Never Let Your Guard Down

Today, I learned I had been “hacked”.  I say “hacked” in a figurative sense because there wasn’t really a whole lot of hacking involved.  I somewhat left the door open and someone just fiddled around and got in.

I have my own email server that manages a few domains.  I have one domain I don’t do anything with, and on that one, I had created a couple of test accounts for, well, testing.  The problem is, I never disabled them when I was done.  It’s been a while since I did that, so either I didn’t think about the consequences or assumed that since I was working on an inactive domain, no one would try accessing it.  You can’t assume that.

Since “hackers” just use a bunch of scripts to automate “hacking”, they can just let the scripts run and go eat some more pizza.  And that’s what happened to me, probably.  A script found my domain, then immediately went to work trying out different common username/password combos.  And although I have security features that will temporarily blacklist an IP address after so many failures, that had no effect.  The script will just wait until the ban is lifted then continue on.  Time is not a concern.

So, once they got some working credentials, then it was time to deliver the spam.  And boy did they ever.  I had gigabytes of log files and 22k email messages queued for delivery.  How I learned I was hacked was by chance.  I happened to try sending an email during one of the spamfests and got the email returned with the message:

DED : You’ve reached your daily relay quota

At the time I got that message, I thought it was being returned by the domain I was sending to.  Later, on a whim, I decided to check my own server and was shocked at what I saw.  I immediately shut down the email service and started clearing out all the trash.  Then I changed all the account passwords and disabled all the unused accounts and restarted the server.  The log files showed someone trying to log in using test2@mydomain.com and failing.  Bastards.

It’s my own fault, for sure.  But it’s terrible that you can’t stop being paranoid for a second on the Internet.  They’re always out to get you.

Comments are closed.