Bob Brennan writes:
Sorry for the brevity here but I woke this morning to find my mailserver sending 1000+ rejected email notices to postmaster@, and it was increasing by the minute. I have shut down Sendmail and am removing all relay permissions (I hope) but have a few issues that need to be resolved quickly before going back online - knowing the spammer will be retrying and my legitimate users are losing services.
If you don't know how your server was compromised, you must reformat the hard drive and reinstall from scratch.
The attacker has probably left a back door by which the attacker can gain access and seize control of your server again, at will.
Attachment:
pgpDW3VPrDwjO.pgp
Description: PGP signature
