Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: bruce on December 22, 2006, 04:29:24 PM

Title: Outbound email flooding
Post by: bruce on December 22, 2006, 04:29:24 PM

About a year ago my SME 6.x server was hacked, and I had to reinstall everything. When I installed 7.0 (about 6 months ago) it looked like everything was working great. Today, I have the same problem. Horrific outbound email to hundreds of unknown addresses, eating up all outbound bandwidth.

I'm not a major unix/linux guy, and have no idea where to begin researching this issue. All the traffic is queued up on the server, none is from any of the known users, and everyone is detached.

Title: Re: Outbound email flooding
Post by: CharlieBrady on December 22, 2006, 05:14:39 PM

Quote from: "bruce"

I'm not a major unix/linux guy, and have no idea where to begin researching this issue.

I'd advise you to hire someone who does have that competence to help you out.

If you have not installed any web applications (blogs, CMS, web forms, etc), then you should contac t security@contribs.org so that they can investigate the compromise which you think has occurred. If you have installed a web application, an insecurity in it is likely the cause of your problem.

Title: May have found
Post by: bruce on December 22, 2006, 05:51:03 PM

Charlie,

Long time to email. I am using a CMS Portal (Mambo) for my site. I checked out their forum while waiting for your reply and did find that there is a phpmailer problem that is part of PHP, not Mambo specifically. The solution exists at http://forum.mamboserver.com/showthread.php?t=67706&highlight=email+exploit
.

Best to you this holiday season!

Bruce