|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ralf Hildebrandt (Ralf.Hildebrandt
charite.de)
Date: Sat Dec 25 2010 - 13:17:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* ASAI <asaiglobalchangemusic.org>:
> Greetings,
>
> In the logs I have been seeing many attempts made to send messages to
> gmail which seem like there's spam being sent from my server. In the
> logs I see this:
>
> Dec 24 00:05:11 triata amavis[29729]: (29729-06) Passed CLEAN,
> <apachetriata.globalchangemultimedia.net> ->
> <ickovjuleejilgmail.com>, Message-ID:
> <20101224070510.BF7ACFD8063triata.globalchangemultimedia.net>,
> mail_id: s69xqJA1Kuer, Hits: -2.6, size: 669, queued_as: 9F457FD80A9,
> 898 ms
> Dec 24 00:05:11 triata postfix/smtp[1065]: BF7ACFD8063:
> to=<ickovjuleejilgmail.com>, relay=127.0.0.1[127.0.0.1]:10024,
> delay=1, delays=0.09/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0
> Ok: queued as 9F457FD80A9)
>
> What is a problem is that there is no user named apachetriata... and
> this user is sending hundreds of emails out to Gmail. So it looks
> like there's been a compromise. My question is, how do I begin to
> plug this hole?
stop apache
look further
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandtcharite.de | http://www.charite.de
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]