Go Back   Hektik Forums > Main > Technology > Security
Sendmail Sendmail
Register Blogs FAQ Members List Calendar Arcade Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-13-2003, 08:51 PM
Lurking around
  
Join Date: May 2003
Posts: 1
Rep Power: 0
hokiegal99 is on a distinguished road
Exclamation Sendmail
How do you convince “web masters’ to patch the software on their servers? The site in question has been broken into several times (the latest about a year and a half ago) and used in several DDoS attacks. The “web master” installed a newer version of Red Hat Linux after the last break-in, but once again has not patched it since the original install. The server has old versions of Sendmail, BIND, Apache, etc. all with exploits of some kind... especially Sendmail and BIND. If it hasn’t been broken into already, it will be soon, and I’d like to avoid it if possible as I’ll be asked to help reinstall the thing again. But as soon as the site is back up and running, they won’t let me near the machine, and when I ask them if they’ve patched it, they’ll say they have, but when I telnet to the machine’s port 25 and see Sendmail 8.11.6 I *know* they have not and that they are asking for trouble... any advice?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 05-13-2003, 11:27 PM
kenny's Avatar
.:the hektik crew:.
  
Join Date: Oct 1975
Location: S.L.C.
Posts: 2,057
Rep Power: 153
kenny has a spectacular aura aboutkenny has a spectacular aura about
Nope you are screwed.
I know several people that visit these forums have all had to deal with shit like this. Sadly there are not too many options, for me it was easy... My boss who was guilty of shit like this got fired. The best thing i could tell you is go above his head. It sounds shitty, but if you like the place you are working at and don't want to see it continue to go downward go above his head.

On your own time, and without the knowledge of others you could always audit the network and prepare a write up for whoever runs the business and show them the holes, the risks they face with these holes and how you or they could fix them. The downside to this though is that by doing this you could put your job at risk, loose it and/or make plenty of enemies that could make work a shitty place.
__________________
-kenny-


"I'd rather be hated for what I am than loved for what I'm not." -Bushwick Bill
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 07-20-2005, 05:23 PM
hektik writer
  
Join Date: Jun 2004
Location: Chicago, IL
Posts: 663
Rep Power: 42
cold is on a distinguished road
Sendmail is the 'default' mail server with most UNIX-based systems. If I were you, I would convince the posse to migrate to qmail. It was based on sendmail, but is faster and more secure. There is also a security package that includes qmail, spam-killers, etc. You can get that @ qmailrocks.org. Hope this helps.

PS I know I'm late as shit, but I couldn't help myself.. The compultions! The compultions!!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 12:01 AM.

Contact Us - hektik.org - Archive - Privacy Statement - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43