Server hacked... 2003-06-14 - By System
Back
-- -- Original Message -- --
From: "Jeff Kinz" <jkinz@(protected)>
To: <enigma-list@(protected)>
Sent: Saturday, June 14, 2003 6:10 PM
Subject: Re: Server hacked...
>
> On Sat, Jun 14, 2003 at 05:30:49PM +0530, System wrote:
> > Hello All,
> >
> > >From last few days the server load is continuously running between
25% -
> > 75%. Someone has hacked into the server sending mail. Is there some way
we
> > can tract this and shut them out.
>
> Hi Tina, Its probably too late but shut down sendmail immediately.
> service sendmail stop
>
> When I say "Too late" I mean that enough damage has already been done
> by the spammers that your IP/domain will most likely be added to the
> anti-spam blacklists. You may be in the process of having a large
> number of sites refuse all of your attempts to send out email. :-(
>
> This is another reason to use Bayesian spam filters as opposed to
> blacklists. Bogofilter and spambayes are two good examples of this type
> of software, but neither can help Tina at prevent this problem.
>
>
> Tina, you may have relaying enabled in your sendmail.mc file.
> if you have a line that looks like this:
> FEATURE(`relay_based_on_MX')dnl
> change it so it looks like this
> dnl FEATURE(`relay_based_on_MX')dnl
>
> and then regenerate your sendmail.cf file, then restart sendmail.
> m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
> service sendmail start
>
> --
Will upgrading the kerel help. I am currently using 2.4.18-27.7.x
version.
I am using exim on my server. How dow I stop this?
Thank you,
Tina...
|
|
