Forum OpenACS Q&A: Response to Security: Hacker sends Viruses

Collapse
Posted by S. Y. on

Concerning Red Hat: you can probably sign up on the appropriate mail lists at https://listman.redhat.com/mailman/listinfo/ (Redhat-announce-list or Redhat-watch-list) for security bulletins and update RedHat RPMs.

Some MTAs are vulnerable to certain hacks:

  • Execute arbitrary command: RCPT TO: |testing
  • Execute arbitrary command: MAIL FROM: |testing
  • Overwrite files: RCPT TO: /tmp/mail_test
  • Allow remote users to send mail anonymously by sending HELO commands longer than 1024 characters
  • Redirection: mail addressed to user@hostname1@victim will send to user@hostname1

The other classic MTA configuration snafu is to allow mail relaying.

I'm certainly no security expert, but one might start off by

  • Installing OpenSSH
  • Disabling inetd (rsh, rlogin, telnet, ftp, etc.) ASAP - shut it down and never let it start up again. Period.
  • Running the Nessus security scan on your system to find out the egregious security holes
  • Optional but highly recommended: replace your MTA with qmail

Webmin is not secure straight out of the box. There are notes on their website about using it with SSL. Of course, the secure Webmin point is moot if you have other security holes that let people have root access.

The best advice is having whoever is setting up your new secure server run a security sweep on the compromised box. Good luck.