[vox-tech] Spammers using my server
Rod Roark
rod at sunsetsystems.com
Fri Sep 24 08:50:20 PDT 2004
Pretty scary. Sounds like someone hacked in and is running
malware as the Apache user.
Have you called Red Hat support? I would be interested to
know what they say.
-- Rod
On Friday 24 September 2004 07:50 am, Ehrhart, Jay wrote:
> This morning I had over 7000 emails in my Linux server's outbound queue
> which I deleted. My firewall log shows over 20,000 emails went out with
> a
> SunTrust bank announce saying to login and enter your username and
> password.
> I do not see the emails coming in like I would in a relay. How can I
> stop
> this or how are they doing this?
>
> My firewall using a SMTP proxy and only allows my domain in. I run
> MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has
> the
> lastest patches from Red Hat. I have Sendmail setup to accept only my
> domain email.
>
> The non-deliverable reports are coming from my Linux apache user.
> Non-deliverables usually come from root. I am running apache on the
> server
> with forms. The forms software is the latest version and patches.
>
> Can anybody help on this?
>
> Thanks,
> Jay
>
> Jay Ehrhart
More information about the vox-tech
mailing list