[dba-Tech] Exchange/Domino Server compromised

Stuart McLachlan stuart at lexacorp.com.pg
Wed Jul 19 02:05:14 CDT 2006 

On 18 Jul 2006 at 21:08, artful at rogers.com wrote:

> A good friend of mine is in serious trouble. It appears that his
> Exchange/Domino server (one box running both) has been compromised.
> Looks like someone has got in and turned it into a spam server.
> Something is consuming 100% of the resources. Fixing this is way
> beyond my skill set. Does anyone have any suggestions that I can pass
> on? What to do? Shut down the server, re-install everything and start
> over? How to find the avenue of compromise? My friend is in big
> trouble, with limited resources, and he's a valued friend. I don't
> have any skills in either Exchange or Domino so I'm at a total loss
> and hoping someone here can give me advice to pass on to him.

Make sure for a start that it is not just Store.exe choking on a malformed message and 
running at 100% CPU.
Shut down Exchange, move everything out of the queues and restart.






-- 
Stuart McLachlan

More information about the dba-Tech mailing list