Server hacked... 2003-06-14 - By Jeff Kinz
Back
On Sat, Jun 14, 2003 at 05:30:49PM +0530, System wrote:
> Hello All,
>
> >From last few days the server load is continuously running between 25% -
> 75%. Someone has hacked into the server sending mail. Is there some way we
> can tract this and shut them out.
Hi Tina, Its probably too late but shut down sendmail immediately.
service sendmail stop
When I say "Too late" I mean that enough damage has already been done
by the spammers that your IP/domain will most likely be added to the
anti-spam blacklists. You may be in the process of having a large
number of sites refuse all of your attempts to send out email. :-(
This is another reason to use Bayesian spam filters as opposed to
blacklists. Bogofilter and spambayes are two good examples of this type
of software, but neither can help Tina at prevent this problem.
Tina, you may have relaying enabled in your sendmail.mc file.
if you have a line that looks like this:
FEATURE(`relay_based_on_MX')dnl
change it so it looks like this
dnl FEATURE(`relay_based_on_MX')dnl
and then regenerate your sendmail.cf file, then restart sendmail.
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail start
--
Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. jkinz@(protected)
copyright 2003. Use is restricted. Any use is an
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.
|
|
