Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 11 Mar 2005 08:17:00 -0700, Robin Laing
<Robin.Laing@xxxxxxxxxxxxxxx> wrote:
> Bob Brennan wrote:
> >>If you followed the instructions I gave, they'd be in /var/spool/mqueue.spam
> >>
> >
> >
> > As soon as I got to the machine, with spam still obviously being sent
> > out, I checked all users. There were only entries for me as root
> > having logged on just a few moments earlier, nothing else. I won't
> > rule that out of course but occam's razor points to my many attempts
> > to get sendmail to relay my remote Evolution/Outlook clients.
> > Apparently I *did* get relaying working - just not for me! I had
> > carefully noted my changes to sendmail.mc (mentioned earlier) and the
> > first thing I did was comment them out, rebuild and reboot. It was the
> > reboot that flagged up the mysqld problem, and that might have
> > happened over several weeks since I rarely reboot.
> >
> 
> I wonder if one of the Outlook clients was doing the spamming?  Again
> the headers and log files may give a hint but the headers were deleted.

Robin-

I never actually got any remote Outlook clients working, although
Outlook on the LAN was ok. The spam text was Chinese pictures,
graphics, and text - nothing I had ever seen before in my own Inbox as
spam; so I am guessing it was a relay from a chinese machine to a
chinese audience. I am not at my machine right now but plan to do some
forensics on it asap.

The MySql missing/corrupt file is /var/lib/mysql/mysql/host.frm which
is part of the users/permissions database for mysql itself. Right next
to that directory is the /Horde/ database which I have been
installing/configuring in the last few days so I suspect that problem
was unrelated to the spam incident.

Thanks for the thoughts,
bob


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux