From: Jamie C. <jca...@we...> - 2005-03-19 23:02:50
|
On Sun, 2005-03-20 at 07:15, Mark Frank wrote: > * On Sat, Mar 19, 2005 at 06:19:50AM -0500 Grant Peel wrote: > > Hi all, > > > > One of our servers is listed on the SORBs hacked list. > > > > after many billions of testings and reading of volumes of security alerts > > and things, I am not hacked. > > > > Has anyone seen this before? > > > > Additional information on the host is: Likely Backdoor installed Port: 10000 > > > > This is the quote from the SORBS hacked database. > > The same thing happened to me a couple of weeks ago for the same reason. > > > > > Anyways, understanding this is not a real Webmin question, does anyone know > > how to follow the SORBS support system through to have the server removed, > > when the server does not have a Web browser on it...? > > I finally opened a ticket through their "support" section (it took a > while to finally find the right page to open a ticket) and even > though it says on the page that it could take up to 2 weeks to get a > response, it was actually resolved in about 4-5 days. > > I explained when I opened the ticket it was due to webmin which > defaulted to port 10000 yada yada yada. They retested and removed my > server from their list. (Note I HAD shut down webmin so port 10000 wouldn't > show open.) > > Just another reason RBLs suck. Did they actually say that they consider Webmin to be a back-door program, or is there some other server that listens on port 10000? Webmin must be installed on hundreds of thousands of machines, so blocking them all seems rather excessive - even if some of the installs were not actually legitimate. - Jamie |