Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Help! I've been hacked!
« previous next »
Pages: [1]   Go Down

Help! I've been hacked!

  • 5 Replies
  • 2743 Views

Offline zook

  • 4
  • +0/-0
Help! I've been hacked!
« on: May 06, 2005, 04:01:24 PM »
I've been using sme-server since version 4, and am currently on 6.01-01.  Even though I've been using if for a while, my technical expertise is not that great - I still consider myself a newbie.

With that being said, it appears that someone has hacked into our system.  We currently have 41,000 messages in the mail queue.  I have turned off PPTP access and remote access to email.  My question is, can I get to these messages in the queue and delete them?

Thanks in advance for you help.
Logged

cc_skavenger

Help! I've been hacked!
« Reply #1 on: May 06, 2005, 09:04:01 PM »
hacked or does one of your workstations have a virus?
Logged

Offline jackl

  • ***
  • 136
  • +0/-0
Help! I've been hacked!
« Reply #2 on: May 06, 2005, 09:40:33 PM »
My bet is Marco is right, there is an rpm to manage mailQ at

http://no.longer.valid/mylinks/singlelink.php?cid=81&lid=294

Regards
Jack
Logged
......

Offline zook

  • 4
  • +0/-0
Help! I've been hacked!
« Reply #3 on: May 06, 2005, 10:15:09 PM »
Thanks for the replies.  As it turns out, you're right.  One of my machines had WORM_SOBER.S

What a PITA!  I've wasted the whole day.

Thanks again.
Logged

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Help! I've been hacked!
« Reply #4 on: May 07, 2005, 03:37:04 AM »
zook

> I have turned off PPTP access and remote access to email.

Are you using remote access to pop ?
It is not secure.
You should only use https webmail or secure pop/smtp using Damiens contrib.

Is the smtp proxy still enabled ie did you disable it to allow direct access to external pop accounts from workstations ?
If enabled it will prevent viruses from sending messages directly to the Internet as they must go through your smtp server, that maybe is what happened.

Do you have "pattern matching" configured (?) as you will get very few infected email attachments if you are using it.

Also do you have Jesers antivirus filter installed and configured to scan incoming as well as outgoing messages (as an additional layer of virus protection) ?

Do you have RBL lists enabled & configured (?), they will also reject a lot of virus infected messages as a side product of their usage.

Do you have regularly updated virus scanner on your workstations running daily scans eg AVG or similar (?), at least if configured to scan outgoing messages will add additional layer of virus security to stop the spread of infected messages.

Just thought the above suggestions might be of use now that you have had the pain of tracking down a nasty workstation infection ie NEVER AGAIN !
Logged
...

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Help! I've been hacked!
« Reply #5 on: May 07, 2005, 03:53:26 PM »
Quote from: "zook"
Thanks for the replies.  As it turns out, you're right.  One of my machines had WORM_SOBER.S


Please edit the subject of your original post - "I've been hacked" was never accurate, and is misleading. :-)
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Help! I've been hacked!