Sales: 0845 388 67 93
Technical: 0845 388 67 94
info@lawyersonline.co.uk
 Lawyers Online
tl image News and Announcements tr image
 
tl image Your Basket tr image

Downtime | Monday, 24 May, 2010 | Emergency Maintenance on POP Server 24th May 2010 | Read More |

Announcement | Wednesday, 21 April, 2010 | Up to 40 Mbps Broadband Services now available | Read More |

View Articles
 

View Basket

 the basket
bl image   br image
 
bl image   br image
tl image Menu tr image
Services
Domain Hosting
divider
Security
Risk Reduction
IP Auditing
divider
Hardware Products
Routers
divider
Member Services
Secure Web Mail
Control Panel
Domain Check
Broadband Check
Technology Explained
divider
Related Services
CPD Online
Virgo Accounts
Transcription Services
Backup Direct
Managed Web Content
Practice Management Consultancy
divider
Portal Services
Legal News
Search
Find a Solicitor
divider
Contact
About Us
Contact Us
divider
Legal
Terms & Conditions
Acceptable Use Policy
Suspension Terms
Code of Practice
Complaints Procedure
Leased Line SLA
bl image   br image
tl image News and Announcements tr image

News: Are spammers quietly hijacking your Exchange Server?
Date: Monday, 17 November, 2003
Categories: IT Security, Electronic Mail

Posted by: Lawyers Online

Silicon.com is currently running a story by Robert Lemos who writes for CNET News.com entitled "Spammers quietly hijacking your Exchange server?". In our opinion, It's a must read for anyone running an exchange server.

New hope has been provided, for people who would like to live without spam in their email inbox everyday, by the New Privacy and Electronic Communications Rules and although these new rules come in to effect in December, we are concerned that with the number of security problems currently plaguing email servers that no one will be able to catch the spammers.

Lawyers Online is constantly being contacted by members and non-members wanting to know how they can fix the damage done by spammers using their PCs. Unfortunately this contact only comes after the PC has been abused and often take several days, sometimes weeks to resolve. Preventative measures are highly recommended for any company which can not afford to be without email.

If you haven't done so already you need to ensure that it can not be abused by others to send spam. The IT company which sold you the Exchange server should be able to do this for you.

Once you have secured your exchange server or once you have invested in a new firewall we suggest you have the new system checked by an independent party. Lawyers Online provides this as part of our IT Security Audit service.

Related Web Links

Posted by: Lawyers Online

This story is from silicon.com

Story URL: http://www.silicon.com/management/itpro/0,39024675,39116920,00.htm

Spammers quietly hijacking your Exchange server?

Robert Lemos
CNET News.com
November 17, 2003

Administrators of email systems based on Microsoft's Exchange might have spammers using their servers to send unsolicited bulk email under their noses, a consultant has warned.

Aaron Greenspan, a Harvard University junior and president of consulting company Think Computer, published a white paper last Thursday detailing the problem, discovered when a client's server was found to be sending spam. Greenspan's research concluded that Exchange 5.5 and 2000 can be used by spammers to send anonymous email. He says even though software Microsoft provides on its site certifies that the server is secure, it's not.

"If the guest account is enabled [on Exchange 5.5 and 2000], even if your login fails, you can send mail, because the guest account is there as a catchall," he said. "Even if you think you've done everything [to secure the server], you are still open to spammers."

The guest account is a way for administrators to let visitors use a mail server anonymously but because of security issues, the feature is generally not enabled. Exchange servers that had been infected by the Code Red worm and subsequently cleaned will still have the guest account enabled, Greenspan said.

There are dozens of messages - with subject lines such as "Open relay problem" and "We are sending spam?" - on Microsoft's Exchange Administration newsgroup, sent by information system managers who haven't been able to staunch the flow of spam from their servers.

Microsoft, however, said the problem is relatively minor and that the company hasn't had many complaints.

"This particular method of sending spam relies on specifically configured servers or is leveraging weaknesses in the protocol itself," the software giant said in a statement issued in response to questions from silicon.com sister site CNET News.com. "The fact is that Microsoft has not received a lot of calls from customers that have experienced problems detailed by Think Computer."

Moreover, the company said the issue doesn't affect the latest version of the software, Exchange Server 2003.

Greenspan, however, argued that the problem has accounted for a large amount of unsolicited email. He estimates that at least 100,000 messages spammers in China sent went through his client's server before he stopped the problem. He added that the issue is causing headaches for Exchange administrators.

"It is really inexcusable for a company that claims security is its top priority," he said.

Robert Lemos writes for CNET News.com.

Copyright © 2003 CNET Networks, Inc. All Rights Reserved.
silicon.com is a registered service mark of CNET Networks, Inc.
silicon.com Logo is a service mark of CNET NETWORKS, Inc.

Related Products
IP Security Audit
Email Protection  

bl image   br image
Valid HTML 4.01! Lawyers Online Ltd is a company registered in England and Wales with Company Number 3610220
VAT Registered number 713698219

© 2003 - 2010 Lawyers Online Ltd

This page or its content may not be reproduced without the express permission of Lawyers Online Ltd.
All Third-Party Trademarks acknowledged. 		Valid CSS!