Re: Ouch! My SBS got hacked! Please help me not be a spammer

With any mail server, the first thing to check is not a Windows virus.
You should be checking your SMTP _relay_ settings. Not your firewall
settings. That's like sticking your thumb in a leaking dike. You
think you fixed it, but you didn't.

If you open up a relay on the internet, it is only a matter of minutes
before spammers hit your box trying to relay mail.

A large volume of the spam and DDOS attacks are attributable to servers
and workstations connected to the internet without proper
configuration.

You cannot install an AV product on top of Windows and plug-and-play on
the WWW.

At the very least, you should have googled for "test for open relay"
before your plugged your mail server in.

Regards,
Alan Leghart


Bob Johnson wrote:
Starting last night just after I left work to go home my WMPC starting chiming away as bounced email replies started flying in. As II was driving through rush hour traffic I was helplessly watching the returns hit the 200 mark. My poor phone couldn't keep up! I had a date with my wife so I just unplugged the router on my home SBS box and this morning before I plugged it back in I DENIED the outgoing SMTP traffic via the ISA server which seems to have stopped me from being a spammer. I have anti virus software and I though all my pwds were secure enough, but somehow I got hacked.

I have SBS 03 Premium with ISA 2004 with all the latest SPKs insalled. I have eTrust Anti Virus Version: 7.0.139 running with the latest signatures on SBS and all the other client computers. Nothing has come up suspicious.

Can anyone point me in the right direction of what I can do to clean this mess up? I changed all the pwds, but not sure what else I should do.

Thanks.

Hugh
------=_NextPart_000_0006_01C6EEB3.04BCB330
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 1473

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD><FONT face=Arial><FONT size=2>
<BODY>
<DIV>Starting last night just after I left work to go home my WMPC starting
chiming away as&nbsp;bounced email replies started flying in. As II was driving
through rush hour traffic I was helplessly watching the returns hit the 200
mark. My poor phone couldn't keep up! I had a date with my wife so I just
unplugged the router on my home SBS box and this morning before I&nbsp;plugged
it back in&nbsp;I DENIED the outgoing SMTP traffic via the ISA server which
seems to have stopped me from being a spammer. I have anti virus software and I
though all my pwds were secure enough, but somehow I got hacked.</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have SBS 03 Premium with ISA 2004&nbsp;with all the latest SPKs insalled.
I have eTrust Anti Virus Version: 7.0.139 running with the latest signatures on
SBS and all the other client computers. Nothing has come up suspicious.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Can anyone point me in the right direction of what I can do to clean this
mess up? I changed all the pwds, but not sure what else I should do.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Hugh</DIV></BODY></HTML></FONT></FONT>

------=_NextPart_000_0006_01C6EEB3.04BCB330--

.