SLUG Mailing List Archives - [SLUG] Re: slug Digest, Vol 29, Issue 7

To: slug@xxxxxxxxxxx
Subject: [SLUG] Re: slug Digest, Vol 29, Issue 7
From: "Darryl Barlow" <dgbarlow@xxxxxxxxx>
Date: Tue, 3 Jun 2008 16:17:18 +1000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=sysKx7Y3odiIWyZkNcI5YOy64IB3QVYMmFJuafYd+5E=; b=ctNK+TJqXlfh1vtG8jMQSeJ0vHw8JNY5sX9D1Aaw/cG0aDWxmmBpVwpTaabDbo0tJrne7KavBN0c/cfIWfACkgGwNJ256JckNmwK2ADu0IalBmDBnpvmeQTKh2wF44QsEqQB5GAJ+ukzKo235GWdiCPYvd1t3SaJrV064fTuPTY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=AVWJzPrPHCnLmVZURSD8Kuy8MUwkFXSLrfi0+HHsJ3fB76AB/Ma13+u9vHOAii19ZHFK0XprcPSMkqZILlr1dPYNE55ywrC3CzvDsAi7jcT8ZlnY3W9LYFvMg8O8kBT/5t1qIRsqoEFMXjHtRQGDnvsAsv0/zRVEJCtfyV3V0D0=

Hi Daniel,

In my case I don't think I experienced the problem that David refers to.
When I subsequently reviewed the logs the brute force attack was quite
apparent.  It was my own fault as an amateur and not too experienced
part-time administrator.

I too have never heard of embedded malware in SME Server.  It suggests a
major compromise of at least one mirror site and perhaps even the project
itself, at least at the relevant time.  David, if you do happen to have some
details it would be nice to know that the problem had been identified and
resolved, even if it was some time ago.  In the meantime, I have found SME
Server to be excellent and at this moment am trying to persuade a colleague
to install this instead of the expensive and unnecessary Windows Server he
has been told he now needs.  He will not only save on hardware and software
costs, but also on his very expensive web hosting and his maildaemon annual
licence.

>
> ---------- Forwarded message ----------
> From: Daniel Pittman <daniel@xxxxxxxxxxxx>
> To: slug@xxxxxxxxxxx
> Date: Tue, 03 Jun 2008 10:49:54 +1000
> Subject: Re: [SLUG] Re: slug Digest, Vol 29, Issue 5
> david.lyon@xxxxxxxxxxx writes:
> > Quoting Darryl Barlow <dgbarlow@xxxxxxxxx>:
> >
> >> I had the pleasure some years ago of a cracker gaining access to a Linux
> box
> >> on my work Network running SME Server.
> >
> >> I still do
> >> not know how the attacker located the machine.  I presume it was
> probably
> >> through a port scan .....
> >
> > I have seen the same thing with other installs of SME Server. The
> > machines I saw it on were properly firewalled and not even visible.
> >
> > People I know have come to the conclusion that it was software already
> > embedded within the system at distribution. It got activated in idle
> > time. It was doing spam mass mailing.
>
> Which release of SME Server was this?  Having done some auditing, and
> worked with customers who ran SME Server systems for some years without
> incident -- but only on older versions -- I am surprised at this claim.
>
> Do you have any supporting evidence for that?  Alternately, did the
> folks you know write this up anywhere?
>
> Regards,
>        Daniel
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>

Messages sorted by: [ date | thread ]
Prev by Date: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
Next by Date: [SLUG] Answer Found - RE:Ubuntu drive designations (Re: update to Hardy)
Previous by thread: Re: [SLUG] Spider a website
Next by thread: [SLUG] Answer Found - RE:Ubuntu drive designations (Re: update to Hardy)