BigMoneyJim
Thinks s/he gets paid by the post
Man, now my home server got pwned. Less than a month ago my main web server got pwned. Both were enlisted to send out spam email after getting hacked.
Both of these have been on the 'net for months or years without getting compromised. If you have a server, update it and check it out. And check your outgoing mail logs. My first server crashed...possibly as a result of my host's antispam guards. My home server was using the hard drive more than normal, and then I discovered it's sending out email as fast as it can.
I just rebuilt a server, now I get to do it again. (Once one is compromised you can't trust it.)
Techie info: I think my first server was compromised via an older version of xmlrpc.php in the web root. (I don't even use that thing...well at least somebody made good use of it. ) An early guess for my second hacked server is that somebody spoofed the DNS of it and intercepted an unencrypted mail password from my mail client. (The imap server only talks to the local LAN, so I didn't have it encrypted...didn't think about spoofing the DNS so my client volunteers my password.)
Oh well, live and learn. Time to change all my passwords and make sure my mail password doesn't match my ssh password and root password. And I'll encrypt even the local traffic from now on.
Both of these have been on the 'net for months or years without getting compromised. If you have a server, update it and check it out. And check your outgoing mail logs. My first server crashed...possibly as a result of my host's antispam guards. My home server was using the hard drive more than normal, and then I discovered it's sending out email as fast as it can.
I just rebuilt a server, now I get to do it again. (Once one is compromised you can't trust it.)
Techie info: I think my first server was compromised via an older version of xmlrpc.php in the web root. (I don't even use that thing...well at least somebody made good use of it. ) An early guess for my second hacked server is that somebody spoofed the DNS of it and intercepted an unencrypted mail password from my mail client. (The imap server only talks to the local LAN, so I didn't have it encrypted...didn't think about spoofing the DNS so my client volunteers my password.)
Oh well, live and learn. Time to change all my passwords and make sure my mail password doesn't match my ssh password and root password. And I'll encrypt even the local traffic from now on.