Quote:
"Why would you put a known compromised hard drive IN YOUR MAIL SERVER?
"
Who ever said the server was live and in use? Just because the host name looked good to you? LOL Instead of poking at me, why dont you listen to what was said....
|
Well how about this then.
Received: from mail.suavemente.net (mail.suavemente.net [66.11.112.15])
mail.suavemente.net now shows a forward entry of 66.11.112.16, my guess would be the ips are on the same server, or you just change servers after that one got hacked.
Quote:
Block the ip, that guy is AFTER NATS BOXES. That is how it
has to do with nats.
|
Well thanks for that. We appreciate all the evidence you've put forth to convince us of this. I now believe you and will believe anything else you say from this point forward. Everyone, believe what he is saying. Why? Because he says so, that's why!
Quote:
I have been working with the folks at nats today on this.
We are trying to hunt this guy down and also find out what exploits he is
using to get into nats servers. Right, the hack it self has not much to do with nats, seems more like a mysql injection exploit at this time, however the warning was clear - Block the ip if you are running nats, especially if you use epassporte with nats because he is most interested in those than anything.
|
That's one hell of a mysql exploit. Let me guess, it was something like this:
"INSERT INTO mail.suavemente.net SELECT AWESOMER00TZ0RKIT./dev/k4rd FROM 65.110.62.120 WHERE THIS.THREAD = BULLSHIT;"
Still doesn't explain how your mail server got rooted, or what that has to do with NATS or why NATS would be running on your mail server, but because you say it does, I believe you.
Quote:
You guys just made assumptions and tried to make me look dumb, thats not
cool. Perhaps in the future I'll refrain from disclosing known live hacker activity. Some people just love to hate.
|
I didn't make you look dumb, you do a fine job of that on your own.
__________________