[BlueOnyx:01515] Re: Slammed with Spammer
Charles Bowman
charlesbowman at wknet.co.uk
Sat Jun 27 13:03:04 -05 2009
Check your secure logs:
#more /var/log/secure
Look for *lots* of connections, verifying the IP address will give you
anything obvious; i.e. Taiwanese IP logging-in.
Check the webspace for the user for any Phisting scams & web back doors.
Check the rest of the box has not been compromised...
Cheers,
Charles
-----Original Message-----
From: blueonyx-bounces at blueonyx.it
[mailto:blueonyx-bounces at blueonyx.it]On Behalf Of Steve Davis
Sent: 27 June 2009 18:05
To: blueonyx at blueonyx.it
Subject: [BlueOnyx:01513] Slammed with Spammer
Importance: Low
Having an issue with an old enemy on a new BO box.
net.tw,
gov.tw
org.tw
net.tw
com.tw
take your pick.
Some how, they must know one of the emails userid and password on the
box and are sending 4000 - 5000 spams per hour into my mail queue.
I have turned off PopBeforeSMTP, so probably not sending email out.
Probably.
How do I tell which account is being used to connect.
Any other suggestion of course is always appreciated.
Steve
_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list