#1  
Old 17th January 2012, 11:00
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default Server Hacked?

Hi,

In my servers with ISPConfig, i've my postfix sending e-mails every second to unknow e-mail accounts!

What can i do?

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 17th January 2012, 11:05
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,811
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

Most likely one of yor websites has a bug in a cms system or contact form so that spammers can use that to send spam trough your server. So its likely that the server itself is not hacked and you have just a vulnerable website.

To check if your server itself is hacked, use rkhunter:

rkhunter --update
rkhunter -c
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 17th January 2012, 11:46
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, I don't see any "strange thing" with rkhunter...

That's a little weird!

I Start Postix and:

SMTP helo=<mvx-201-76-189-2.mundivox.com>
Jan 17 13:40:25 vp7 postfix/smtpd[21407]: NOQUEUE: reject: RCPT from n: 554 5.7.1 <aogr@kimo.com.tw>: Relay access denied; from=<ideesujmslqf@googlegroups.com> to=<aogr@kimo.com.tw> proto=SMTP helo=
Jan 17 13:40:25 vp7 postfix/smtpd[21396]: NOQUEUE: reject: RCPT from ]: 554 5.7.1 <g6wu0djo6@yahoo.com.tw>: Relay access denied; from=<tuqsg@ms54.hinet.net> to=<g6wu0djo6@yahoo.com.tw> proto=SMTP helo=<187.115.194.22.static.gvt.net.br>

I don't even know what e-mail accounts are these....
!

Last edited by silenceti; 17th January 2012 at 12:00.
Reply With Quote
  #4  
Old 17th January 2012, 12:00
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,811
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

Theseare the email accounts where the spam is send to.

See here for a method to find which of your websites is used to send the spam:

http://www.howtoforge.com/how-to-log...tect-form-spam
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 17th January 2012, 12:03
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi till,
I don't think is a website, because i just have one, and it's a plataform, like interspire with haproxy!
I start haproxy, and mails are going out...

This is really weird!!!!
Reply With Quote
  #6  
Old 17th January 2012, 12:08
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've:

"Mail sent."

[root@ web]# cat /var/log/mail.form
[root@ web]#

!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
User unknown in relay recipient table Taxick Installation/Configuration 12 9th April 2013 12:31
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 10:49
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
Not working emails (DNS and postfix problem?) shekiman Installation/Configuration 9 1st March 2011 16:25
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 16:11


All times are GMT +2. The time now is 14:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.