a virus giving someone root access since it cannot run it self once it is sitting on the box. Also make sure your mail daemon is running as a non-privilaged user such as nobody.

  3. #3
    Join Date
    Dec 2002
    chica go go
    configure your email server to disallow all executable attachments.

  4. #4
    Join Date
    Dec 2003
    Let's say that someone sent an e-mail with a virus to your server and it was on your server. It may be a virus, but doesn't the file need to be executed for it to infect anything, if it's just an e-mail attachment it won't do much, will it?
    Michael MacKinnon

  5. #5
    I would change all of your clients passwords for them and not even give them a choice. Explain that it is annoying to them but it will protect them in the long run. I trust you have already told them that the server they were on was compromised and reccomended they change their passwords elsewhere as well.
    Advanced Forum Hosting
    Easily build a community today!

  6. #6
    Set up ClamAV with MailScanner. It will scan every email for viruses. At the same time simply ask your client base to change their passwords. Of course you should word it correctly, so it doesn't sound like there is a hacker on your system.
    Datums Internet Solutions, LLC
    Systems Engineering & Managed Hosting Services
    Complex Hosting Consultants

  7. #7
    I don't see how sending viruses or trojans to emails to someone on your server can give root access. The key word is root. If you can do so, you need to trust your root access with someone who won't open attachments for fun.

    Blocking all attachments is not going to work. You just antagonize your real users.
    Like us on Facebook to qualify for discounts!
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts