Damian Mihai Liviu wrote:
On Thursday 08 December 2005 18:05, michael@interobj.com wrote:
Please help!. I am a newbie in the UNIX world and I am assigned to maintain a Suse Linux Professional 7.3 box which hosts our company mail server and website. I came to find out that it seem we have been hacked, this box is exploited and emails are being sent to outside world without our knowledge, can someone tell me where I can find security patches for this version if suse. First of all unplug the ethernet or whatever type of cable are you using from your computer. You won't find security updates for that version because it's toooooooo old. I recommend you to upgrade your box to a newer version, eventually buy it and you'll have support from Novell.
Cheers,
Even better, reinstall. Best, get a professional with decent training and experience of Linux, You've already seen what hapens when (with all due respect) a know-nothing looks after the system. There are good ways to learn too be a good system administrator; maintaining a front-line machine subject to attack a this one seems to be is not one of them. Probably, but not necessarily, the system was rooted through a bad password (Probabluy root's, as that's the easiest way in). Mail users don't need working shell accounts. Having mail users with common names (sue, john, terry, mike and such), poor passwords and shell accounts is an open invitation. Someone entering by such a door doesn't need to take over the system, they can scan other systems and send email from ordinary user accounts.