Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th December 2010, 06:38
toux toux is offline
Member
 
Join Date: Sep 2010
Posts: 36
Thanks: 5
Thanked 0 Times in 0 Posts
Default My server send spam

My server is sending spam emails.
I change the password, I see on ssh file explorer, and I can't see mailing script, I desactiavet the mail function on php.ini, but still sneding emails.

And I have strange images on a directory.

Is there a solution, without format and reinstall?

Thank you
Reply With Quote
Sponsored Links
  #2  
Old 9th December 2010, 10:02
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,380
Thanks: 833
Thanked 5,479 Times in 4,313 Posts
Default

First you should check the system with the rkhunter and chkrootkit programs.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 9th December 2010, 15:32
toux toux is offline
Member
 
Join Date: Sep 2010
Posts: 36
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Hello Till,

Thank you very much, I just installed Rkhunter and I see a good number of warings here:

Performing file properties checks

In

Checking for rootkits...

Performing check of known rootkit files and directories

All green [not found]
Here the summary:
System checks summary
=====================

File properties checks...
Required commands check failed
Files checked: 137
Suspect files: 34

Rootkit checks...
Rootkits checked : 245
Possible rootkits: 1
Rootkit names : Xzibit Rootkit

Applications checks...
Applications checked: 4
Suspect applications: 4

The system checks took: 1 minute and 11 seconds

I run chkrootkit-0.49 and not show nothing infected and all good.

How can I fix this errors? and prevent the spam, and the strange images upload.

Thank you

Toux

Last edited by toux; 9th December 2010 at 15:36.
Reply With Quote
  #4  
Old 9th December 2010, 18:19
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 153 Times in 133 Posts
Default

The best thing to do is take the server off-line, and do a reinstall!

If your server has been compromised to/by a hacker, the hacker could have added many ways to access your server.

So if you fix one problem, the other might still be there and beeing abused by the hacker(s)
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #5  
Old 10th December 2010, 20:02
Olgierd Olgierd is offline
Member
 
Join Date: Aug 2009
Posts: 42
Thanks: 5
Thanked 7 Times in 2 Posts
 
Default

you check what proccess i to active on your server and stop it, then chceck why. Spam can be send by cgi script for example.

You download all log files on your desktop and analize it. Check who use shell, ftp last time and what was change. Check you upgrade.

you disable fopen in php.ini for suphp, fast-cgi etc.

If a hacker has no access to root, you have chance fix the server, other way is better reinstall all.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Server, postfix, gmail relay sjau Server Operation 3 14th December 2010 18:20
Getmail problem cante93 Installation/Configuration 6 20th September 2010 14:40
Can't Ping over VPN RoMiONeT Server Operation 2 4th July 2010 00:19
FTP cannot open remote folder!?! andysm849 Server Operation 23 16th October 2008 23:34
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 10:01


All times are GMT +2. The time now is 14:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.