[vcf-midatlantic] OT: help needed with network problem
wfdudley at gmail.com
Mon Mar 28 16:38:52 UTC 2022
The only user accounts are me and my ex-wife, and she only interacts with my
network via ssh (public key only, no passwords) and a simple web interface.
I do run a web server, but all static pages OR Perl CGI driven pages; no
I suppose I should get the ex-wife to run a malware check on her machine.
Thanks for your thoughts.
This email is free of malware because I run Linux.
On Mon, Mar 28, 2022 at 11:29 AM Ethan O'Toole <telmnstr at 757.org> wrote:
> Make sure none of your user accounts are compromised. On 757.org we had
> one of the user's accounts get popped and outsiders were slow rolling
> spams through it.
> Are you running web services on it? That is another potential point of
> entry. Outdated wordpress plugins and wordpress accounts, stuff like that.
> It's a PITA to troubleshoot. And a PITA to get removed from blocks,
> especially O365 and Google.
> - Ethan
> On Mon, 28 Mar 2022, William Dudley via vcf-midatlantic wrote:
> > This has naught to do with vintage computers, but I need help,
> > and this audience likely has one or more folks who can help.
> > I run my own mail server; I have for many years.
> > Lately, spamhaus.org has blocked me for ONE suspect
> > email from my network.
> > Here is ALL the bad activity from my IP for the last three months:
> > (IP address, timestamp (UTC), and HELO string)
> > 22.214.171.124 2022-03-28 10:15:00 instructure.com
> > 126.96.36.199 2022-03-15 08:05:00 instructure.com
> > 188.8.131.52 2022-01-21 16:10:00 localhost
> > It's a funny kind of malware that sends two messages 15 days apart.
> > I can't figure out where it's coming from, and my knowledge of
> > iptables and tcpdump is insufficient to do the following jobs:
> > 1. figure out where this bad email is coming from
> > 2. block port 25 outbound at my firewall except from
> > the ONE machine authorized to send email.
> > I am willing to PAY for help with this.
> > Email me if you think you can help and would like to try.
> > Thanks,
> > Bill Dudley
> > This email is free of malware because I run Linux.
More information about the vcf-midatlantic