Spammer on my system

Wolfpaw - Dale Corse admin-lists at wolfpaw.net
Thu Mar 3 15:44:03 GMT 2005 

suExec (for cgi and php) is your friend :) At least you know
where to look that way :)

D.

> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org 
> [mailto:owner-freebsd-isp at freebsd.org] On Behalf Of Charles Hatvany
> Sent: Tuesday, March 01, 2005 6:13 PM
> To: darek at nyi.net
> Cc: freebsd-isp at freebsd.org
> Subject: Re: Spammer on my system
> 
> 
> Darek,
> 
> Thank you.  Found the bastard.  Same IP (83.102.146.162) 196 
> times to a guestbook.pl that isn't even used by the client's 
> site.  Chmod 000 guestbook.pl should hold him.
> 
> Thanks again.
> 
> Charles
> 
> >>> Darek Milewski <darek at nyi.net> 03/01 5:49 PM >>>
> Charles Hatvany wrote:
> 
> >Hi guys,
> >
> >This may not be the correct forum for this.  My apologies if this is 
> >the wrong place - could use direction.
> >
> >I have someone abusing one of our servers.  The mails 
> "originate" with 
> >user "www".
> >
> >The log entry is like this:
> >
> >Feb 28 20:19:03 sixty sendmail[33993]: j211J29r033993: from=www, 
> >size=7430, class=0, nrcpts=200, 
> >msgid=<200503010119.j211J29r033993 at sixty.hatvany.com>, 
> >relay=www at localhost
> >
> >pxytest shows open proxies at port 25 and 587.  The apache 
> config file 
> >has
> >
> ><Directory proxy:*>
> >        Order Deny,Allow
> >        Deny from all
> ></Directory>
> >
> >If I reject relay for 127.0.0.1 - I stop him, but also all mail 
> >originating on the server and on our web mail.
> >
> >Any ideas of what I should look for/do?
> >
> >Charles Hatvany
> >  
> >
> 
> Most likely you have some type of a mailer script (like FormMail.pl) 
> installed under Apache somewhere.  Happens all the time in a 
> webhosting 
> environment..  All you have to do is find it and disable it.  
> Could also 
> be called contact, or something similar.  You might tail some access 
> logs to look for frequent requests to a cgi file, or a php page.
> 
> 
> 
> _______________________________________________
> freebsd-isp at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-isp mailing list