Forum OpenACS Q&A: Response to Security: Hacker sends Viruses

Posted by MaineBob OConnor on

I discovered something on the latest submission to our list. I set up the list so that I'm the only one to get the messages.. This hack may not need shell or root access. It may be a majordomo hole... All the messages sent appear to come from "owner-..." So perhaps they hacked the list password... Anywhay here is part of the header. Can I assume he/she is using a compaq and connected using I did a lookup: Central Telephone Co. in LittleRock AR USA. Am I on the right track?

Received: from compaq ([])
by (8.9.3/8.9.3) with SMTP id RAA00783
for ; Tue, 6 Feb 2001 17:08:03 -0500

Date: Tue, 6 Feb 2001 17:08:03 -0500
Message-Id: <>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEXAFWTYJCTE7WTAB"
Subject: [The Bulletin:07] Message for thebulletin
Precedence: bulk
X-UIDL: 3Y`!!'