Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 17th January 2012, 17:18
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, i'm going to do that...I just don't undertsand where are the "bad files"!
Reply With Quote
Sponsored Links
  #22  
Old 17th January 2012, 18:15
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Quote:
Maybe it's better to remove ISPconfig instalation and reinstall again?
Your problem is either phpmyadmin or wordpress according to your logs and both software packages are neither part of ispconfig nor belong to it. So reinstalling ispconfig does not make much sense in my opinion and it wont change anything regarding your problem.

First you will have to find out which software is causing the problem and my recommendation for that is to protect phpmyadmin with a htaccess password protection and then enable your haproxy again to see if the problem is fixed. The installation directory of phpmyadmin differs for every Linux distribution, for Debian and ubuntu it is e.g. /usr/share/phpmyadmin

Most likely a full rennstall is not nescessary, your problem looks more like the typical spam bot. So before you try a wipeout the server I would close the access to phpmyadmin and see if its fixed then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #23  
Old 17th January 2012, 19:07
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, now it's really weird!

I reinstalled the machine...phpmyadmin,php, apache...and interspire and then...postfix..

I change inet_interfaces...and postfix log starts to sending mails again!!!

WTF?
Reply With Quote
  #24  
Old 17th January 2012, 19:22
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Try to locate the problem by blocking parts of the software. Start ith phpmyadmin as I suggested. If thst not causing the problem, then try to block your website for a short time e.g. with .htaccess to see if sending stops then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #25  
Old 17th January 2012, 19:26
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

I stop httpd and mysql...and still sending mails!
Reply With Quote
  #26  
Old 18th January 2012, 19:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by silenceti View Post
Well, now it's really weird!

I reinstalled the machine...phpmyadmin,php, apache...and interspire and then...postfix..

I change inet_interfaces...and postfix log starts to sending mails again!!!

WTF?
Did you use different passwords than on the old machine?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #27  
Old 19th January 2012, 11:53
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes...absolutely...all passwords have been changed!
Reply With Quote
  #28  
Old 19th January 2012, 12:06
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

It might be that there were a lot of pending mails in the mailqueue so that postfix had to send them first so that sending has not stopped after you stopped apache even if the actual hole that the attackers used was closed. Please check mailqueue with:

postqueue -p

and eventually empty it with:

postsuper -d ALL

if it contained spammer messages and then check if sending still goes on / starts after you stopped httpd.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #29  
Old 19th January 2012, 12:17
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

[root@master csf]# postqueue -p
Mail queue is empty

I've installed a csf and a few IP's were block since yesterday!

Now there are no e-mails out...i've start Postfix!
Reply With Quote
  #30  
Old 19th January 2012, 13:00
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hi,

In postix i can configure to just some ip's send e-mails right?

Thanks.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
User unknown in relay recipient table Taxick Installation/Configuration 12 9th April 2013 12:31
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 10:49
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
Not working emails (DNS and postfix problem?) shekiman Installation/Configuration 9 1st March 2011 16:25
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 16:11


All times are GMT +2. The time now is 17:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.