[CLUE-Tech] Hack information
Chris Schock
black at clapthreetimes.com
Thu Jul 29 11:43:25 MDT 2004
> I have no idea what port 32775 is, but from what I can tell, that's what
> the spammer was listening on and sending his spam lists through to my
> server on. Then, sendmail was sending out a Citi Bank phishing email,
> even after I had killed sendmail, it would restart itself. So, it's
> gone beyond spamming now. We're into very illegal activity here. I
> haven't reformated the box yet, just firewalled off the ports that the
> data was being fed through on. The local branch of the FBI has never
> given a damn about hacks I've reported before, so I'm thinking I'll get
> the same response this time... but this phishing email being sent out
> concerns me. Now, not only will my box be possibly blacklisted as a
> spamming relay, it could be confiscated by the authorities. I just
> thought I'd let people know to look for similar things if you're still
> running Red Hat 9. I will now wisely switch to something else, and
> better firewall the server.
Just curious, you did patch the box, right? You never mentioned it.
More information about the clue-tech
mailing list