[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Fri Apr 1 08:17:40 2005 -->
- <!--x-from-r13: Xreel.Kh ng Hbvprpbz.pbz (Kh, Xreel) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] tracking down a spammer on our box -->
- <li><em>date</em>: Fri Apr 1 08:17:40 2005</li>
- <li><em>from</em>: Jerry.Yu at Voicecom.com (Yu, Jerry)</li>
- <li><em>subject</em>: [ale] tracking down a spammer on our box</li>
# -----Original Message-----
# From: ale-bounces at ale.org [<a rel="nofollow" href="mailto:ale-bounces";>mailto:ale-bounces</a> at ale.org] On
# Behalf Of James P. Kinney III
# Sent: Thursday, March 31, 2005 11:51 PM
# To: Atlanta Linux Enthusiasts
# Subject: Re: [ale] tracking down a spammer on our box
#
# Uugh! I am not a PHP person but I suspect that the logging
# can be turned up in apache to help with more data on linking
# a web process to an email generation.
#
# You should be able to set qmail to not allow a user named
# "anonymous" to send mail.
#
# On Thu, 2005-03-31 at 23:39 -0500, Ryan Williams wrote:
# > We are running RedHat ES and have someone using our server
# to send a
# > small but steady stream of spam... between 4 and 5 messages per
# > minute, so they are smart enough to keep the activity fairly low
# > profile. We've already confirmed with ORDB that we are not an open
# > relay. The messages are showing up in ps -aux as:
# >
# > qmailr 19774 0.0 0.0 3436 972 ? S 14:44 0:00 qmail-remote
# > remotedomain.com anonymous at server1.ourserver.com
# > randomuser at remotedomain.com
# >
# > and our maillogs show messages being delivered which are
# certainly spam:
# >
# > Mar 31 15:07:02 server1 qmail: 1112299622.785136 starting delivery
# > 193807: msg 9536773 to remote randomuser at remotedomain.com
# >
# > Since the messages are being sent by "anonymous", we are
# pretty sure
# > this is a vulnerable PHP script somewhere on the server
# that is being
# > used, but we are having the hardest time tracking down
# which one(s) is
# > the culprit. Is there any way to track down which domain or
# script was
# > used to send these messages?
# >
# > Thanks!
# >
# > Ryan
# > _______________________________________________
# > Ale mailing list
# > Ale at ale.org
# > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
# --
# James P. Kinney III \Changing the mobile computing world/
# CEO & Director of Engineering \ one Linux user /
# Local Net Solutions,LLC \ at a time. /
# 770-493-8244 \.___________________________./
# <a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
#
# GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
# <jkinney at localnetsolutions.com> Fingerprint = 3C9E 6366 54FC
# A3FE BA4D 0659 6190 ADC3 829C 6CA7
#
This email and any attached files herein contain information that is intended only for the use of the individual or entity to whom it is addressed and may contain information that is legally privileged, confidential or otherwise exempt from disclosure under applicable laws. If the reader of this message is not the recipient, any disclosure, dissemination, distribution, copying or other use or retention of this communication or its substance is prohibited.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00001" href="msg00001.html">[ale] tracking down a spammer on our box</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00050" href="msg00050.html">[ale] tracking down a spammer on our box</a></strong>
<ul><li><em>From:</em> ryan at jimmyether.com (Ryan Williams)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Next by Date:
<strong><a href="msg00001.html">[ale] tracking down a spammer on our box</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00001.html">[ale] tracking down a spammer on our box</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00000"><strong>Date</strong></a></li>
<li><a href="threads.html#00000"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>