Eric at on 23 Feb 2012 15:37:34 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Hacked server - recovery

Hash: SHA1

I'm trying to recover an Ubuntu-based web server that was hacked.
It was/is running a 2.x version of OpenRealty that contains more
vulnerabilities than I could imagine.

The hacker used it to send spam (no surprise.)  I was in a hurry
so to stop it I just did apt-get remove postfix.  That worked in
the same way that decapitation cures a headache.

Now that I *believe* I've cleaned up the malicious code and I'd
like to re-install and turn on postfix again.  Before I do, is
there a way to either throttle the email output (our expected
output is a couple of emails a day from the contact form) OR fire
off an alarm if there are more than <arbitrary low number> emails
being sent in a single hour?  Perhaps there is yet another
alternative that I've not thought of?  (So far, I've thought of:
not re-installing Postfix, replacing the web site code, and moving
to Tibet.)  I don't have authorization to replace this code yet
and my wife won't move to Tibet so that's out too... for now.

- -- 
#  Eric Lucas
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --