IceWarp Server User to User Forum IceWarp Server User to User Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Smtp port hacked

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [IceWarp Product Configuration] >> IceWarp Anti-spam Server >> Smtp port hacked Page: [1]
Login
Message << Older Topic   Newer Topic >>
Smtp port hacked - 10/27/2008 4:14:47 AM   
bobmoorman

 

Posts: 1
Score: 0
Joined: 10/27/2008
Status: offline 		I am having a problem with spammers. They have some how figured out a user name and password. When I go to the log I can not tell the name since it seems to be in code. Example :

VXNlcm5hbWU6
aW5mbw==
UGFzc3dvcmQ6
aW5mbw==

Anyones help would be greatly appriciated!

Thank You
Post #: 1
RE: Smtp port hacked - 10/27/2008 6:01:32 AM   
techaware

 

Posts: 20
Score: 0
Joined: 5/8/2008
Status: offline
quote:

ORIGINAL: bobmoorman

I am having a problem with spammers. They have some how figured out a user name and password. When I go to the log I can not tell the name since it seems to be in code. Example :

VXNlcm5hbWU6
aW5mbw==
UGFzc3dvcmQ6
aW5mbw==

Anyones help would be greatly appriciated!

Thank You
 Yea, i got this off the Icewarp support website. Tehy do their encoding in base64, so ya just need to get a decoder for that. http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx in your case, the username is info and the password is info.  

(in reply to bobmoorman)
Post #: 2
RE: Smtp port hacked - 10/31/2008 4:43:57 AM   
marciohumpris

 

Posts: 362
Score: 2
Joined: 5/1/2008
Status: offline 		Hi, Bob

As Techaware informs, its not quite a hack. Its an abuse of SMTP authentication, because of easy username and password. BTW, the other day, for the first time, Ive seen some virus that sends spam that is able to SMTP authenticate (Mail.ru). Usually if you disable pop before SMTP, keep in trusted IPs just server IPs and have strong passwords - use IceWarp's pass policy feature (and use just SMTP AUTH, the option deny smtp auth has to be unmarked), you will be safe.

I suggest you change the password above. Decoding it, you will find the username is "info" and password is also "info".

Also check the option Reject if SMTP AUTH different then sender. It can also happen to avoid abuse, even if a spammer finds out someone's password, he would be able to authenticate with a valid account in your IceWarp Server and use some other address as a Sender.

See: http://esupport.icewarp.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=32

regards,
Marcio

(in reply to techaware)
Post #: 3
Page:   [1]
All Forums >> [IceWarp Product Configuration] >> IceWarp Anti-spam Server >> Smtp port hacked Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


2001 - 2008 © IceWarp