[CLUE-Tech] Hack information
Angelo Bertolli
angelo at freeshell.org
Thu Jul 29 11:13:34 MDT 2004
> I have no idea what port 32775 is, but from what I can tell, that's
> what the spammer was listening on and sending his spam lists through
> to my server on. Then, sendmail was sending out a Citi Bank phishing
> email, even after I had killed sendmail, it would restart itself. So,
> it's gone beyond spamming now. We're into very illegal activity
> here. I haven't reformated the box yet, just firewalled off the ports
> that the data was being fed through on. The local branch of the FBI
> has never given a damn about hacks I've reported before, so I'm
> thinking I'll get the same response this time... but this phishing
> email being sent out concerns me. Now, not only will my box be
> possibly blacklisted as a spamming relay, it could be confiscated by
> the authorities. I just thought I'd let people know to look for
> similar things if you're still running Red Hat 9. I will now wisely
> switch to something else, and better firewall the server.
I think it's more risky to run a "personal box" also as a server (if
that's what you're doing). I've decided the safest way to go is to have
a separate box for each service you want to provide, if possible, and
then just strip down or firewall off everything else (removing those
packages is safer). For example for a mail server, I leave smtp and pop
open, but certainly don't allow ftp access, etc. This sort of thing is
probably even worse if the machine also happens to be your own personal
computer.
More information about the clue-tech
mailing list