[BlueOnyx:01841] Re: Second Server Hacked

[Steve Davis]

I beleive I have may found the hole, but not completely certain. 

I setup two server admins, one for myself and one for another user. That second server admin had the same password for each server. That security no-no _must_ have been the hackers way in.

It just makes sense that two servers, compromised to become an open mail relay, are not coincidental. And that the hackers know that password, were able to install some kind of code, be it a script, web site, some thing, and was able to compromise both servers, and some how back out of the system, erasing their tracks on the way.

The relays seem to be targeting Taiwan, and comes mostly from China. That and they wanted to crash my mail server.

My path forward is to rebuilding the second server, which has no domains. I will continue to repair the damage on the first server, like the broken alias email, until the second one is back in service. Then I will CMUExport the domains to it, and reinstall BX on the first.

This is all very tiring, and i appreciate all the comments, assistance, and recommendations from every one on this list, especially Michael Stauber and Greg Kuhnert.

I feel very fortunate to be a part of this list.

Steve