[plug] nasty spammer

[Jeff]

Its named not bind.
I had a server a year or so ago that was exploited by a program I can't
remember what it was called. It used bind to get root access and upload
its own program which started sending spam straight away.  The only
reason we found out was because they couldn't send e-mails to some
people because they were blacklisted.


On Wed, 2002-03-27 at 15:57, Bret Busby wrote:
    On 27 Mar 2002, Jeff wrote:
    
    > 
    > Your not running Redhat 6.2 with the original bind I hope.
    > 
    
    We are running RH 6.2, on our mail server. 
    
    ps -ax | grep 'bind' does not show that we have bind running. I assume
    that is the correct synatx, to determine whether bind is running.
    
    Postfix sends messages, from time to time, indicating that someone is
    trying to use us for relaying.
    
    Email addresses involved, in persistent attempts, include .sg and
    sg.co.nz.
    
    Information from the Singapore police, indicates that the spoofing has
    originated from the USA or Canada.
    
    The FBI seem to think that security breach attempts (no, I do not
    use the word "hacking", for this, Christian) in order to implement 
    unauthorised relaying, is acceptable practice, as the FBI does not regard
    the possible DoS attacks, and, possible viral email relaying, etc, as
    threats to the USA infrastucture. But then, the FBI probably uses Win 3x,
    for security...
    
    -- 
    Bret Busby
    ..............
    
    "So once you do know what the question actually is, 
     you'll know what the answer means."
     - Deep Thought, 
       Chapter 28 of The Hitchhiker's Guide to the Galaxy
     - Douglas Adams, 1988
    .......................................