Topic: Security Issue with server having iRedMail
we have iRedmail .5 on centos 5.4 in test environment ( no other activity other than doing some tests for routing mails back and forth to test customer's scenarios), somehow 3 -4 months back our domain which was used for 'a record' for mail routing, got blocked from the domain registrar on the account domain pointing to phishing page of HSBC. here is the message from domain registrar
XXX Domain Registrar Suspended on Sep 25, 2010 (Reason: Phishing attack on HSBC - http://subdomain1.domain.com/.hsbc/onli … /CAM10.php )
we realized this today as we were about to renew this domain (never used this domain except testing)
Sorry for asking such kind of silly questions as I have little knowledge on linux ( most of my tech experience is on windows platform) how to identify & remove these php files & further how can avoid such scenarios.