Results 1 to 5 of 5

Thread: Got hacked - Will migrate, have questions

  1. #1
    mindlight is offline Junior Member
    Join Date
    Apr 2008
    Posts
    6
    Rep Power
    7

    Default Got hacked - Will migrate, have questions

    Hi everyone.
    I am suspecting that our mail server running Zimbra got hacked.

    Fortunately it is running in a virtual server so setting up a new one is not hard.

    My first question is: If I migrate to a new server using "zmrestore" as instructed in Moving ZCS to New Server - Zimbra :: Wiki

    Will this only restore pure data and NO scripts / executables?

    Since we got hacked I ONLY want data to be moved to the new server, as you all probably understand :-)

    Me second question is: If I install the latest Zimbra, will I be able to migrate my data as instructed in the above mentioned link?

    The hacked server is running Debian 4. I havent had time to examine it further but will do that later on. I suspect it got hacked since my firewall logs shows that it accessed a IP on port 80 (which turned out to be a webmail server) and another IP on port 123... dunno what a Zimbra does on 123 on a PC that is placed on a home broadband IP-range but Im pretty sure that that behaviour is not hardcoded into the source :-)
    Zimra version is Release 5.0.4_GA_2101.DEBIAN4.0 DEBIAN4.0 FOSS edition

    All replies are happely accepted but I would really appreciate if I got answers from experienced admins too. Maybe ZImbra staff too? :-)

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Moving ZCS to Another Server » Zimbra :: Blog

    Install the new server, migrate your data, and then upgrade.

  3. #3
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    718
    Rep Power
    9

    Default

    Outbound connections to port 80 could be user RSS or iCal feeds.

    Port 123 is ntp, time synchronization, which you probably should have.

    You should seriously consider outsourcing to a Zimbra hosting service (or to a competitor like gmail) so that you don't have to take care of it yourself.

  4. #4
    Vladimir is offline Advanced Member
    Join Date
    Aug 2007
    Posts
    220
    Rep Power
    7

    Default

    Out of curiosity, how did you get hacked and what did you notice?

  5. #5
    mindlight is offline Junior Member
    Join Date
    Apr 2008
    Posts
    6
    Rep Power
    7

    Default

    Damn!
    Pardon my french but... you are right... and I am paranoid :-)

    Well, the machines I saw get accessed is not machines I do NTI P with.So its kinda strange anyways.
    The thing about this server is that I installed it but then I left the company and they were never interested in taking over the maintenance... in the beginning I logged in to run som aptitude upgrade etc... but then I lost intrest... I didnt get any for it... and then they called telling me that their net was slow and mailserver sluggish... so then I checked the FW logs and... strange things it did.

    Anyways. the virtual disk has been copied and I am going to spend a week with it :-)

    Quote Originally Posted by Rich Graves View Post
    Outbound connections to port 80 could be user RSS or iCal feeds.

    Port 123 is ntp, time synchronization, which you probably should have.

    You should seriously consider outsourcing to a Zimbra hosting service (or to a competitor like gmail) so that you don't have to take care of it yourself.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 03-28-2008, 01:47 AM
  2. Zimbra Mobile Newbie questions
    By dazi01 in forum Zimbra Mobile
    Replies: 1
    Last Post: 10-11-2007, 12:29 PM
  3. Zimbra 5 RC1 - Bug and IM questions
    By greenrenault in forum Installation
    Replies: 1
    Last Post: 10-08-2007, 08:43 AM
  4. Zimbra Pre-Install Questions
    By dczanik in forum Installation
    Replies: 1
    Last Post: 06-13-2007, 12:10 PM
  5. AD integration questions
    By SpaceBass in forum Administrators
    Replies: 1
    Last Post: 01-24-2007, 07:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •