[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] SMTP problem / possible hack?
- Subject: [cobalt-users] SMTP problem / possible hack?
- From: "Achieve IT" <info@xxxxxxxxxxxxxx>
- Date: Mon Dec 8 05:53:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hello,
This morning I started to receive calls from clients, telling me that they
could not send email. On investigation I found out that users could not send
emails to anybody outside my Raq4 box, receiving a 'relaying denied error'.
I tested using Openwebmail, and this worked fine. I then rebooted the
server, and all seems O.K. for the moment.
However, a couple of other strange events have been happening recently.
(1) I am getting regular Chkrootkit warnings such as:
Checking `lkm'... You have 7 process hidden for readdir command
You have 10 process hidden for ps command
Warning: Possible LKM Trojan installed
This does not happen on every Chkrootkit check, which happens every 12 hrs.
(2) Also this morning I received this from the server
./md2.1ssl.gz: No such file or directory
./md4.1ssl.gz: No such file or directory
./md5.1ssl.gz: No such file or directory
./mdc2.1ssl.gz: No such file or directory
./ripemd160.1ssl.gz: No such file or directory
./sha.1ssl.gz: No such file or directory
./sha1.1ssl.gz: No such file or directory
./DES.7ssl.gz: No such file or directory
./Modes.7ssl.gz: No such file or directory
./of.7ssl.gz: No such file or directory
Perhaps I should mention that I installed the Spamassassin pkg from Nuonce
last week, and this seems to be working great. This is the only thing I have
changed, since these issues have started.....
Any ideas.......... have I been hacked???