Jump to content
Stan

Email

Recommended Posts

We are currently investigating an attack on our server. We got complaints of several people that have never heard of us or our site and from our ISP.

Failure to resolve this issue from our side will result in a shutdown of Emergency-planet by our ISP. Results of the investigation will be forwarded to American authorities.

More details will be released soon. At this time we can guarantee no email addresses where stolen as we only got used to send out bulk spam.

Link to comment
Share on other sites

Update:

I informed the provider of the possible reason this happened. I am still checking the system to close every psosible way they came in. At this time i was able to stop delivery of 700000 emails by cutting the connection.

As soon we exactly know what has happened, full details will be posted

Link to comment
Share on other sites

Update: Wrong reason, issue still persistent

After removing 700k emails in queue and checking back 10minute later i found out 32k new emails where added to the queue

New registrations will be shutdown until resolved since I took the mailserver down

Link to comment
Share on other sites

Is it going through the IPB or an external source? You may want to do a quick sweep of the FTP for unknown files that have been added to the server and obviously password changes to your cPanel.

Link to comment
Share on other sites

ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guy

Link to comment
Share on other sites

ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guy

They aren't as proactive as you might think when it comes to spam, it gets put on a very long to do list by FBI's cyber security division to be handled when they get to it. Only the really big stuff gets any attention these days.

Link to comment
Share on other sites

Dakota it's not coming from IPB, the mails are send out from the user www-data. This makes www-data@srv1.ictwereld which is quite strange because this user has not even right to login.

My guess is they uploaded a file and got that file to auto-run the second issue is...i can't fine that file anywhere.

However, a few hours after I disabled the main site and removed two websites from the server the queue began fill slower then first and then it stopped, now the thing I am currently wondering about it....whas it that? Or did the attack just end?

But i got a mail tonight...

Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present
in the rkhunter.dat file.
Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not
present in the rkhunter.dat file.
Warning: Suspicious file types found in /dev:
/dev/shm/7gbhujb54g8z9hu43jre8: data

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

Link to comment
Share on other sites

Those people gonna get busted lol

Yeah...... right...keep thinking that.

i had a quick glance over but that really freaks me out the numbers,states,all the names i hope the FBI get this guy they'll surly treat this as a terror threat wont they?

I would highly doubt it. If, big if, they catch the suspect, I suspect they could throw it under some sort of bs terrosit litegation given the sumarized statments I managed to find from a quick google.

Is it going through the IPB or an external source? You may want to do a quick sweep of the FTP for unknown files that have been added to the server and obviously password changes to your cPanel.

cPanel=rip off. Webmin is not quite as user friendly but it is FOSS. Plus cPanel usually does not come with dedicaited servers or VPSes.

They aren't as proactive as you might think when it comes to spam, it gets put on a very long to do list by FBI's cyber security division to be handled when they get to it. Only the really big stuff gets any attention these days.

Well said. Very well said Dakota.

Meh wrong thread. My bad. So I will just add this, this is what happens when you neglect updates to your source code. This is why every web site needs a technical adminidtrator/owner that can devote enough time to keep things up to date.

Link to comment
Share on other sites



×
×
  • Create New...