[vcf-midatlantic] OT: help needed with network problem

William Dudley wfdudley at gmail.com
Mon Mar 28 16:38:52 UTC 2022 

The only user accounts are me and my ex-wife, and she only interacts with my
network via ssh (public key only, no passwords) and a simple web interface.
I do run a web server, but all static pages OR Perl CGI driven pages; no
Wordpress.
I suppose I should get the ex-wife to run a malware check on her machine.

Thanks for your thoughts.

Bill Dudley

This email is free of malware because I run Linux.


On Mon, Mar 28, 2022 at 11:29 AM Ethan O'Toole <telmnstr at 757.org> wrote:

>
> Make sure none of your user accounts are compromised. On 757.org we had
> one of the user's accounts get popped and outsiders were slow rolling
> spams through it.
>
> Are you running web services on it? That is another potential point of
> entry. Outdated wordpress plugins and wordpress accounts, stuff like that.
>
> It's a PITA to troubleshoot. And a PITA to get removed from blocks,
> especially O365 and Google.
>
>                         - Ethan
>
>
> On Mon, 28 Mar 2022, William Dudley via vcf-midatlantic wrote:
>
> > This has naught to do with vintage computers, but I need help,
> > and this audience likely has one or more folks who can help.
> >
> > I run my own mail server; I have for many years.
> > Lately, spamhaus.org has blocked me for ONE suspect
> > email from my network.
> >
> > Here is ALL the bad activity from my IP for the last three months:
> >
> > (IP address, timestamp (UTC), and HELO string)
> > 98.109.205.15 2022-03-28 10:15:00 instructure.com
> > 98.109.205.15 2022-03-15 08:05:00 instructure.com
> > 98.109.205.15 2022-01-21 16:10:00 localhost
> >
> > It's a funny kind of malware that sends two messages 15 days apart.
> >
> > I can't figure out where it's coming from, and my knowledge of
> > iptables and tcpdump is insufficient to do the following jobs:
> >
> > 1. figure out where this bad email is coming from
> > 2. block port 25 outbound at my firewall except from
> > the ONE machine authorized to send email.
> >
> > I am willing to PAY for help with this.
> >
> > Email me if you think you can help and would like to try.
> >
> > Thanks,
> > Bill Dudley
> >
> > This email is free of malware because I run Linux.
> >
>

More information about the vcf-midatlantic mailing list