 | | | Server hacked... | Server hacked... 2003-06-14 - By jdow
Back
-- -- Original Message -- --
From: "System" <system@(protected)>
> -- -- Original Message -- --
> From: "Jeff Kinz" <jkinz@(protected)>
> >
> > On Sat, Jun 14, 2003 at 05:30:49PM +0530, System wrote:
> > > Hello All,
> > >
> > > >From last few days the server load is continuously running between
> 25% -
> > > 75%. Someone has hacked into the server sending mail. Is there some
way
> we
> > > can tract this and shut them out.
> >
> > Hi Tina, Its probably too late but shut down sendmail immediately.
> > service sendmail stop
> >
> > When I say "Too late" I mean that enough damage has already been done
> > by the spammers that your IP/domain will most likely be added to the
> > anti-spam blacklists. You may be in the process of having a large
> > number of sites refuse all of your attempts to send out email. :-(
> >
> > This is another reason to use Bayesian spam filters as opposed to
> > blacklists. Bogofilter and spambayes are two good examples of this type
> > of software, but neither can help Tina at prevent this problem.
> >
> >
> > Tina, you may have relaying enabled in your sendmail.mc file.
> > if you have a line that looks like this:
> > FEATURE(`relay_based_on_MX')dnl
> > change it so it looks like this
> > dnl FEATURE(`relay_based_on_MX')dnl
> >
> > and then regenerate your sendmail.cf file, then restart sendmail.
> > m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
> > service sendmail start
> >
> > --
>
> Will upgrading the kerel help. I am currently using 2.4.18-27.7.x
> version.
>
> I am using exim on my server. How dow I stop this?
Is your system hacked or was your sendmail open to the world?
A good test is chkrootkit.
If your server was hacked you're dead, deceased, toes up, a dead
server. Reinstall EVERYTHING from a known good backup to freshly
formatted disks.
If you merely left a hole in sendmail and your firewall, "nevermind".
{^_^} Joanne
|
|
|