|
|||
Dark Mailer dm.cgi
Having run Apache on a FreeBSD box since January 2002 with no serious hacks, I've recently been hacked by someone who installed Dark Mailer (dm.cgi) . . .what a pain in the "reverse lookup".
I've started this thread as a "place holder" for anyone who might have some experience dealing with this sort of thing. FYI, here's a WikipediA link: http://en.wikipedia.org/wiki/Dark_Mailer Apparently, the culprit hacked my FreeBSD userid and installed the Dark Mailer system in a cgi-bin directory. I confess . . .I was experimenting with making mysql available from a website and mysqld was running without a password for a day or two (my mistake). Also, I found some "apache" logs where I had inadvertently used my FreeBSD password rather than the password from .htpasswd regarding a webpage .htaccess passwd, and since the server is not running SSL, the passwd was very obvious. (We're going to step up to the plate and purcha$e the certification.) I'm interested in suggestions regarding latest firewall technology, etc. to guard against this sort of hack. Thanks, RW |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Your favourite mailer | graudeejs | General software and network | 25 | 4th August 2008 10:28 AM |