[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] B**tards!

Subject: Re: [cobalt-users] B**tards!
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri Aug 9 11:55:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 9 Aug 2002, Andy Jacobs wrote:

> Why today.  I have just got back from my father's funeral and some complete
> bastard is hacked into my machine.  Someone is using my server to send spam.
> I suspect through the old formmail exploit.  I've just suspended the site in
> question.
>
> All my customers were getting a mail lock error and when I do a ps -ef there
> are various sendmail processes running for root.  I could be barking up the
> wrong tree there though.
>
> Can anyone please throw me a small shred of hope and tell me where I might
> start looking.
>

Run chkrootkit,
study your /var/log/maillog
See if you can find out where it is coming from and shut it down
Just because someone found a way to send mail through your server
doesn't mean its hacked.


--
Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
http://frontstreetnetworks.com | Website Hosts & SOHO Networks
229 Front Street, Ste.#C, New Haven, CT. 06513 United States
voice +1 203-785-0699 | fax +1 203-785-1787

References:
- [cobalt-users] B**tards!
  - From: Andy Jacobs

Prev by Date: RE: [cobalt-users] PortSentry/LogCheck & Security Hardening Update 2.0.1
Next by Date: RE: [cobalt-users] 404 resolved
Previous by thread: Re: [cobalt-users] B**tards!
Next by thread: RE: [cobalt-users] B**tards!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index