HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Harddisk full (http://www.howtoforge.com/forums/showthread.php?t=61656)

hermestrismegistus 29th April 2013 21:41

Harddisk full
 
Today i recieved a call from a customer, and told me his website could not connect to the database. After looking at it, i discovered that my server hard disk is full.

But i can't discover how my hard disk became so full.

I done: du -sh */

5.0M bin/
14M boot/
96K dev/
7.6M etc/
3.3M home/
88M lib/
16K lost+found/
12K media/
4.0K mnt/
4.0K opt/
du: cannot access `proc/19595': No such file or directory
du: cannot access `proc/19596': No such file or directory
du: cannot access `proc/19597': No such file or directory
du: cannot access `proc/19600': No such file or directory
du: cannot access `proc/19601/task/19601/fd/4': No such file or directory
du: cannot access `proc/19601/task/19601/fdinfo/4': No such file or directory
du: cannot access `proc/19601/fd/4': No such file or directory
du: cannot access `proc/19601/fdinfo/4': No such file or directory
du: cannot access `proc/19603': No such file or directory
du: cannot access `proc/19604': No such file or directory
du: cannot access `proc/19605': No such file or directory
du: cannot access `proc/19606': No such file or directory
0 proc/
39M root/
4.1M sbin/
4.0K selinux/
4.0K srv/
0 sys/
4.0K tmp/
836M usr/
du: cannot access `var/spool/postfix/incoming/907E449CBB': No such file or directory
du: cannot access `var/spool/postfix/incoming/478C44A4CA': No such file or directory
du: cannot access `var/spool/postfix/incoming/12D364E9FF': No such file or directory
du: cannot access `var/spool/postfix/incoming/49A1452434': No such file or directory
du: cannot access `var/spool/postfix/incoming/796A1912AC': No such file or directory
du: cannot access `var/spool/postfix/incoming/6B329917E5': No such file or directory
7.2G var/


Is there a possibility i`m under a spam attack? If not, how can i find out what's the reason for my full harddisk?

Greets,
Arjan.

hermestrismegistus 29th April 2013 22:33

It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.

Turbanator 30th April 2013 01:16

I'm not fluent in my commands, but did you do a 'df' to see what's eating up your space?

till 30th April 2013 08:32

Quote:

Originally Posted by hermestrismegistus (Post 296471)
It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.

Thats quite big. Chech with

postqueue -p

How many mails are in the queue. Maybe someone sends spam trough our server.

hermestrismegistus 2nd May 2013 02:24

You're right, i got blacklisted by google since today.
 
Yeah spam abuse.... Just done the postqueue -p and i see severall emails a second.

870878614C* 3007 Mon Apr 29 20:24:59 MAILER-DAEMON
web10@(mydomain).nl

I also got blacklisted by google since today. This is the second time spam got send from my ip. I still not know how they do it, but a fact is they do it.

Any idea's suggestion to get rid of this spam abuse?

hermestrismegistus 2nd May 2013 03:42

Something that pokes me, is the web10, its the folder where the website of that domain is hosted. Also there is no web10 email adres configured.

Would it mean a security problem in the website that is hosted in the web10 folder...? I made a little script that logged everything that wen't trough sendmail, but no weird emails get logged.

till 2nd May 2013 10:16

This means that the web10 website sent spam, mots likely trough a vulnerable cms system or contact form. If there is a cms installed in that site, then install all available updates for that cms.

hermestrismegistus 2nd May 2013 16:49

Oke, i disabled the mail form(only mail possibility at that website).

But then it seems i made a mistake. I wanted to clear out the log files and because there where so extreme long, i deleted them using rm. Which now results in postfix not writing anything in those log files.

Probably the permissions are wrong, any idea how i can restore the log files?

Greets,
Arjan.


All times are GMT +2. The time now is 20:58.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.