Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Enrico Comoglio (comoglioFLY2NET.IT)
Date: Mon Mar 12 2001 - 05:01:12 CST
---- Original Message -----
From: "Erik Thackston" <ethackstonINTERLIANT.COM>
Sent: Friday, March 09, 2001 10:24 PM
Subject: SMTP relay
> To ALL.
> I have a issue with a spammer. Basically, I'm running IIS 5.0 virtual
> server and the smtp service has been shutdown. All known executables and
> programs are being audited and so far nothing has matched up as far as
> frames when spam is going out. I was wondering if there is anyone out
> that may have faced a simlar situation before.
> I've been using windump but I feel that my knowledge of it's potential is
> not known to it's fullest extent.
> What I believe is happening is that the user is uploading an exe or perl
> mod and then removing it when he is done. Anyone have any thoughts or
> apps that might be usefull.
If you have shutted down any of your mail daemons, maybe that your server
have been uploaded another mailer without your permission.
I think the 1st step should be making a telnet connection on your server on
port 25, doing this you can immediately know what kind of daemon has been
installed. Looking for a certain program should be easier then...
Hope it will help you, let me know if you need more explains...