Hacked at my own site
I should kick myself down the stairs for this, but my Kerio mailserver became a spammer for a few days because my wife's password got hacked. This probably goes back to the Heartbleed bug of earlier this year - I had patched and changed my passwords, but I forgot about my wife. It took them a while to get around to using it, but a few days ago spam started going out from her login.
That was so unnecessary for so many reasons. First, of course I should have changed her password. Second, there was no reason in the world to allow her to send mail from anywhere but our home IP. If we happen to be away and need to send email through that account, I can always temporarily add that IP to the "users from IP address group". We rarely need that anyway.
Finally, I have a script that would have caught this before it got very far: Monitoring Kerio Connect for suspicious activity. I should have set that up to email me every day, but I hadn't.
So, I didn't notice this for three days. Fortunately my ISP did and notified me, so I jumped on, locked it down, changed passwords, and have been monitoring it since.
What's that about the shoemaker's children? Yeah, I know.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic