Posts by Tom-i

remove pinning.. apt-get update, then install libssl by dpkg. not libssl-dev.. first libssl1.0.0_1.0.1t-1+deb8u8_amd64.deb then the matching libssl-dev..

No problem. I know that package pinning is great but often breaks after a while cause of changed dependencies, updated dependencies, missing dependencies.. and so on
Take your time to sort out. But i think i will not be the only one with problem in this case..
Thanks for holding hand and taking time..

Yes Sure Debian Jessie.

What i can say that imscp reconfiguration worked some weeks ago, So there seems to have something changed with the package dependencies.
I know that you did not change but something changed so it broke.

I only installed the mailman plugin. This set a strange package pinning and sources.list (mix of jessie and stretch) which of course installed some not matching packages. Thats it. I myself surely did not anything strange in that direction.

But no Problem. I got it. Works again and everything is cool again. Keep on.

Thank you.

Got it sorted out. First i had to manual downgrade to libssl-1.0.0, then remove perl-modules and nearly all perl stuff.. mysql-server.. etc

Then i was able to run installer without errors.

Strange situation and for a "normal" user "the end".

I am experiencedwith those things but such a situation should not happen with just a "plugin" that was activated.

Package Installation fails with this error:

Installed libssl-dev from backports but i think the package pinning depends on the version from stable as i have seen in a commit on github..

After that i removed /etc/apt/preferences.de/mailman..

Then i had to install cpan integer..

Than it failed with this error:

Ok i understand. From can be spoofed.

Problem solved. Thanks for your time.

Oh ich habe es gerade gefunden. Ich habe bisher immer nur nach clientdomain.de geschaut. Es ist mir aber gerade aufgefallen das vu2019 garnicht zu clientdomain.de gehört... sondern zu clientdomain2.de ... Somit einem anderen User, welcher natürlich auch auf den ersten Blick direkt infiziert scheint.

@Nuxwin : I have overlooked that vu2019 does not belong to clientdomain.de . clientdomain.de is vu2021.. The sender is constructed as [email protected].. But vu2019 is clientdomain2.de, another client. There seems to be a check missing if the user belongs to the domain.. Could you check this?

Ich habe jetzt chmod 000 auf den htdocs Ordner gesetzt. Die mailq selektiv bereinigt. Leider gehts munter weiter.

Manuell habe ich die Php Files des Wordpress des Kunden geprüft. Keinerlei Infektionen feststellbar.

@Nuxwin yes it seems there is a mail with severeal cc generated.this domain is a wordpress. client says he installed all updates. beside those POST Requests which appear not in the same time as the mails are send i have not seen any activity in this moment. It appears after some sekonds/minutes. I also rebootet the machine already to kill anything that could be loaded to ram. I will investigate it further today.

@biologist Ich denke auch das die da irgendwas in den Ram/SHM laden was dann getriggert wird. Ich bin da eigentlich relativ fit. Aber die Header sagen leider nicht viel mehr aus als der Log. Definitiv nicht direkt aus Php.