A friend called me to see why his Linux server was blacklisted.
I searched, and here's what I got
http://www.robtex.com/rbls/69.36.2.186.html
He gave me the root password, so I went in and ran a netstat. As you
can imagine, tons and tons and tons of connections to outgoing mail servers.
I ran through some of the commands I found here
http://www.hackinglinuxexposed.com/articles/20030515.html
and found a few interesting things, such as lots and lots of mail
traffic going to the init PID 4702. Also, there was lots of traffic
coming in on weird ports and going out on the SMTP port.
Figuring that init had something to do with root, I rebooted. The
server has been fine for the last 10 minutes or so. The "netstat 1"
command shows no new connections.
Any ideas on what may be the root cause?
Roger
