[BlueOnyx:10934] Re: server being abused

Greg Kuhnert gkuhnert at compassnetworks.com.au
Fri Jul 6 03:40:15 -05 2012 

Hi Steffan.

On 7/6/2012 4:50 PM, Steffan wrote:
>
> Webmail is almost empty so that is not the problem
>
> Is it possible to hack in to a site with httpd
>
> Then use your own script to send out email without
>
> Logging it in to maillog.
>
> It looks like it is not a php script, that will be logged in the email 
> log.
>

Try this:

watch lsof -n -i tcp:25

This will update your screen every 2 seconds - reporting running 
processes that listeners on port 25, or current open connections (both 
inbound and outbound) on port 25. Look for any process names other than 
the normal sendmail daemon to get an idea of what is happening.

Regards,
Greg.


> Steffan
>
> *Van:*blueonyx-bounces at mail.blueonyx.it 
> [mailto:blueonyx-bounces at mail.blueonyx.it] *Namens *Chuck Tetlow
> *Verzonden:* donderdag 5 juli 2012 19:25
> *Aan:* BlueOnyx General Mailing List
> *Onderwerp:* [BlueOnyx:10932] Re: server beinng abused
>
> If you're got OpenWebMail or another webmail package - look in its 
> logs. We've had some easy passwords guessed and then the webmail was 
> abused to send out crapola.
>
>
>
> Chuck
>
>
>
>
> *---------- Original Message -----------*
> From: "Steffan" <general at ziggo.nl <mailto:general at ziggo.nl>>
> To: "'BlueOnyx General Mailing List'" <blueonyx at mail.blueonyx.it 
> <mailto:blueonyx at mail.blueonyx.it>>
> Sent: Thu, 5 Jul 2012 19:12:06 +0200
> Subject: [BlueOnyx:10931]  server beinng abused
>
> > Hello,
> >
> > I have a server that is getting blacklisted
> > Spamhaus says it is a email issue
> >
> > There is nothing in the logs
> > Looks like someone is sending emails without the server is logging it
> > How to find this problem ?
> >
> > Cant find any post commands in the httpd log
> >
> > Server is 5106 R and has abouth 100 sites
> >
> > _______________________________________________
> > Blueonyx mailing list
> > Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
> > http://mail.blueonyx.it/mailman/listinfo/blueonyx
> *------- End of Original Message -------*
>
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120706/5ddb8392/attachment.html>

More information about the Blueonyx mailing list