newbie with www user security problem
Ken Hawkins
ken at rosewoodblues.com
Thu Aug 11 13:32:26 GMT 2005
many, MANY apologies up front if i have sent this to the wrong place!
I am inherently a software engineer who now gets to monitor a mail
server (don't ask). anyway i get an email message that alerts me from
a user that we have been hacked by a spammer and the mail message
header is:
------------- Forwarded message follows -------------
X-Auth-No:
Return-Path: <web1.prosoundweb.com!www>
Received: from web1.prosoundweb.com [64.73.50.193] by compudox.com
with Novonyx SMTP Server $Revision: 2.75.1.9 $; Wed, 10 Aug
2005
14:25:40 -0700 (PDT)
Received: from web1.prosoundweb.com (localhost.prosoundweb.com
[127.0.0.1])
by web1.prosoundweb.com (8.13.3/8.13.3) with ESMTP id
j7AJiZZF016410;
Wed, 10 Aug 2005 14:47:04 -0500 (CDT)
(envelope-from www at web1.prosoundweb.com)
Received: (from www at localhost)
by web1.prosoundweb.com (8.13.3/8.13.3/Submit) id
j7AINncm031958;
Wed, 10 Aug 2005 13:23:49 -0500 (CDT)
(envelope-from www)
To: webmaster at prosoundweb.com
Subject: All warez and porno in one place
Reply-to: webmaster at prosoundweb.com
From: webmaster at prosoundweb.com
Message-ID: <fe61f25929ecaf805cb30bb1beba7dc5 at srforum.prosoundweb.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Wed, 10 Aug 2005 13:23:49 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - srforum.prosoundweb.com
X-AntiAbuse: User_id - 2
X-AntiAbuse: Username - admin
X-AntiAbuse: User IP - 62.105.6.113
it appears that someone has hacked the www password. at least i
think, and here is where the questions start....
am i correct in thinking that someone has hacked the www password and
has used the phpBB2 functionality (forum nightmare) to send spam mail
out?
what can i do about it other than have the www password changed? if i
change it will this action at least deter the spammer? what else will
this affect by changing the password?
can anyone shoot me a URL / example / explanation of how to button up
this hole?
THANK YOU, THANK YOU, THANK YOU in advance!
ken;
More information about the freebsd-security
mailing list