newbie with www user security problem

Thu, 11 Aug 2005 06:32:53 -0700

many, MANY apologies up front if i have sent this to the wrong place! I am inherently a software engineer who now gets to monitor a mail server (don't ask). anyway i get an email message that alerts me from a user that we have been hacked by a spammer and the mail message header is: 

------------- Forwarded message follows -------------

X-Auth-No:
Return-Path: <web1.prosoundweb.com!www>
Received: from web1.prosoundweb.com [64.73.50.193] by compudox.com
    with Novonyx SMTP Server $Revision:   2.75.1.9  $; Wed, 10 Aug
2005
14:25:40 -0700 (PDT)
Received: from web1.prosoundweb.com (localhost.prosoundweb.com
[127.0.0.1])
    by web1.prosoundweb.com (8.13.3/8.13.3) with ESMTP id
j7AJiZZF016410;
    Wed, 10 Aug 2005 14:47:04 -0500 (CDT)
    (envelope-from [EMAIL PROTECTED])
Received: (from [EMAIL PROTECTED])
    by web1.prosoundweb.com (8.13.3/8.13.3/Submit) id
j7AINncm031958;
    Wed, 10 Aug 2005 13:23:49 -0500 (CDT)
    (envelope-from www)
To: [EMAIL PROTECTED]
Subject: All  warez and porno in one place
Reply-to: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Wed, 10 Aug 2005 13:23:49 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - srforum.prosoundweb.com
X-AntiAbuse: User_id - 2
X-AntiAbuse: Username - admin
X-AntiAbuse: User IP - 62.105.6.113
it appears that someone has hacked the www password. at least i think, and here is where the questions start....
am i correct in thinking that someone has hacked the www password and has used the phpBB2 functionality (forum nightmare) to send spam mail out?
what can i do about it other than have the www password changed? if i change it will this action at least deter the spammer? what else will this affect by changing the password?
can anyone shoot me a URL / example / explanation of how to button up this hole? 

THANK YOU, THANK YOU, THANK YOU in advance!

ken;

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to