[BlueOnyx:09176] Re: Some kind of attack?
Abdul Rashid Abdullah
webmaster at muntada.com
Tue Dec 6 19:21:28 -05 2011
Thanks for the tipsŠ.I haven't found anything yet but it was worth the
investigation.
On 12/6/11 6:37 PM, "Maurice de Laat" <mdlaat at muisnetwerken.nl> wrote:
>Hi Rashid
>
>On Tue, Dec 06, 2011 at 06:10:17PM -0500, Abdul Rashid Abdullah wrote:
>
>> I just had a situation in which my server became overwhelmed.
>>Fortunately
>> I was able to login and found a lot of processes such as the following
>>on
>> the system:
>>
>> root 5031 18125 0 17:21 ? 00:00:00 sendmail: server
>> 115-64-9-98.static.tpgi.com.au [115.64.9.98] cmd read
>>
>> I stopped sendmail services and then restarted them which killed of all
>>of
>> these processes. What else should I do and is there a vulnerability in
>> the system that is being exploited? Does it require a patch or is it a
>> configuration issue?
>
>I had something simular a few weeks ago. In my case it was someone who
>succesfully did a brute force attack on the POP3 protocol, which allowed
>them to use the server as a smtp server.
>
>You could check the mailqueue (command mailq) to see if there are a lot
>of
>outgoing messages waiting to be send. Mailq displays the messagenumber,
>which on turn can be found in the maillog giving you the local user that
>sent the message.
>--
>Maurice de Laat
>_______________________________________________
>Blueonyx mailing list
>Blueonyx at mail.blueonyx.it
>http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
More information about the Blueonyx
mailing list