Newbie Question: Mailserver security
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Newbie Question: Mailserver security

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    19

    Newbie Question: Mailserver security

    Hi Guys/Gals,

    I have a problem with one of my client; he accuses his ISP of forwarding his email to the competition. So I was wondering what kind of action a hacker needs to take to realize this. I know that nothing is impossible but, is it plausible that this happened to my client?

    The ISP assures us that this didnít happen and I tent to believe them. So to get it clear if that the client has another security leak I need to get a global view of all the possible actions of a hacker. So I can create an overview and search for other possible leakages.

    Can somebody help me with this?

    Kind regards,
    Arbi
    Last edited by MrEsco; December 19th, 2007 at 03:20 PM. Reason: Forgot some line :)
    Beware of weird people

  2. #2
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Well im sure your [insert someone other than me here] is just paranoid. Leaks are fun to play with and there's probably a bazillion different ways to track 'em down without getting into murky legal waters. I don't know what exactly you're looking for by 'action of a hacker' but i don't think anyones gonna show you how to hack the Gibson here, if-yaknowwhadimean

    But your options all depend on what kind of business you're [insert someone other than me here] is in and what the competition could gain by reading the emails. It also helps if you know what type of mail reader the person is using. Outlook? What version? Or is he reading it at gmail? Or juliosdiscountemail.com? We need details.

    btw, what is the esco in your name stand for?

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    ISPs don't intercept mail without a court order. OK they log activity but have no idea of what people are doing unless they analyse their logs.

    The three likely sources are:

    1. A keylogger.
    2. Spyware that sends duplicates of e-mails.
    3. An insider.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Quote Originally Posted by nihil
    ISPs don't intercept mail without a court order.
    Not unless you're AT&T, then you just shotgun everything to the NSA

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    What I would do is go to a friend's place. Logon to e-mail using their machine and change the password.

    That would resolve the compromised account and insider possibilities.

    Then format and reinstall............. that will get rid of spyware and most keyloggers.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Junior Member
    Join Date
    Jul 2002
    Posts
    19
    Quote Originally Posted by xiphias360
    Well im sure your [insert someone other than me here] is just paranoid.
    That I am sure about

    Quote Originally Posted by xiphias360
    I don't know what exactly you're looking for by 'action of a hacker' but i don't think anyones gonna show you how to hack the Gibson here, if-yaknowwhadimean
    Its not the goal of my question to get to hacking part... am more intrested in the information how i can defuse the situation. And thats why i posted it

    Quote Originally Posted by xiphias360
    But your options all depend on what kind of business you're [insert someone other than me here] is in and what the competition could gain by reading the emails. It also helps if you know what type of mail reader the person is using. Outlook? What version? Or is he reading it at gmail? Or juliosdiscountemail.com? We need details.
    True, but i was more looking for global answers... i dint want to bore u with the juicy details... But seriously, as u said there about trillian (I can also make numbers up) ways to get to the emails. I Should have specified that am looking at ways that are currently are "mis"used and what the commonly used ways out there.

    Quote Originally Posted by xiphias360
    btw, what is the esco in your name stand for?
    Its stands for *non of your business*, just kidding it stands for escobar. are u doing some social hacking? I can asure there is nothing to gain... My secrets are publicly known...

    back to the problem at hand: He's problaly using an cheap hosted web based email system. Reading his email online and downloading his email true an pop3 server.

    Nature of his business is more focussed on knowledge and his specialized network of clients.

    I hope this will be enough for a short run down without the details of the common used practices...

    MrEsco
    Beware of weird people

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    19
    Quote Originally Posted by nihil
    ISPs don't intercept mail without a court order. OK they log activity but have no idea of what people are doing unless they analyse their logs.

    The three likely sources are:

    1. A keylogger.
    2. Spyware that sends duplicates of e-mails.
    3. An insider.
    Yep, he changes frequently his passwords and the last week he's using a lot of diffrent computers (thats what he said).

    Spyware: Yep, is possible but we didnt detected any known spyware/trojan...

    Yep: thats our main focus but he claims that there are duplicate emails going around. People quoting his emails (yep sounds like poetry)

    MrEsco

    PS: and why the hell am i using "yep" alot? Might it be a virus?
    Beware of weird people

  8. #8
    Junior Member
    Join Date
    Jan 2004
    Posts
    3
    Maybe you can tell him to send you mail with a photo from a webserver owned by you.
    Then you can add a script that will log all the ips who are downloading this photo and you ll see whether someone intercepts his mail.
    Then you can track the ip who viewed your photo and his mail

    its my 2nd post so be gentle
    Last edited by lazy13; December 19th, 2007 at 06:54 PM.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    Nature of his business is more focussed on knowledge and his specialized network of clients.
    Does he send the same or similar mails to them all? If so, the compromise might be outside of his business at a client? Is he sure that all his clients are genuine?

    Spyware: Yep, is possible but we didnt detected any known spyware/trojan...
    What tools have you used? remember that conventional AV products are not very good at detecting trojans and spyware, particularly as the spyware may look like a legitimate application.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    no social hacking, just curious. i live in a city called Escondido, right by San Diego. For short we call it Esco

    Well, on to your options. I think the most used technique to find a leak is by sending false information and seeing if your suspect picks up on it. This is used by even the most un-tech savvy of computer users. Putting something in an juicy or interesting in an email and then casually bringing it up later in a conversation and seeing if the suspect lets out more than you have told him.

    But if the person is using some cheap online email account you can add an IP/timestamp logger to your emails. Actually, depending on how you used it, it could probably work in the best of online email accounts. Anywho, here's the gist: you make a small perl script that does the following,

    open log file;
    store a line like "$ENV{REMOTE_ADDR} (ip of whoever opens the email) opened the email at $timestamp\n";
    close log file;

    open image file;
    get image file;
    print image file;
    close image file;

    This is something i used to use and it works. But today, sites like gmail automatically block images in emails, just like outlook, unless the user clicks a link to show the images. So if that's the case, you can create an email where the main focus is the data on some graph or other interesting image that would cause the user to download the image.

    I had a pretty nice program back in the day. I modified my .htaccess so that .gif extensions were associated with cgi scripts (just to add to the realness ) and i used sendmail to alert me whenever the image was triggered as well as logged everything to a file.

Similar Threads

  1. Where Do I Start (Different Newbie Question)
    By Outer_Heaven in forum Newbie Security Questions
    Replies: 30
    Last Post: January 5th, 2005, 02:13 AM
  2. Asking smart questions
    By pwaring in forum Other Tutorials Forum
    Replies: 60
    Last Post: October 22nd, 2004, 09:15 PM
  3. Windows XP SP2 newbie question!
    By Owmen in forum Microsoft Security Discussions
    Replies: 14
    Last Post: September 26th, 2004, 05:53 PM
  4. Antipoints newbie question
    By TechieChick in forum AntiOnline's General Chit Chat
    Replies: 8
    Last Post: February 11th, 2002, 07:30 PM
  5. Newbie Firewall Question DLL
    By suzkaw in forum Newbie Security Questions
    Replies: 4
    Last Post: February 4th, 2002, 02:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides