Thursday, December 01, 2011

Hacked

So I thought I had solved the problem with my mail server sending out spam messages by closing it as an open relay, but no the spam kept on pouring out.  I spent ages trying to work out where on earth it was coming from and eventually decided to look at the apache logs.  From there is was clear that a file called sm5so7.php was accessed every time a mail got sent out.  It turns out that there was a nasty exploit in zenphoto the gallery software that I run on the server.  More information can be found here:
  • http://www.zenphoto.org/news/alert-security-hole-in-zenphoto-1.4.1.4
  • http://www.zenphoto.org/news/security-alert-part-2
  • http://www.zenphoto.org/support/topic.php?id=9951#post-58366
So for now I have shutdown the webserver and the junk mails have stopped streaming out.  Now I have just got to find the time to sort out the mess.  It doesn't look like a root exploit so it should be just the web stuff I have to clean up.


0 comments: