Tom Haines on 23 Feb 2012 15:42:48 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
[PLUG] Hacked server - recovery |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm trying to recover an Ubuntu-based web server that was hacked.
It was/is running a 2.x version of OpenRealty that contains more
vulnerabilities than I could imagine.
The hacker used it to send spam (no surprise.) I was in a hurry
so to stop it I just did apt-get remove postfix. That worked in
the same way that decapitation cures a headache.
Now that I *believe* I've cleaned up the malicious code and I'd
like to re-install and turn on postfix again. Before I do, is
there a way to either throttle the email output (our expected
output is a couple of emails a day from the contact form) OR fire
off an alarm if there are more than <arbitrary low number> emails
being sent in a single hour? Perhaps there is yet another
alternative that I've not thought of? (So far, I've thought of:
not re-installing Postfix, replacing the web site code, and moving
to Tibet.) I don't have authorization to replace this code yet
and my wife won't move to Tibet so that's out too... for now.
Eric
- --
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9GzaMACgkQ2sGpvXQrZ/4jfQCeM5AbcAGoRObvPD7skRdMMA1+
ABAAnRP+aYzGoHEzvlQRQgA0lxmtAhB0
=8Pcn
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug