[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Getting Hacked! Please HELP ASAP!

Subject: Re: [cobalt-users] Getting Hacked! Please HELP ASAP!
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Fri Aug 25 15:02:14 2000
Organization: Rechtsanwalt

"Casselman, Chad" schrieb:
> 
> Aug 24 15:36:21 server1 sendmail[607]: OAA11523: to=hash@xxxxxxxxxxxxxxxxx,
> delay=00:47:36, xdelay=00:03:09, mailer=esmtp, relay=ial4.jsc.nasa.gov.
> [139.169.196.93], stat=Deferred: Connection timed out with
> ial4.jsc.nasa.gov.

do a "netstat" and try to find out the ip the spam is originating from.

add the ip adress to /etc/hosts.deny and block it using the kernel`s
routing table by typing as root

/sbin/route add -host 123.456.789.000 reject

you might temporary disable sendmail, while you`re installing "kai`s
spamshield"; you find it at http://spamshield.conti.nu/. read the
instructions carefully.
it is doing the annoying work to check the mail log and add up the mails
that a user is sending in a certain amount of time; set the limit to
about 40-50 mails first, you may increase it later.
if spamshield is triggered, it blocks the host the spam is originating
from.

why is your server relaying for all these domains ? 

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

A problem to some is a 'feature' to others.

Follow-Ups:
- Re: [cobalt-users] Getting Hacked! Please HELP ASAP!
  - From: Babu P. Yogarajah

References:
- RE: [cobalt-users] Getting Hacked! Please HELP ASAP!
  - From: Casselman, Chad

Prev by Date: [cobalt-users] Email problems on subdomained RaQ3
Next by Date: Re: [cobalt-users] SERIOUS problem with hosts.allow and hosts.deny (RaQ 3i withOS update 3)
Previous by thread: RE: [cobalt-users] Getting Hacked! Please HELP ASAP!
Next by thread: Re: [cobalt-users] Getting Hacked! Please HELP ASAP!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index