View Single Post
  #1   (View Single Post)  
Old 6th June 2009
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default Dark Mailer dm.cgi

Having run Apache on a FreeBSD box since January 2002 with no serious hacks, I've recently been hacked by someone who installed Dark Mailer (dm.cgi) . . .what a pain in the "reverse lookup".

I've started this thread as a "place holder" for anyone who might have some experience dealing with this sort of thing.

FYI, here's a WikipediA link: http://en.wikipedia.org/wiki/Dark_Mailer

Apparently, the culprit hacked my FreeBSD userid and installed the Dark Mailer system in a cgi-bin directory. I confess . . .I was experimenting with making mysql available from a website and mysqld was running without a password for a day or two (my mistake). Also, I found some "apache" logs where I had inadvertently used my FreeBSD password rather than the password from .htpasswd regarding a webpage .htaccess passwd, and since the server is not running SSL, the passwd was very obvious. (We're going to step up to the plate and purcha$e the certification.)

I'm interested in suggestions regarding latest firewall technology, etc. to guard against this sort of hack.

Thanks,
RW
Reply With Quote