 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to elias
Re: [Hacked] DarkMailer? You'll find more than just DarkMailer when you get to it.
At a minimum there will be a file containing the email addys the mail was getting sent to. I've seen them as large as 26MB's. I'd be surprised if there weren't a phpshell somewhere there too. You might want to keep an eye on it until you get to it. Restarting it won't be an issue for whoever uploaded the files to it. The content matter of the outgoing emails would also help you locate other uploaded material, so if it's still there, take a look at it. |
|
 eliasPremium,VIP
join:2000-07-24
Miami, FL | said by Snowy:You'll find more than just DarkMailer when you get to it. At a minimum there will be a file containing the email addys the mail was getting sent to. I've seen them as large as 26MB's. I'd be surprised if there weren't a phpshell somewhere there too. You might want to keep an eye on it until you get to it. Restarting it won't be an issue for whoever uploaded the files to it. The content matter of the outgoing emails would also help you locate other uploaded material, so if it's still there, take a look at it. Do you think there will be enough evidence to try and locate the spammer? It would be nice to attempt to go after them, as I've seen others do in these forums in the past.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5 | maybe, maybe not. A look at the email content & the cofiguration file for DarkMailer could shed some light on it. |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to elias
said by elias:said by Snowy:You'll find more than just DarkMailer when you get to it. At a minimum there will be a file containing the email addys the mail was getting sent to. I've seen them as large as 26MB's. I'd be surprised if there weren't a phpshell somewhere there too. You might want to keep an eye on it until you get to it. Restarting it won't be an issue for whoever uploaded the files to it. The content matter of the outgoing emails would also help you locate other uploaded material, so if it's still there, take a look at it. Do you think there will be enough evidence to try and locate the spammer? It would be nice to attempt to go after them, as I've seen others do in these forums in the past. I found a spammers rel email addy once. Was pretty funny he had installed a mass mailer name of that one has long sence been forgotten. Any how this guy also installed a keylogger. It would email him its log. This email addy was a isp email for road runner. So i decided to have some fun with the few 100 emails a hour going out of the system. I simply put his email in the file over and over 1 address per line and let it rip 
I bet he was quite suprised to see him self spammed 100s of times per hour poor email inbox had to be jammed packed with his own crap. You just got to love spammers who are dumb enough to include their email addy on a infected system. I also reported him to road runner generaly took them about a week to handle situations like this so for the entire week his primary email account would have been packed tight. I know it was the primary account because was first letter of first name and last name@xx.rr.com.
So before you just report him if you get his main addy some how you might want to consider having some fun as well.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel
open source dns server for *nix and windows »powerdns.com |
|
