If you are using Exim mail server version below 4.92 - update immediately. Starting from version 4.87 to 4.91 inclusive, the mail server contains an error in the code, which can be used by attackers to get root-access to the server. This is an extremely dangerous situation.

How to upgrade?

In order to upgrade, you need to connect to the server via SSH as a user with root privileges and execute the commands below in the terminal. Be careful - an unscheduled update carries certain risks. If in doubt, let your server administrator handle the update or contact our support specialists.


Make sure the mail server is installed:

rpm -qa | grep exim

The result will be the Exim version: exim-4.88-3.el7.x86_64 
If the version is below 4.92, perform the upgrade: 

yum update exim

Restart the mail server: 

service exim restart

Debian or Ubuntu

Make sure exim is installed:

dpkg -l | grep exim

Run the update:

apt-get update && apt-get install exim4

Restart the mail server:

service exim4 restart

After the update, change all passwords on the server: root, regular users, database passwords, mail, etc.

How to find out that your server is hacked?

Check running services with top command
Infected servers will show a 100% load created by the [kthrotlds] process. You can also find a task in cron scheduler which restricts editing privileges.

What if the server has already been hacked?

Update Exim server, change all passwords, scan and clean the server from viruses - by yourself or with the specialists help. In theory, this may help - but there is no guarantee that the attackers did not hide the backdoors for future infections.

Monday, June 10, 2019

« Back