[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] Now it is the turn of VSNL Bombay to be hit by spammers



-----Original Message-----
From: Smeagol Gollum <smeagol@xxxxxxxxxxxx>
To: Linux India <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Cc: Tarique Sani <tarique@xxxxxxxxxxxxxxxxx>; PCQ <edit@xxxxxxxxxxx>
Date: Sunday, October 24, 1999 10:53 AM
Subject: [LI] Now it is the turn of VSNL Bombay to be hit by spammers



-Your server bom4.vsnl.net.in which runs sendmail 5.65 has been
-misused by a spammer to relay spam mails.  Kindly upgrade to
-8.9.3 and update your sendmail.cf files to prevent this.-

-In fact, your version of sendmail is very insecure, and wi-ll allow
-remote attackers to execute any command they wish as the
-sendmail userID (usually root) and which may allow remote or local
-attackers to gain a root shell on the server.

-This happened to BARC when hackers attacked it after the Pokhran
-blasts.  So, you see that the situation is very dangerous.


I had written a long mail to Mr. Vineet Mittal of Bombay VSNL regarding
security holes in their all the sever. To some extent vsnl has taken up this
matter seroiusly and earned their salary.
The situation is worst at DOT server. The sysadmin usually drawn from other
department having no knoledge of even unix (forget security). About 6-8
months back one of the DOT server was providing a beautiful web based System
Administration service on port 8080 without authorisation,  which was
eventually stopped. Getting root access on these server is a small job and
does not require any big skill. In spite of repeated suggestions to DOT
sysadmins, little has improved.
If the the DOT does not wake up in time, India will become a favorite play
ground not only for spammers but hackers / crackers  too.
Best Regards,
-mukund
http://members.theglobe.com/betacomp/index.htm
http://members.xoom.com/BETACOMP/index1.htm
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.


--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.