Forum OpenACS Q&A: Response to Security: Hacker sends Viruses
I discovered something on the latest submission
to our list. I set up the list so that I'm the only
one to get the messages.. This hack may not
need shell or root access. It may be a majordomo
hole... All the messages sent appear to come from
"owner-..." So perhaps they hacked the list password...
Anywhay here is part of the header.
Can I assume he/she is using a compaq and connected
using 18.104.22.168 I did a lookup:
Central Telephone Co. in LittleRock AR USA.
Am I on the right track?
Delivered-To: rocon-rocnet:firstname.lastname@example.org From: email@example.com Received: from compaq ([22.214.171.124]) by www.greatestnetworker.com (8.9.3/8.9.3) with SMTP id RAA00783 for
; Tue, 6 Feb 2001 17:08:03 -0500 Date: Tue, 6 Feb 2001 17:08:03 -0500 Message-Id: <200102062208.RAA00783@www.greatestnetworker.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VEXAFWTYJCTE7WTAB" Subject: [The Bulletin:07] Message for thebulletin Sender: firstname.lastname@example.org Precedence: bulk Reply-To: email@example.com X-UIDL: 3Y`!!'