Find the answer to your Linux question:
Results 1 to 6 of 6
Hopefully, someone can help me or direct me to help. I am running Redhat 8.0 with Domino Server software and using Lotus Notes Email. My server has what seems like ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2004
    Location
    Dallas, TX
    Posts
    1

    Redhat 8.0 - hacker???


    Hopefully, someone can help me or direct me to help. I am running Redhat 8.0 with Domino Server software and using Lotus Notes Email. My server has what seems like two problems. I called Redhat and they don' t provide support for my version anymore.

    Here's what is happening:

    1. One time only - I shut down the Domino application using 'quit' and the screen went blank then came up all blue but with a continuous stream of black writing which was like prose - eg. LBJ, LBJ, please take me up and away.... nothing nasty that I saw before I shut it down by using the power button.

    2. It appears that someone is using my computer to send out emails. When I watch the screen there is one email after another being sent - not by me. I have been afraid to turn on the server until I know if it is OK. I talked with Internet America and they said it sounds like someone has hacked into my computer.

    If anyone can give me advice, I would appreciate it. I live in the Oak Lawn area of Dallas and am pretty good at following instructions, but not a programmer myself. I can be reached by phone or by using this yahoo address.

    Thank you in advance for any help you can give.

    Regards,


  2. #2
    Linux Newbie
    Join Date
    Oct 2004
    Location
    B'ham Alabama
    Posts
    240
    Well First, Do you have a proxy server? A da** good firewall? If not do it ASAP! What tools do you have in place? Run a port scan and see were it is comen' from and shut it down. Run a virus scan. Secure your computer as good as you can. Shut down services that you do not need.

  3. #3
    Linux Guru lakerdonald's Avatar
    Join Date
    Jun 2004
    Location
    St. Petersburg, FL
    Posts
    5,035
    why don't you pull the plug on the sendmail daemon, and close the port that it appears he has logged in on?
    do you have any idea what IP he could be coming from?

  4. #4
    Linux Newbie
    Join Date
    Oct 2004
    Location
    B'ham Alabama
    Posts
    240
    Also patch your system. RH 8.0 is OLD! Use a better distro if needed. I use White Box foe example. It is a lot like RHE.

  5. #5
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    I'd be curious to see some logs. If you open a terminal and go to
    /var/log
    tail -100 maillog
    then open another terminal
    /var/log
    tail -100 messages
    then open another terminal
    /var/log
    tail -100 secure
    If the hacker wasn't very good you can probably find his IP address in one of the bottom two.
    The first one you can check for open relay and I would start and access file in /etc/mail/access
    You only want to give access to your domain to relay mail. If you were truly hacked though I would re-install and tighten up security.

    good luck
    Mike
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  6. #6
    Banned
    Join Date
    Nov 2004
    Location
    Belgium
    Posts
    1,120
    You should indeed update your system(RH8 was little buggy "out of the box").
    DAG still supports 8.0:
    http://dag.wieers.com/home-made/apt/
    It also has a firewall and many security updates.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •