[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [school-discuss] Welcome to Schoolforge! (93?)

Dear David,
thanks for welcoming our school, Vihti senior high in Finland
http://vyl.vihti.fi  :-)!
Sorry to start with bad news :-(. There was an intruder in our system who
sent spam mail to some US addresses. Schools are on their vacation in June
and July in this country, and it often happens that school servers are
cracked and misused for scanning networks or sending spam mails at that
time. In my school, Linux is only used in our web server so far.
Security is a big problem for us, as Linux OS is mostly run by students or
by alumni, and many administrators have more enthusiasm than skills
(including me ;-)). Two years ago our server was cracked the first time, and
we solved the problem by putting off FTP and telnet and changing into SSH.
Now it seems that sendmail was used for spamming purposes. I let you see
what was done by adding one feedback email from SpamCop to this mail.
We had to shutdown our web server for some time now to improve security. We
don't know yet how this intruder came into our system. This causes a lot of
work which we need to do in our vacation now. The intrusion was reported to
the officials in www.cert.fi , and we are going to inform the local police
If you could give me good advice about what is best to do in this situation
to avoid intrusion  in future, I would appreciate it very much.

Thanks in advance,



"A networked teacher is
a multiple teacher..."


Ilpo Halonen
language teacher, M.A.


- SpamCop V1.3.3 -
This message is brief for your comfort.  Please follow links for details.

Email from / Wed, 03 Jul 2002 18:55:37 -0400

Offending message:
Return-Path: <nobody@vyl.vihti.fi>
Received: from  rly-za02.mx.aol.com (rly-za02.mail.aol.com [])
air-za01.mail.aol.com (v86_r1.15) with ESMTP id MAILINZA13-0703185559; Wed,
Jul 2002 18:55:59 -0400
Received: from  vyl.vihti.fi (vyl.vihti.fi []) by
rly-za02.mx.aol.com (v86_r1.15) with ESMTP id MAILRELAYINZA22-0703185537;
03 Jul 2002 18:55:37 -0400
Received: (from nobody@localhost)
     by vyl.vihti.fi (8.11.6/8.11.6) id g63N1si09210;
     Thu, 4 Jul 2002 02:01:54 +0300
Date: Thu, 4 Jul 2002 02:01:54 +0300
Message-Id: <2002_________________9210@vyl.vihti.fi>
To: x, x, x,
        x, x, x,
        x, x, x,
From: wayne90421@maq.com ()
Subject: must read
X-Mailer: Unknown (No Version)
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Below is the result of your feedback form.  It was submitted by
 (wayne90421@maq.com) on Thursday, July 4, 2002 at 02:01:54

(: <font size="6">(: Hey, it's me Stacy again... I just found this Hott new
awesome website that even got ME going!  The best part is, it's 100% free!
creditcards, downloads or phone calls are EVER required.  I suggest you
miss out and take advantage of this will it lasts man!  The address to this
is : http://beam.to/h0lly</font><BR><BR><BR>i4a8f