If you are using Exim mail server version below 4.92 - update immediately. Starting from version 4.87 to 4.91 inclusive, the mail server contains an error in the code, which can be used by attackers to get root-access to the server. This is an extremely dangerous situation.
In order to upgrade, you need to connect to the server via SSH as a user with root privileges and execute the commands below in the terminal. Be careful - an unscheduled update carries certain risks. If in doubt, let your server administrator handle the update or contact our support specialists.
Make sure the mail server is installed:rpm -qa | grep exim
The result will be the Exim version: exim-4.88-3.el7.x86_64
If the version is below 4.92, perform the upgrade: yum update exim
Restart the mail server: service exim restart
Make sure exim is installed:dpkg -l | grep exim
Run the update:apt-get update && apt-get install exim4
Restart the mail server:service exim4 restart
After the update, change all passwords on the server: root, regular users, database passwords, mail, etc.
Check running services with top command
Infected servers will show a 100% load created by the [kthrotlds] process. You can also find a task in cron scheduler which restricts editing privileges.
Update Exim server, change all passwords, scan and clean the server from viruses - by yourself or with the specialists help. In theory, this may help - but there is no guarantee that the attackers did not hide the backdoors for future infections.
Monday, June 10, 2019
