Forum OpenACS Q&A: Response to Security: Hacker sends Viruses

Collapse
Posted by MaineBob OConnor on

I discovered something on the latest submission to our list. I set up the list so that I'm the only one to get the messages.. This hack may not need shell or root access. It may be a majordomo hole... All the messages sent appear to come from "owner-..." So perhaps they hacked the list password... Anywhay here is part of the header. Can I assume he/she is using a compaq and connected using 162.39.57.35 I did a lookup: Central Telephone Co. in LittleRock AR USA. Am I on the right track?
-Bob

Delivered-To: rocon-rocnet:com-zzztgn@rocnet.com
From: owner-thebulletin@greatestnetworker.com
Received: from compaq ([162.39.57.35])
by www.greatestnetworker.com (8.9.3/8.9.3) with SMTP id RAA00783
for ; Tue, 6 Feb 2001 17:08:03 -0500

Date: Tue, 6 Feb 2001 17:08:03 -0500
Message-Id: <200102062208.RAA00783@www.greatestnetworker.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEXAFWTYJCTE7WTAB"
Subject: [The Bulletin:07] Message for thebulletin
Sender: owner-thebulletin@greatestnetworker.com
Precedence: bulk
Reply-To: owner-thebulletin@greatestnetworker.com
X-UIDL: 3Y`!!'