On Sun, May 18, 2008 at 10:03 AM, Lawrence Sheed < Lawrence@computersolutions.cn> wrote:
Corrected that in the conf file.
If I check the dovecot user, I see its been compromised also - a bunch of crap in their login folder. I didn't create the dovecot.conf with a /var/run/dotvecot though, so someone else did that.
More updates as I check further.
If you allow your system to be compromised, you cannot attribute that to a particular application, unless you can prove the fact that that application led to the security hole. For now, it's easy to just take that 0wn3d host offline and deal with it - or just format the damn thing as it'll not be easy to track down the hole(s) now existing on your system. I'd do that, but I'd have to record that as a major milestone in my sysadmin life since I've never been so luck to get v1s1t3d by aliens:-)
Get the humor flowing.... I was having a really boring Sunday!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
"Oh My God! They killed init! You Bastards!" --from a /. post