[NCLUG] Apparently, I'm a Spammer - Now What?
Stephen Warren
swarren at wwwdotorg.org
Wed Apr 25 16:15:34 MDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rich Young wrote:
> I just noticed our web server running unusually slowly, and a little
> digging turned up a huge load on sendmail. It didn't take long to find
> record in the maillog of a lot of spammy activity, which apparently
> began Monday morning.
The first thing to check: Are you an open relay (i.e. was sendmail
mis-configured), or was your box cracked? Perhaps the box runs a
web-server with a vulnerable web-form-to-email comment CGI script?
Secondly (perhaps first!): Shutdown, remove the HDD and keep it safe and
read-only for later forensics, re-install everything from install CDs,
install all updates, use postfix instead of sendmail...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGL9MGhk3bo0lNTrURArvTAJ9fVzoLlDEMbFCYs7FIAUO8oYhtuQCgkRmF
dyBVoTERHJ/2uEjB2L7gfzo=
=EnV9
-----END PGP SIGNATURE-----
More information about the NCLUG
mailing list