Hacker Problem
I have a hacker on an old server - which I've left now and will shutdown very soon. What I'm worried about is he may have all the email passwords from the old server and then use them on the new server to open one of our clients email accounts. What I'm most concerned about is that he will send an email with a virus to an account on the new server to again try to re-gain root access. I thought of configuring exim to deny any emails with attachments for say a few weeks - what do people think of this solution? How would I do this?
I've got an Anti-Virus clamav setup but it runs say every hour or so - plus it takes about 30 mins to complete one scan, during this time the hacker could send a virus in an email to new server and open attachment and maybe gain root access again? Actually is this how trojans work?
I'm also going to email all clients about updating their passwords - but there will always be some who don't.
Anyone got a better solution to this problem? Can anyone tell me how to config exim to block attachments - if this is the only solution.
