Hello,
Perhaps I am missing something, but what exactly leads you to believe
that there actually was a hacking event, let alone the event related to
a specific perpetrator?
Looks like pretty big trouble and effort for them to go into, for such a
small prank without obvious payback.
Might the configuration changes be caused by some misconfiguration
and/or incorrect update and/or defaults reset caused by either your
system or your hosting provider?
But, of course, is is a good idea to check and update the passwords etc,
anyway.
Best regards
Eugene
On 17.12.2025 10:58, Turritopsis Dohrnii Teo En Ming via Postfix-users
wrote:
Subject: Advanced Persistent Threat (APT) hackers had hacked into my Virtualmin
Linux Virtual Private Server (VPS) on 15 Dec 2025 Monday around noon time
Good day from Singapore,
Today 17 Dec 2025 Wednesday around 12.30 PM, I was trying to use GMail (Google Mail) to
send email to my email accounts hosted in Virtualmin Linux Virtual Private Server (VPS)
(aka web hosting control panel). GMail reported the error "554 5.7.1 Relay access
denied". Which means all of my email accounts hosted in Virtualmin Linux VPS could
no longer receive emails.
Advanced Persistent Threat (APT) hackers must have hacked into my Virtualmin
Linux VPS and changed my server configuration.
Webmin version: 2.520
Virtualmin version: 7.50.0 GPL
Operating system: AlmaLinux 9.6
Usermin version: 2.420
Authentic theme version: 25.20
Linux Kernel and CPU: Linux 5.14.0-570.51.1.el9_6.x86_64 on x86_64
When I logged in to Roundcube Webmail, I noticed that I had stopped receiving
emails with the email accounts hosted in Virtualmin Linux VPS since 15 Dec 2025
Monday around 12 noon Singapore Time.
When I checked /var/log/maillog in Virtualmin Linux VPS, I observed that I had started
getting "554 5.7.1 Relay access denied" errors since 15 Dec 2025 Monday around
12.28 PM (for my email accounts hosted in Virtualmin Linux VPS).
Advanced Persistent Threat (APT) hackers must have hacked into my Virtualmin
Linux VPS and changed my server configuration.
When I checked /etc/postfix/main.cf on my Virtualmin Linux VPS, Advanced
Persistent Threat (APT) hackers had changed the following line to:
mydestination = $myhostname, localhost.$mydomain, localhost,
ns1.turritopsis-dohrnii-teo-en-ming.com
I had to change the above line back to:
mydestination = $myhostname, localhost.$mydomain, localhost,
ns1.turritopsis-dohrnii-teo-en-ming.com, teo-en-ming.com, teo-en-ming-corp.com
And then restart Postfix daemon/service (systemctl restart postfix).
For Virtual Server teo-en-ming-corp.com in Virtualmin Linux VPS:
Advanced Persistent Threat (APT) hackers had changed my email account user's
Login access to Database, FTP and SSH. I had to change it back to Database,
Email, FTP and SSH.
Advanced Persistent Threat (APT) hackers had also changed "Primary email address
enabled" to No. I had to change it back to Yes.
For Virtual Server teo-en-ming.com in Virtualmin Linux VPS:
Advanced Persistent Threat (APT) hackers had changed my email account user's
Login access to FTP and SSH. I had to change it back to Email, FTP and SSH.
Advanced Persistent Threat (APT) hackers had also changed "Primary email address
enabled" to No. I had to change it back to Yes.
After making all of the above changes, I am able to start receiving emails with
my email accounts hosted in Virtualmin Linux VPS since 1.15 PM today 17 Dec
2025 Wednesday.
When I checked OpenSSH server logins and Virtualmin logins, only public IPv4
addresses belonging to me were present. There were no traces of Advanced
Persistent Threat (APT) hackers gaining unauthorized entry into my Virtualmin
Linux VPS at all. Of course, if they are Advanced Persistent Threat (APT)
hackers, they must be very smart and intelligent (their intelligence quotient
IQ sure way above me) to remove all traces of their unauthorized intrusions
into my Virtualmin Linux VPS.
How can I make a request to Advanced Persistent Threat (APT) hackers so that
they will stop playing pranks on my Android (Linux) phones, home desktop
computer, laptops, Virtualmin and Webmin Linux servers and other various
numerous online accounts not secured with 2FA / MFA?
Please advise.
Thank you very much.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
17 Dec 2025 Wednesday 3.50 PM Singapore Time
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
