JanaServer (free proxy) sending out spam!

F

Flapjack

2[H]4U
Joined
Apr 29, 2000
Messages
3,207
I thought I would post this here... but I'll probably post it everywhere I can.

I've run JanaServer2 for years, as a way to limit my kids' webtraffic. I run the server on a XP virtual machine. Other than the fact that it's obviously sending out thousands of spam messages a day, it's been great.

I'm not sure for how long this has been going on, but I my dad got a rejection notice today when writing his work. I looked at the NDR and it showed listed on SpamHaus. I checked SpamHaus and found it listed due to being on CBL. CBL showed it as "unidentified" spambot traffic. So I had to dig in deeper.

I ran TCPView on each system until I found janad.exe pumping out spam on the proxy server I set up for the kids. I killed the service and immediately the connections started dropping off.

I need to do some research and determine whether or not it was spyware filled freeware, or somehow was subverted by a trojan/virus. I'm leaning towards the former, since that particular machine runs nothing besides a pared down XP install, and the JanaServer software. I don't even browse the web through it.

I am so pissed off right now... I've been running this program for years now. Can anyone recommend other spam blacklists I can check my IP against?
 
Do you use NAT on your router or is the XP box in a DMZ of some kind?
 
Yeah. Spamhaus can blow me. I gave up running a mail server and just use the free google apps for two of my domains. Works so much nicer.
 
/usr/home said:
Yeah. Spamhaus can blow me. I gave up running a mail server and just use the free google apps for two of my domains. Works so much nicer.
Click to expand...
I dunno. It's a tough war, but having complete control over mail is worth it. All internal mail traffic never leaves domain. That alone is worth a lot to me. I'm a big Google user, but I don't think for one minute that my info is safe with them.
 
You can use a smart host for your outbound mail to maintain most of the control.
 
ACLs to only allow outbound tcp port 25 traffic from authorized hosts on your network (i.e. only your local mail server IP address). Set up SMTP authentication on your local mail server. Then work to figure out who/what is sending out the spam.
 
/usr/home said:
Yeah. Spamhaus can blow me. I gave up running a mail server and just use the free google apps for two of my domains. Works so much nicer.
Click to expand...

I've never had any problems :) then again i'm using a REAL firewall :D

ASA = blows.
 
... It has nothing to do with firewall. Has to do with spamhaus listing my static ip as a dynamic and not delisting it.

I'd more inclined to say that an ASA is more of a real firewall than a Sonicwall.
 
/usr/home said:
... It has nothing to do with firewall. Has to do with spamhaus listing my static ip as a dynamic and not delisting it.

I'd more inclined to say that an ASA is more of a real firewall than a Sonicwall.
Click to expand...
For home use? Give me a linux box any day of the week.

As far as email; google apps is awesome. I'm willing to let google snoop in my boring email as the price paid for an awesome service.
 
ASA = Firewall

Sonicwall = UTM

Also I think a lot of sonicwalls don't stack up to the ASA at the evaluation assurance level

I think for ACLs etc I would pick an ASA over a sonicwall any day.
 
This could've been prevented by simply configuring Windows Firewall and not being so lax. The only thing the machine does is serve as a proxy server. I could've blocked all outgoing ports besides the ones it absolutely needed.

This was definitely a wakeup call. I'll be configuring WF through GPOs and doing what I can to tighten things up. A better firewall is definitely on my list, too. I usually have a PFSense box running as a firewall, but had hardware problems and needed to take it down. Needless to say, its going back up this weekend...
 
You must log in or register to reply here.
Back
Top