Sendmail hacked

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
nfcohl
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Nov 25, 2016 11:07 am

Sendmail hacked

Postby nfcohl » Fri Nov 25, 2016 11:19 am

Hi,

I have to replace someone and take over the admin of a WAMP server, so I'm quite new to this, sorry if information is missing. There is an old Joomla running on it, and site has been hacked a few days ago. I updated stuff and now everything is fine. But I realised Apache error logs were growing fast. It contains lost of : sendmail: Error during delivery: Spam detected.

Looking at the Sendmail debug.log, I can see SPAM being sent using my server (end of this post)

How can I find out where it is originated from and block that ?

Thanks

Code: Select all

16/11/24 10:22:27 ** --- MESSAGE BEGIN ---
16/11/24 10:22:27 ** To: rwiddersjr@comcast.net
16/11/24 10:22:27 ** Subject: We do have a search for a partner
16/11/24 10:22:27 ** Date: Thu, 24 Nov 2016 10:22:27 +0100
16/11/24 10:22:27 ** From: Crystal <crystal@intranet.cohl.fr>
16/11/24 10:22:27 ** Message-ID: <8ee993a214679b255898182e1b476590@intranet.cohl.fr>
16/11/24 10:22:27 ** X-Priority: 3
16/11/24 10:22:27 ** MIME-Version: 1.0
16/11/24 10:22:27 ** Content-Type: multipart/alternative;
16/11/24 10:22:27 ** boundary="b1_8ee993a214679b255898182e1b476590"
16/11/24 10:22:27 ** Content-Transfer-Encoding: 8bit
16/11/24 10:22:27 **
16/11/24 10:22:27 **
16/11/24 10:22:27 ** --b1_8ee993a214679b255898182e1b476590
16/11/24 10:22:27 ** Content-Type: text/plain; charset=us-ascii
16/11/24 10:22:27 **
[...]
Connecting to smtp.completel.fr:25
16/11/24 10:22:27 ** Connected.
16/11/24 10:22:27 << 220 smtp3.mail.completel.net ESMTP Postfix<EOL>
16/11/24 10:22:27 >> EHLO SRVWEB01.******<EOL>
16/11/24 10:22:27 << 250-smtp3.mail.completel.net<EOL>250-PIPELINING<EOL>250-SIZE 51200000<EOL>250-ETRN<EOL>250-ENHANCEDSTATUSCODES<EOL>250-8BITMIME<EOL>250 DSN<EOL>
16/11/24 10:22:27 >> MAIL FROM: <crystal@intranet.cohl.fr><EOL>
16/11/24 10:22:27 << 250 2.1.0 Ok<EOL>
16/11/24 10:22:27 >> RCPT TO: <rwiddersjr@comcast.net><EOL>
16/11/24 10:22:28 << 250 2.1.5 Ok<EOL>
16/11/24 10:22:28 >> DATA<EOL>
16/11/24 10:22:28 << 354 End data with <CR><LF>.<CR><LF><EOL>

Return to “Security in Joomla! 1.5”

Who is online

Users browsing this forum: No registered users and 5 guests