[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] HELP!! Somebody is spamming through my box!
- Subject: RE: [cobalt-users] HELP!! Somebody is spamming through my box!
- From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
- Date: Wed Sep 12 17:58:51 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Also check which version of formmail.cgi / formmail.pl you are using,
there is a vulnerability with the older version that allows spammers to
use any sites formmail script to send out their annoying mails!
Check out: http://www.worldwidemart.com/scripts/formmail.shtml for the
update information. The new version is 1.9 and released august 3rd. I'd
advise all your raq users to update their formmail scripts if they
haven't already.
What you could do to take a look in the mail queue is telnet in as
admin, go to superuser (su) put the admin password again and type:
sendmail -bp
which will print out the queue of mails still waiting, to see how many
are actually in there waiting to go out.
Andy Brown
http://www.linuxnetworking.co.uk/
-----Original Message-----
From: Chip [mailto:chip@xxxxxxxxxx]
Sent: 09 September 2001 10:31 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] HELP!! Somebody is spamming through my box!
I just checked the admin logs, and found hundreds of messages like the
following. I know that I have relaying turned off, I'm using
pop-before-smtp for security, and I've got all of the updates installed.
I don't know how to figure out which user is doing this, and I obviously
want to stop it immediately, but have enough clients on the box that I
can't just mail services down.
Here is a small example of what I'm seeing.
Security Violations
=-=-=-=-=-=-=-=-=-=
Sep 9 16:58:56 www PAM_pwdb[24262]: authentication failure; (uid=0) ->
admin for ahttpd service
Sep 9 16:48:25 www sendmail[11725]: QAA11723:
to=corso5@xxxxxxx,abean34@xxxxxxx,huskerhawg@xxxxxxx,bucksfan@xxxxxxx,an
geiofsorrow@xxxxxxx,bling02bling@xxxxxxx,rleon2@xxxxxxx,rubertin@xxxxxxx
,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-04.mx.aol.com. [152.163.224.122], stat=Sent (OK)
Sep 9 16:48:25 www sendmail[11729]: QAA11727:
to=baridb2@xxxxxxx,apmiles66@xxxxxxx,broncojcp@xxxxxxx,brettga@xxxxxxx,b
bjj007@xxxxxxx,aimes51896@xxxxxxx,beanl6@xxxxxxx,debrn145@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-04.mx.aol.com. [152.163.224.122], stat=Sent (OK)
Sep 9 16:48:38 www sendmail[11757]: QAA11755:
to=fd128@xxxxxxx,elfieldy69@xxxxxxx,dsmale1@xxxxxxx,greenacres1980@xxxxx
om,jvm216@xxxxxxx,icemanlar@xxxxxxx,iebony4life@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mailin-01.mx.aol.com. [152.163.224.26], stat=Sent (OK)
Sep 9 16:48:39 www sendmail[11761]: QAA11759:
to=jackiek85@xxxxxxx,fordtrucktexan@xxxxxxx,dvfrly@xxxxxxx,khaisou@xxxxx
om,fulhrd699@xxxxxxx,kenshin29@xxxxxxx,hft8286@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-02.mx.aol.com. [64.12.136.89], stat=Sent (OK)
Sep 9 16:49:53 www sendmail[11819]: QAA11817:
to=haegerklaus@xxxxxxx,gerryke@xxxxxxx,kikiholley@xxxxxxx,e16vball@xxxxx
om,jkid5433@xxxxxxx,fracklerok@xxxxxxx,gnehntng@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-01.mx.aol.com. [205.188.156.122], stat=Sent (OK)
Sep 9 16:49:53 www sendmail[11821]: QAA11815:
Any help GREATLY appreciated!!
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users