On 2/26/2013 8:53 AM, Jamie wrote:
On 2013/02/26 3:32 PM, Deeztek.com Support wrote:On 2/26/2013 7:52 AM, Eero Volotinen wrote:Like I said, as soon as I blocked the troublesome IP's the problem wentaway. Thus, it cannot be a local script. Furthermore,we are not even running Apache. We are running Tomcat with custom developed
*** /etc/hosts *** 127.0.0.1 localhost.localdomain localhostAs I suspected. I really believe that the suspicious traffic was coming from your box. Even if that public IP address resolves to localhost it's not resolving to localhost.localdomain as what the transaction log you sent indicated. That's hard coded in your box and it doesn't matter what DNS says. It's possible that public IP was a CC server and blocking it may have stopped the spam but the problem still remains.
Please run the following to install and run chkrootkit to see if it finds anything:
sudo aptitude install -y chkrootkit sudo chkrootkit --
smime.p7s
Description: S/MIME Cryptographic Signature
