Re: [exim] just been hacked, could be CVE-2019-10149?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJan Ingvoldstad at <-
MCalum Mackay at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] just been hacked, could be CVE-2019-10149?
Am 11.06.19 um 19:34 schrieb Calum Mackay via Exim-users:
> I'm still catching up, but…
>
> On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote:
>> Why didn't you harden your exim with the "allowed chars" change we
>> posted here on the list, or did you?
>
> Is that still necessary/advised, now I'm running 4.92?


rm -rf /
reboot from usb drive
reinstall modern ShortCycle OSes like Fedora

Why?

Because your server got hacked with root access and you have no idea
what the attacker did, what you did not find.
Attackers can change your logfiles to remove or correct theire
activities as they like, install Hypervisor Rootkits etc. etc.

Trust a it forensics guys, you can only be sure if you cold start the
server and boot from a trustworthy medium
to forensic a system.


best regards,
Marius




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] just been hacked, could be CVE-2019-10149?Re: [exim] exim and utf8->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)