Directadmin Users [ATTENTION]

[Dom]

There as been a rumor going around that a security vulnerability has been found in the latest Direct Admin. Here is a Sample of the email :

From: DirectAdmin <da-mailer@directadmin.com>
Subject: DirectAdmin Client Message

Dear --------,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com

Please be AWARE that this is a FAKE Email and was confirmed by John from the Direct Admin Team.

If you look here :

Code: 

    Van:     DirectAdmin <da-mailer@directadmin.com>     Onderwerp:     DirectAdmin Client Message (...)     Received:     from server2.filtermail.eu ([85.17.205.251]) by adam.in1klik.nl with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <directadmin@directadmin.com>) id 1QPL3A-0001N8-Lg for randy@aklmedia.nl; Wed, 25 May 2011 22:51:28 +0200     Received:     from jbmc-software.com ([216.194.67.119]) by server2.filtermail.eu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <directadmin@directadmin.com>) id 1QPL3z-0003sa-Pc for randy@aklmedia.nl; Wed, 25 May 2011 22:52:28 +0200     Received:     from apache by jbmc-software.com with local (Exim 4.76) (envelope-from <directadmin@directadmin.com>) id 1QPL50-0005ls-90 for randy@aklmedia.nl; Wed, 25 May 2011 14:53:22 -0600     Message-Id:     <E1QPL50-0005ls-90@jbmc-software.com>     Received-Spf:     Received-SPF: pass (server2.filtermail.eu: domain of directadmin.com designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119; envelope-from=directadmin@directadmin.com; helo=jbmc-software.com;     X-Spf-Result:     server2.filtermail.eu: domain of directadmin.com designates 216.194.67.119 as permitted sender     X-Spf:     pass     X-Ols-Boguswarn:     No x-mailer header     X-Ols-Boguswarn:     Sent by robot (mfrom)     X-Ols-Boguswarn:     Sent by robot (From:)     X-Fake-Warning:     OK - 5000 points     X-Filter-Id:     XtLePq6GTMn8G68F0EmQve9sOybHbNjwoourtTCVrOvnyrNzTeFPWx66s/MLrrLAS7X5R1anTuIn Gq7k6TFebWQ5ZcPo2zavaIwIuwv2SqA4zRxQJj2DuZ1YYzNQ6Ok4NnDuFQ1kxqTeo7E2me9LrfI8 +gAvTzmvR9boBKdd/1zbnbZw5rlyjpgD1kEPC6KHvewR4GcrMXLS3kY6CAo4/rA7SwKBklAAzGDl H/yt1lHLf5qsjZkwKN1JVK2Kks799R/2gMGq0KWAzmMf+ibVDhO74WP7oig6AJKRgcUl6MZ4UsI+ aSVu1DgAomPoHRPa/b9N3TCpi26Qiqgg+uPHBMqtJwQ5BQh6LHvW/c5BBojIvfSw53BgNF/GB2yS +Ho/HM4PDUthpgkNh9t/fOdpSL64jneVZyLEKWp1aJ10Ql1yyqppsTYzYAtoaMJsxAfweoWeEoK4 kS3whDXu3JqLoPY4ocfmWv3Fe9Iziczdq+A=     X-Filtermail-Class:     ham;     X-Filtermail-Score:     0.34773902084     X-Filtermail-Evidence:     'ole': 0.50; 'crm114': 0.50; 'direct': 0.50; 'spambayes.global_tokens': 0.09; 'pyzor': 0.50; 'sa': 0.50; 'os': 0.42; 'dkim': 0.50; 'dnsbl': 0.75; 'sender': 0.50     X-Filtermail-Thermostat:     --

Its coming from the mail server.

Please be on the look out.

Credits to XSLTel for alerting us in the SB

Dom Reviewed by Dom on 26th May 2011. Directadmin Users [ATTENTION] There as been a rumor going around that a security vulnerability has been found in the latest Direct Admin. Here is a Sample of the email : Please be AWARE that this is a FAKE Email and was confirmed by John from the Direct Admin Team. If you look here : Van: DirectAdmin <da-mailer@directadmin.com> Onderwerp: DirectAdmin Client Message (...) Received: from server2.filtermail.eu () by adam.in1klik.nl with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) Rating: 5

[Krun!x]

Sad to see even well known hosts are stupid enough to continue spreading malware. It's a shame.

[eLight]

Yep, I saw that. I wonder what has been taken (if taken at all) from their servers... Not a good thing to happen for DA being in the server business themselves. Probably been quite a few servers added to a botnet from that email now though, sadly.

[Smith]

Sad to see even well known hosts are stupid enough to continue spreading malware. It's a shame.

Altushost is runned by biggest idiots, EVER!

[Mareshal]

Got the email too, but didn't read it until now