Facebook
Twitter
yabado
Regular Pleskian
I recently noticed some strange email bounces coming back to my Plesk "test" server. It turns out that the server was hacked. After som investigation I found this site that explains what was compromised...
http://catalinx.org
Here is what it says...
--snip--
NOTICE, THIS DOMAIN WAS USED BY HACKERS FOR ROOTKIT EMAILS,
CHECK /etc/cron.daily/dnsquery,
/etc/cron.daily/distwatch,
/etc/init.d/killd,
/usr/lib/popauth,
/usr/share/misc/blah/ and
your local smtp server for emails to cata@catalinx.org or unul_catalin@yahoo.com
You can check your Linux server for rootkits with any or all of these programs: chkrootkit, rkhunter, unhide.
This Website is NOT RELATED with the hackers.
--snip--
What are some best practices for preventing such an attack in the future?
http://catalinx.org
Here is what it says...
--snip--
NOTICE, THIS DOMAIN WAS USED BY HACKERS FOR ROOTKIT EMAILS,
CHECK /etc/cron.daily/dnsquery,
/etc/cron.daily/distwatch,
/etc/init.d/killd,
/usr/lib/popauth,
/usr/share/misc/blah/ and
your local smtp server for emails to cata@catalinx.org or unul_catalin@yahoo.com
You can check your Linux server for rootkits with any or all of these programs: chkrootkit, rkhunter, unhide.
This Website is NOT RELATED with the hackers.
--snip--
What are some best practices for preventing such an attack in the future?
