[Hidden-tech] Need help finding what hijacked our email server port 25

Steven Aronstein saronstein at gmail.com
Wed Sep 11 17:16:40 UTC 2024


Hi,

We have an email server (Communigate hosted on Linode) that stopped
responding. We discovered it was because something else on the server
started using port 25. Except it wasn't anything we installed.

master 811 root 13u IPv4 28666 0t0 TCP 127.0.0.1:25 (LISTEN) master 811
> root 14u IPv6 28667 0t0 TCP [::1]:25 (LISTEN)


Then Linode warned us (and blocked) our server because the detected spam
being sent from it. Which wasn't us.

So, we appear to have some kind of virus or app that has hacked into our
server and is using it.

This may actually be a fairly simple process for someone in the know, but
we don't have the resources at this moment to be that someone fast enough.
We've had enough bad experiences hiring random gig workers online that we
don't want to trust someone like that with access, however brief, to our
mail server.

Is there anyone in this group or locally or that people here trust up for a
quick gig finding and purging the uninvited guest from our server so the
mail server starts running and Linode will unblock it?

You can call or text or email me privately as well. All suggestions,
guidance, or references welcome.

Thanks!
Steve
413-207-5610
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20240911/4097d5b0/attachment.html>


Google

More information about the Hidden-discuss mailing list