Suse Linux Professional 7.3 support
Please help!. I am a newbie in the UNIX world and I am assigned to maintain a Suse Linux Professional 7.3 box which hosts our company mail server and website. I came to find out that it seem we have been hacked, this box is exploited and emails are being sent to outside world without our knowledge, can someone tell me where I can find security patches for this version if suse. Thanks in advance Michael
On Thursday 08 December 2005 18:05, michael@interobj.com wrote:
Please help!. I am a newbie in the UNIX world and I am assigned to maintain a Suse Linux Professional 7.3 box which hosts our company mail server and website. I came to find out that it seem we have been hacked, this box is exploited and emails are being sent to outside world without our knowledge, can someone tell me where I can find security patches for this version if suse. First of all unplug the ethernet or whatever type of cable are you using from your computer. You won't find security updates for that version because it's toooooooo old. I recommend you to upgrade your box to a newer version, eventually buy it and you'll have support from Novell.
Cheers, -- Damian Mihai Liviu Mobile: +40 741 226993; Fax: +1 347-632-4117 Phone : +1 360-526-6441; +1 347-632-4117; +44 0870-3403339 URL: http://liviudm.blogspot.com
Damian Mihai Liviu wrote:
On Thursday 08 December 2005 18:05, michael@interobj.com wrote:
Please help!. I am a newbie in the UNIX world and I am assigned to maintain a Suse Linux Professional 7.3 box which hosts our company mail server and website. I came to find out that it seem we have been hacked, this box is exploited and emails are being sent to outside world without our knowledge, can someone tell me where I can find security patches for this version if suse. First of all unplug the ethernet or whatever type of cable are you using from your computer. You won't find security updates for that version because it's toooooooo old. I recommend you to upgrade your box to a newer version, eventually buy it and you'll have support from Novell.
Cheers,
Even better, reinstall. Best, get a professional with decent training and experience of Linux, You've already seen what hapens when (with all due respect) a know-nothing looks after the system. There are good ways to learn too be a good system administrator; maintaining a front-line machine subject to attack a this one seems to be is not one of them. Probably, but not necessarily, the system was rooted through a bad password (Probabluy root's, as that's the easiest way in). Mail users don't need working shell accounts. Having mail users with common names (sue, john, terry, mike and such), poor passwords and shell accounts is an open invitation. Someone entering by such a door doesn't need to take over the system, they can scan other systems and send email from ordinary user accounts.
On Thursday 08 December 2005 12:05, michael@interobj.com wrote:
Please help!. I am a newbie in the UNIX world and I am assigned to maintain a Suse Linux Professional 7.3 box which hosts our company mail server and website. I came to find out that it seem we have been hacked, this box is exploited and emails are being sent to outside world without our knowledge, can someone tell me where I can find security patches for this version if suse.
Are you sure the box was hacked an not just setup as a relay? If you don't properly configure postfix (I think that's what the mail daemon is called), it will act as a relay. What this means, is that people can point to your server as the mail server to send there emails. Read up on your mail server daemon (again, I think it's postfix) and turn off the relay option. Also, look into the iptables (firewall) documentation and block outside IPs from using port 25 (SMTP) - if you are using SMTP. After all that is done, start the process (research, downtime estimation, etc.) of how that server should be upgraded. Welcome to the SysAdmin world! Alvin -- Please reply to the mailing list.
participants (4)
-
Alvin Beach -
Damian Mihai Liviu -
John Summerfield -
michael@interobj.com