Spammer on my system
Wolfpaw - Dale Corse
admin-lists at wolfpaw.net
Thu Mar 3 15:44:03 GMT 2005
suExec (for cgi and php) is your friend :) At least you know
where to look that way :)
D.
> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org
> [mailto:owner-freebsd-isp at freebsd.org] On Behalf Of Charles Hatvany
> Sent: Tuesday, March 01, 2005 6:13 PM
> To: darek at nyi.net
> Cc: freebsd-isp at freebsd.org
> Subject: Re: Spammer on my system
>
>
> Darek,
>
> Thank you. Found the bastard. Same IP (83.102.146.162) 196
> times to a guestbook.pl that isn't even used by the client's
> site. Chmod 000 guestbook.pl should hold him.
>
> Thanks again.
>
> Charles
>
> >>> Darek Milewski <darek at nyi.net> 03/01 5:49 PM >>>
> Charles Hatvany wrote:
>
> >Hi guys,
> >
> >This may not be the correct forum for this. My apologies if this is
> >the wrong place - could use direction.
> >
> >I have someone abusing one of our servers. The mails
> "originate" with
> >user "www".
> >
> >The log entry is like this:
> >
> >Feb 28 20:19:03 sixty sendmail[33993]: j211J29r033993: from=www,
> >size=7430, class=0, nrcpts=200,
> >msgid=<200503010119.j211J29r033993 at sixty.hatvany.com>,
> >relay=www at localhost
> >
> >pxytest shows open proxies at port 25 and 587. The apache
> config file
> >has
> >
> ><Directory proxy:*>
> > Order Deny,Allow
> > Deny from all
> ></Directory>
> >
> >If I reject relay for 127.0.0.1 - I stop him, but also all mail
> >originating on the server and on our web mail.
> >
> >Any ideas of what I should look for/do?
> >
> >Charles Hatvany
> >
> >
>
> Most likely you have some type of a mailer script (like FormMail.pl)
> installed under Apache somewhere. Happens all the time in a
> webhosting
> environment.. All you have to do is find it and disable it.
> Could also
> be called contact, or something similar. You might tail some access
> logs to look for frequent requests to a cgi file, or a php page.
>
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
>
More information about the freebsd-isp
mailing list