I hired a developer to install OpenFire, and do some other work for me. The relationship hasn’t been smooth, and recently he sent some threatning emails regarding the setup of OpenFire.
Specifically, he said something about setting up the ‘OpenFire server alive time’ and a script he wrote to clear the openfire database on a specific interval, and restart again. Eventually, XMPP won’t work.
Is there anything he could have done to make this threat legitimate? He has been unresponsive to my replies.
This could be a shell script. Started with at, cron or at reboot - try to scan these things. Internal DB? Changing all password and removing unknown authorized keys is likely no fault.
He was provided with root access to set everything up. Since then, I’ve deleted openfire, created a fresh install, and changed all root/db/cpanel passwords.
Is there something he could have installed while he had root access that would constantly attack any openfire installation?