Welcome to Pegasus Mail & Mercury Sign in | Join | Help

Peter Strömblad

Peter lives in Sweden and is an independent contractor with hosting services.
April oh April, Where art thou?

Time certainly flies, so fast it's hard to recall what I did this month:

  • Got community.pmail.com working 
  • Added lots of info to community.pmail.com
  • Added overview pages, even editable content
  • Added forms for feedback and ads-interests
  • Bought CS-2007, that includes knowledgebase and much better theming (will hopefully upgrade the community during late summer.
  • Closed the 2006 financials for many clients
  • Got down to hacking user controls and a common library for all my webapps
  • Managed to create dual vpn and dynamic tunnels with the cisco-pix501 devices.
  • Created my own pilot dyndns app.
  • Helped an client that got infested by backdoors from China

Viruses and Trojans
As it seems more and more threats are so sofisticated that it is getting difficult to fight the rootkits off. Especially when it comes to virtual servers and terminal servers the load on a technician is heavier than before. You do need more knowledge to be better at closing down an installation before the sh... hits the fan.

A larger server farm called for help. They had gotten infested through their terminal servers, spreading backdoors and keystroke loggers over mIRC and shares. Most likely is that the badware was indeed installed by the users themselves. We traced the traffic using protocol analyzers down to servers in China. They communicated passwords and files using port 80 and tcp port 888.

When traffic is routed over port 80, used for www traffic, not much can be done to block this. However normally in a firewall installation not many restrict the outbound channels. Meaning NAT initated traffic from inside the wall is limitless, opening up all sorts of botnets, chat clients etc. As I see it, there is not much to do than to restrict outbound traffic to well known ports - for now...

Mercury-Testing...
Lots of new beta releases has come this month. We've tested nearly all, and have started testing the possibilities to do relaying - meaning to have a front end, or multiple front ends of Mercury, that then relays the email into the DMZ. 'Seems that it may be possible to do a rewrite of the incoming files into the Pegasus Mail native .101 format, and then have the email relayed off to a specific host without alteration of the original recipient mail headers.

Mods of the community
I've added to the buttons that do work inside the community. Thanks to that aspx-pages can be interpreted on the fly at the server-side almost anything is possible. For anyone interested in how the tweaks has been done, pls contact me directly.

Spring is in the air
Sweden is now in its most beautiful state. Temperature is much higher this year than last year. About 4 weeks ahead of "normal" time. This year I'm really looking forward to summer-break. It'll give me more time to do many of the smaller tasks that complete my projects, job- or private related the same....

See ya,

Posted: Monday, April 30, 2007 2:13 PM by Peter Strömblad

Comments

No Comments

Anonymous comments are disabled