[CS-FSLUG] How could this be happening
Tim Young
Tim.Young at LightSys.org
Tue May 11 19:30:54 CDT 2010
I have removed a number of spam-sending agencies off Linux computers.
The majority of them came in through vulnerabilities in web-servers, but
I have seen them come in through ssh servers and a few other routes.
Most of them would have been classified as worms, and the others were
the result of malicious human attackers (script-kitties).
I have also seen ISPs contact people who were sending out spam,
notifying them that something on their network was doing that. All that
portion of your sister's report is something I have run into
previously. Most spam reporting engines blacklist the IP address, not
email address, but a non-technical user would not really understand the
difference.
If you happen to have a recent email from her, you could probably look
at the headers to find the IP address that she has on her computer, and
plug that IP address into: http://www.mxtoolbox.com/blacklists.aspx If
she has had that IP address for long enough then you may actually be
able to see a copy of one or more of the emails being sent out of the
computer.
Removing a spam-sending agency from a Linux computer is often relatively
easy, if you can find it. The problem is that it is usually a lot more
effort than one would expect, and having a non-techie person trying to
remove it is a real pain. If you can ssh into her computer, then you
can probably clean it off in no time. But if it is going to be up to
her to do it, her best bet would be to do a fresh reinstall (making sure
she updated her computer).
I would treat her request, and the request from Road Runner as being valid.
- Tim Young
On 5/11/2010 7:05 PM, David McGlone wrote:
> Hi all, About a year ago I installed Kubuntu on my sisters computer. Today she
> sent me this.....
> (snip)
>
More information about the Christiansource
mailing list