Re: [exim] Am I Hacked?

Top Page
Delete this message
Reply to this message
Author: Rick Lutowski
Date:  
To: Heiko Schlittermann
CC: exim-users
Subject: Re: [exim] Am I Hacked?
Heiko Schlittermann wrote:
> Rick Lutowski <rick@???> (Do 04 Jan 2007 04:59:49 CET):
>>I should point out my server is locked down pretty tight as far
>>as remote access is concerned. I do not run ftp, telnet, or
>>any other remote access services. The only active net services
>>are exim and apache. If someone has gained access, it is most
>>likely via one of these two packages. I just did a full debian
>
>
> Not even SSH?


Not even ssh. There is no way for even me to log into
my own server remotely, except (I assume) to download
mail from exim -- which I have never tried remotely.

The only ssh on the server is the client associated with
my .xsession file. The server does run X.


> Some version information about the packages you mention and about the
> kernel could be helpful. (Even I do not know about weakness of some
> versions, but this could be found in the archives.)
>
> If mail.jreality.com is the mailserver in question, I'd guess, there's
> is some work to be done.


Yes, that is the mail server in question.
Appreciate any suggestions as to work that may need to be done.

>     mail.jreality.com:
>     Interesting ports on adsl-65-68-229-225.jreality.com (65.68.229.225):
>     PORT    STATE SERVICE   VERSION
>     9/tcp   open  discard?
>     13/tcp  open  daytime
>     25/tcp  open  smtp      Exim smtpd 3.36
>     37/tcp  open  time       (32 bits)
>     80/tcp  open  http      Apache httpd 1.3.33 ((Debian GNU/Linux))
>     98/tcp  open  linuxconf Linuxconf (Access denied)
>     110/tcp open  pop3      Qpopper pop3d 4.0.5
>     111/tcp open  rpcbind    2 (rpc #100000)
>     113/tcp open  ident     OpenBSD identd
>     Device type: general purpose
>     Running: Linux 2.1.X|2.2.X
>     OS details: Linux 2.1.19 - 2.2.25
>     Uptime 2.430 days (since Mon Jan  1 23:13:58 2007)
>     Service Info: Host: www.jreality.com; OS: OpenBSD


Curious as to how you got this list. What command?

--
Rick Lutowski, GRI, REALTOR
Greg Doering & Associates
Keller Williams Realty
rick@???
512-461-1456
I Reward Referrals