Directadmin Users [ATTENTION]

[Dom]

There as been a rumor going around that a security vulnerability has been found in the latest Direct Admin. Here is a Sample of the email :

From: DirectAdmin <da-mailer@directadmin.com>
Subject: DirectAdmin Client Message

Dear --------,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com

Please be AWARE that this is a FAKE Email and was confirmed by John from the Direct Admin Team.

If you look here :

    Van:     DirectAdmin <da-mailer@directadmin.com>     Onderwerp:     DirectAdmin Client Message (...)     Received:     from server2.filtermail.eu ([85.17.205.251]) by adam.in1klik.nl with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <directadmin@directadmin.com>) id 1QPL3A-0001N8-Lg for randy@aklmedia.nl; Wed, 25 May 2011 22:51:28 +0200     Received:     from jbmc-software.com ([216.194.67.119]) by server2.filtermail.eu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <directadmin@directadmin.com>) id 1QPL3z-0003sa-Pc for randy@aklmedia.nl; Wed, 25 May 2011 22:52:28 +0200     Received:     from apache by jbmc-software.com with local (Exim 4.76) (envelope-from <directadmin@directadmin.com>) id 1QPL50-0005ls-90 for randy@aklmedia.nl; Wed, 25 May 2011 14:53:22 -0600     Message-Id:     <E1QPL50-0005ls-90@jbmc-software.com>     Received-Spf:     Received-SPF: pass (server2.filtermail.eu: domain of directadmin.com designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119; envelope-from=directadmin@directadmin.com; helo=jbmc-software.com;     X-Spf-Result:     server2.filtermail.eu: domain of directadmin.com designates 216.194.67.119 as permitted sender     X-Spf:     pass     X-Ols-Boguswarn:     No x-mailer header     X-Ols-Boguswarn:     Sent by robot (mfrom)     X-Ols-Boguswarn:     Sent by robot (From:)     X-Fake-Warning:     OK - 5000 points     X-Filter-Id:     XtLePq6GTMn8G68F0EmQve9sOybHbNjwoourtTCVrOvnyrNzTeFPWx66s/MLrrLAS7X5R1anTuIn Gq7k6TFebWQ5ZcPo2zavaIwIuwv2SqA4zRxQJj2DuZ1YYzNQ6Ok4NnDuFQ1kxqTeo7E2me9LrfI8 +gAvTzmvR9boBKdd/1zbnbZw5rlyjpgD1kEPC6KHvewR4GcrMXLS3kY6CAo4/rA7SwKBklAAzGDl H/yt1lHLf5qsjZkwKN1JVK2Kks799R/2gMGq0KWAzmMf+ibVDhO74WP7oig6AJKRgcUl6MZ4UsI+ aSVu1DgAomPoHRPa/b9N3TCpi26Qiqgg+uPHBMqtJwQ5BQh6LHvW/c5BBojIvfSw53BgNF/GB2yS +Ho/HM4PDUthpgkNh9t/fOdpSL64jneVZyLEKWp1aJ10Ql1yyqppsTYzYAtoaMJsxAfweoWeEoK4 kS3whDXu3JqLoPY4ocfmWv3Fe9Iziczdq+A=     X-Filtermail-Class:     ham;     X-Filtermail-Score:     0.34773902084     X-Filtermail-Evidence:     'ole': 0.50; 'crm114': 0.50; 'direct': 0.50; 'spambayes.global_tokens': 0.09; 'pyzor': 0.50; 'sa': 0.50; 'os': 0.42; 'dkim': 0.50; 'dnsbl': 0.75; 'sender': 0.50     X-Filtermail-Thermostat:     --

Its coming from the mail server.

Please be on the look out.

Credits to XSLTel for alerting us in the SB

 

[Kruno]

Sad to see even well known hosts are stupid enough to continue spreading malware. It's a shame.

 

[eLight]

Yep, I saw that. I wonder what has been taken (if taken at all) from their servers... Not a good thing to happen for DA being in the server business themselves. Probably been quite a few servers added to a botnet from that email now though, sadly.

 

[Smith]

Sad to see even well known hosts are stupid enough to continue spreading malware. It's a shame.

Altushost is runned by biggest idiots, EVER!

 

[Mareshal]

Got the email too, but didn't read it until now