On Thursday, December 18th, 2025 at 3:59 AM, r.barclay--- via Postfix-users <[email protected]> wrote:
> > > Hello, > > > Perhaps I am missing something, but what exactly leads you to believe > > that there actually was a hacking event, let alone the event related to > > a specific perpetrator? > > > I thought the same. > > The thread starter mentioned AlmaLinux: I already had the issue on RHEL based > platforms that hand-crafted config files were reset / regenerated by system > updates to defaults. Which, of course, made services stop working. You might > escpecially want to watch out for files with .rpmsave (and maybe .rpmnew) > suffix. It seems RPM package maintainers have to manually apply special rules > to files to prevent the updates from overwriting newer, user-edited config > files: "%config(noreplace)" Even marking them as "%config" seems to be > insufficient. > > If your system was hacked, you'd probably have other problems as well than > just config files losing manual changes. E.g. installed crypto miner, new > open ports, outgoing connections to C&C botnet servers, data encryption in > case of ransomware, ... > > Yours, > Reg I don't think the problem is specific to RHEL and RHEL derivatives. But I am extremely convinced that I have been hacked by Advanced Persistent Threat (APT) hackers. They have been "pranking" me for the past 18 years since 2007. Regards, Mr. Turritopsis Dohrnii Teo En Ming Extremely Democratic People's Republic of Singapore 19 Dec 2025 Friday 11.30 am Singapore Time _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
