| Eric at Lucii.org on 23 Feb 2012 15:37:34 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Hacked server - recovery |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm trying to recover an Ubuntu-based web server that was hacked. It was/is running a 2.x version of OpenRealty that contains more vulnerabilities than I could imagine. The hacker used it to send spam (no surprise.) I was in a hurry so to stop it I just did apt-get remove postfix. That worked in the same way that decapitation cures a headache. Now that I *believe* I've cleaned up the malicious code and I'd like to re-install and turn on postfix again. Before I do, is there a way to either throttle the email output (our expected output is a couple of emails a day from the contact form) OR fire off an alarm if there are more than <arbitrary low number> emails being sent in a single hour? Perhaps there is yet another alternative that I've not thought of? (So far, I've thought of: not re-installing Postfix, replacing the web site code, and moving to Tibet.) I don't have authorization to replace this code yet and my wife won't move to Tibet so that's out too... for now. Eric - -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9GzaMACgkQ2sGpvXQrZ/4jfQCeM5AbcAGoRObvPD7skRdMMA1+ ABAAnRP+aYzGoHEzvlQRQgA0lxmtAhB0 =8Pcn -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug