On Friday 01 July 2005 09:10 am, Jacob S wrote: > > [Note: hacking is what knowledgeable sys-admins do when they can't find > a program that perfectly meets their need. Cracking is what bad guys do > to break into your server. Hacking is good, cracking is bad.] > > Are you sure it got hacked or did you have exim4 setup as an open relay? > An open relay is much easier to fix than a cracked server. > > To have your server tested to see if it is an open relay and have the > results e-mailed to you, go to www.ordb.org. > > If your server was really cracked, you are best doing a full re-install. > But first, you might try to analyze how they got in and what they used > to gain root (or if they even got root). Run chkrootkit to see what > it can find and maybe use a Fire[1] cd to do some forensics on the > server. Then make sure you are using the latest versions of all of your > packages and setup an iptables firewall on the machine. > > As an aside, I sometimes wonder if Nationwide would even notice that you > got cracked. August's service has gone down quite a bit since they were > bought out. :-( I really appreciate the info: It will help me figure this out. I have been running exim4 as my mta with no pop3 & using it only for intranet mail . I now NEED to be able to handle business mail for a new business that I have started. BTW: Your the first person I have run into in 6 years thats serviced by August.net. Your absolutely correct about the drop in service level since they were bought out. I am currently badgering Verizon to get the new fiber optic link up & running that they just installed behind my house so I can get rid of Nationwide. If I wanted "big company" service I would have gone with them in the first place, so since that's what I'm getting now I might as well get the best..... > > HTH, > Jacob > > [1] http://fire.dmzs.com/
-- John Foster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]