Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Am I a bot?

  1. #1
    Join Date
    Nov 2006
    Location
    Decatur, Ga
    Beans
    84
    Distro
    Ubuntu 10.04 Lucid Lynx

    Am I a bot?

    I take care of my Grandfather's computer, which was running gutsy, and he got a message from his ISP informing him that his email account had been flagged as being the point of origin for spam e-mailings, and that he likely had a virus hijacking his computer. He is using Thunderbird, so I peeked in the "sent" folder, and found nothing odd. I just performed a clean install of Intrepid, so I don't think that there could be anything malicious on there now, but the question is, could someone have been using his box to spam, and if so, how could I keep this from happening in the future? I tend to think that someone likely cracked their password, and was monkeying around directly at the server, I just wondered if a virus was possible/likely?
    Last edited by pollywog; November 24th, 2008 at 04:07 AM.

  2. #2
    Join Date
    Feb 2007
    Beans
    445
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Re: Am I a bot?

    Virus? Very unlikely. Password? More likely than a virus
    check out linuxmce! It's the future of home media centers. It is flat out the most amazing piece of linux software I've ever seen.

    http://www.linuxmce.com

  3. #3
    Join Date
    Jul 2008
    Location
    4newOtherOSTalk4umCsig
    Beans
    555

    Re: Am I a bot?

    His email account or his IP# was the source of spam?


    Odds are his account was compromised--change his password methinks.
    PhenomII 720x4@3.65gHz w/Zalman cooler,PNY Nvidia GTX260, 4GB, Arch64

    14 is NOT a random number!!!!!
    Arch Linux | new Other OS Talk forum

  4. #4
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Am I a bot?

    The password theory is plausible, if their password was semi-weak, but unless you have Postfix setup on the system as an open relay (which I doubt) then no one has been using his system to spam others.

    Another theory which could be plausible is that spammers are using his email address to send their spam around, which someone has reported to the ISP, wherein they flagged the account as the origin of spam. I have seen this happen with my parents email address, and spammers were using it for the From address.

    Dr Small
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  5. #5
    Join Date
    Feb 2008
    Beans
    782
    Distro
    Ubuntu

    Re: Am I a bot?

    If it's from his IP address it sounds like open relay spamming, are you on a fixed IP address?

    If it's from his account (anyone can log into it anywhere and send spam!) then change all passwords.

    If not someone else may have used that IP address and one of those 'Spam cop' type agency flagged the IP address as spaming, by the time the ISP passed on the warning you've picked up that IP address. Some ISP's get auto flagged as spammers (AOL UK flagged and banned all BT's email traffic from it's network for a while a few years ago over a small industry tiff!!)

    check the pc on a ferw of these checkers (I've not tried these!)

    http://spamlinks.net/prevent-secure-relay-test.htm

    Just to make sure everything is fine at the PC's end..
    Laters...
    Sol
    "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere" User numbers: Ubuntu 23772 Linux 477911

  6. #6
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Am I a bot?

    Quote Originally Posted by solitaire View Post
    If it's from his account (anyone can log into it anywhere and send spam!)
    You don't have to be logged into the account to send mail from it.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  7. #7
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Am I a bot?

    I had a similar problem, I was using my origional email, that I got in 1994, it had been around so long that it was available in dozens of hits in Google. I never had my ISP send me an email about generating spam, but I got countless emails from other organizations about spam. My email address was used even thought the emails did not go through my account. It finally got to the point where I was getting so much spam that I finally gave up the account.

    The best thing might be to just create a new email account.

    Jim

  8. #8
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: Am I a bot?

    Quote Originally Posted by pollywog View Post

    . . . . . but the question is, could someone have been using his box to spam, and if I tend to think that someone likely cracked their password, and was monkeying around directly at the server, I just wondered if a virus was possible/likely?
    My money would be on Dr Small's theory in the second paragraph of post #4. If you feel like pursuing the matter ask your ISP for copies of some of the mails with the complete headers.
    Brian.

  9. #9
    Join Date
    Jul 2008
    Beans
    49
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Am I a bot?

    Dr. Small is correct. Lately, I've been receiving emails from myself addressed to myself about various online prescription offers. Unless I'm sleep-computing and my subconscious is trying to drop a hint about organ lengths, this must be the new spam bandwagon.

  10. #10
    Join Date
    Aug 2006
    Location
    Canada
    Beans
    389
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Am I a bot?

    I think it is quite possible your grandparent's computer was a bot if the following two conditions are both true:

    1. You setup an ssh server (or vnc or whatever) on their computer so you could login remotely and help them maintain their computer.
    2. Either your username/password or their username/password were easy to guess. (ie, common account names with dictionary word or easy passwords)

    With that combination, in my opinion, it's only a matter of time before some script kiddie hacks in and installs a whole bunch of stuff on your computer. In my opinion, they don't even need root/sudo privledges to turn your computer into a bot because regular user privledges are enough to run bot programs and send emails etc.

    If that is what happened, you can probably solve it by:
    1. reinstalling
    2. use good (strong) passwords

    And for extra safety:
    3. configure ssh to only allow your account to login
    4. install denyhosts to automatically block people that try to hack in

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •