[BlueOnyx:10934] Re: server being abused

Fri, 06 Jul 2012 01:42:46 -0700 

Hi Steffan.

On 7/6/2012 4:50 PM, Steffan wrote:


Webmail is almost empty so that is not the problem

Is it possible to hack in to a site with httpd

Then use your own script to send out email without

Logging it in to maillog.


It looks like it is not a php script, that will be logged in the email 
log.




Try this:

watch lsof -n -i tcp:25


This will update your screen every 2 seconds - reporting running 
processes that listeners on port 25, or current open connections (both 
inbound and outbound) on port 25. Look for any process names other than 
the normal sendmail daemon to get an idea of what is happening.


Regards,
Greg.



Steffan


*Van:*[email protected] 
[mailto:[email protected]] *Namens *Chuck Tetlow

*Verzonden:* donderdag 5 juli 2012 19:25
*Aan:* BlueOnyx General Mailing List
*Onderwerp:* [BlueOnyx:10932] Re: server beinng abused


If you're got OpenWebMail or another webmail package - look in its 
logs. We've had some easy passwords guessed and then the webmail was 
abused to send out crapola.




Chuck




*---------- Original Message -----------*
From: "Steffan" <[email protected] <mailto:[email protected]>>

To: "'BlueOnyx General Mailing List'" <[email protected] 
<mailto:[email protected]>>

Sent: Thu, 5 Jul 2012 19:12:06 +0200
Subject: [BlueOnyx:10931]  server beinng abused

> Hello,
>
> I have a server that is getting blacklisted
> Spamhaus says it is a email issue
>
> There is nothing in the logs
> Looks like someone is sending emails without the server is logging it
> How to find this problem ?
>
> Cant find any post commands in the httpd log
>
> Server is 5106 R and has abouth 100 sites
>
> _______________________________________________
> Blueonyx mailing list
> [email protected] <mailto:[email protected]>
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
*------- End of Original Message -------*



_______________________________________________
Blueonyx mailing list
[email protected]
http://mail.blueonyx.it/mailman/listinfo/blueonyx




_______________________________________________
Blueonyx mailing list
[email protected]
http://mail.blueonyx.it/mailman/listinfo/blueonyx






















					Reply via email to