[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] B**tards!
- Subject: RE: [cobalt-users] B**tards!
- From: "Andy Jacobs" <andy@xxxxxxxxxxxxxx>
- Date: Fri Aug 9 14:26:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dave~
> Sent: 09 August 2002 22:12
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] B**tards!
>
>
>
> ----- Original Message -----
> Subject: RE: [cobalt-users] B**tards!
>
>
> > Why today. I have just got back from my father's funeral and
> some complete
> > bastard is hacked into my machine. Someone is using my server
> to send spam.
> > I suspect through the old formmail exploit. I've just
> suspended the site in
> > question.
>
> > Did you setup chkrootkit or any other binary file size check tool?
>
> This will help answer the *hack3d* question but if it is the 'ole formmail
> exploit, you may not be hack3d. Their just using the script to
> send mail. As
> root, type: locate formmail (there is a formail on the server so
> make sure to
> spell formmail, with two m's)
>
> Should tell you where it is, delete it...
>
Yes, it was the ol' FormMail trick. 36000 e-mails later. What fun I could
have with a spammer and a soldering iron at this point in time. The
requests are still comeing through but I guess they are not being actioned.
I'm still getting about 100 e-mails to admin per hour. Is there anyway I
can stop the requests BEFORE they get that far?
Andy