[BlueOnyx:10936] Re: server being abused

Steffan general at ziggo.nl
Fri Jul 6 04:02:01 -05 2012 

Thanx will try that

 

 

Van: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] Namens Greg Kuhnert
Verzonden: vrijdag 6 juli 2012 10:40
Aan: blueonyx at mail.blueonyx.it
Onderwerp: [BlueOnyx:10934] Re: server being abused

 

Hi Steffan.

On 7/6/2012 4:50 PM, Steffan wrote:

Webmail is almost empty so that is not the problem

Is it possible to hack in to a site with httpd 

Then use your own script to send out email without 

Logging it in to maillog.

 

It looks like it is not a php script, that will be logged in the email log.


Try this:

watch lsof -n -i tcp:25

This will update your screen every 2 seconds - reporting running processes
that listeners on port 25, or current open connections (both inbound and
outbound) on port 25. Look for any process names other than the normal
sendmail daemon to get an idea of what is happening.

Regards,
Greg.





 

Steffan

 

 

Van: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] Namens Chuck Tetlow
Verzonden: donderdag 5 juli 2012 19:25
Aan: BlueOnyx General Mailing List
Onderwerp: [BlueOnyx:10932] Re: server beinng abused

 

If you're got OpenWebMail or another webmail package - look in its logs.
We've had some easy passwords guessed and then the webmail was abused to
send out crapola. 



Chuck 




---------- Original Message ----------- 
From: "Steffan" <general at ziggo.nl> 
To: "'BlueOnyx General Mailing List'" <blueonyx at mail.blueonyx.it> 
Sent: Thu, 5 Jul 2012 19:12:06 +0200 
Subject: [BlueOnyx:10931]  server beinng abused 

> Hello, 
> 
> I have a server that is getting blacklisted 
> Spamhaus says it is a email issue 
> 
> There is nothing in the logs 
> Looks like someone is sending emails without the server is logging it 
> How to find this problem ? 
> 
> Cant find any post commands in the httpd log 
> 
> Server is 5106 R and has abouth 100 sites 
> 
> _______________________________________________ 
> Blueonyx mailing list 
> Blueonyx at mail.blueonyx.it 
> http://mail.blueonyx.it/mailman/listinfo/blueonyx 
------- End of Original Message ------- 






_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120706/6cc1c558/attachment.html>

More information about the Blueonyx mailing list