I have an instance of Surgemail installed on a virtual server at
Linode. I have most stuff turned off and the attack surface seems to be
small but missing a couple of details.
I see I have a listener open on TCP 366. From what I have found this is
for atrn( I know what atrn is and have used it in the past) but I don't
see a switch to turn that off to drop that listener.
The other thing I have not looked at in detail is failed logins to the
admin interface to Surgemail. I don't know where those are logged so I
can at least monitor hacker failures trying to break in on that
interface. Any pointers would be appreciated.
Thanks,
Lyle Giese
LCR Computer Services, Inc.
|