Hacked at my own site


I should kick myself down the stairs for this, but my Kerio mailserver became a spammer for a few days because my wife's password got hacked. This probably goes back to the Heartbleed bug of earlier this year - I had patched and changed my passwords, but I forgot about my wife. It took them a while to get around to using it, but a few days ago spam started going out from her login.

That was so unnecessary for so many reasons. First, of course I should have changed her password. Second, there was no reason in the world to allow her to send mail from anywhere but our home IP. If we happen to be away and need to send email through that account, I can always temporarily add that IP to the "users from IP address group". We rarely need that anyway.

Finally, I have a script that would have caught this before it got very far: Monitoring Kerio Connect for suspicious activity. I should have set that up to email me every day, but I hadn't.

So, I didn't notice this for three days. Fortunately my ISP did and notified me, so I jumped on, locked it down, changed passwords, and have been monitoring it since.

What's that about the shoemaker's children? Yeah, I know.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Hacked at my own site

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Technology is both a tool for helping humans and for destroying them. This is the paradox of our times which we're compelled to face. (Frank Herbert)

This post tagged: