#1  
Old 29th April 2013, 21:41
hermestrismegistus hermestrismegistus is offline
Junior Member
 
Join Date: Aug 2012
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
Default Harddisk full

Today i recieved a call from a customer, and told me his website could not connect to the database. After looking at it, i discovered that my server hard disk is full.

But i can't discover how my hard disk became so full.

I done: du -sh */

5.0M bin/
14M boot/
96K dev/
7.6M etc/
3.3M home/
88M lib/
16K lost+found/
12K media/
4.0K mnt/
4.0K opt/
du: cannot access `proc/19595': No such file or directory
du: cannot access `proc/19596': No such file or directory
du: cannot access `proc/19597': No such file or directory
du: cannot access `proc/19600': No such file or directory
du: cannot access `proc/19601/task/19601/fd/4': No such file or directory
du: cannot access `proc/19601/task/19601/fdinfo/4': No such file or directory
du: cannot access `proc/19601/fd/4': No such file or directory
du: cannot access `proc/19601/fdinfo/4': No such file or directory
du: cannot access `proc/19603': No such file or directory
du: cannot access `proc/19604': No such file or directory
du: cannot access `proc/19605': No such file or directory
du: cannot access `proc/19606': No such file or directory
0 proc/
39M root/
4.1M sbin/
4.0K selinux/
4.0K srv/
0 sys/
4.0K tmp/
836M usr/
du: cannot access `var/spool/postfix/incoming/907E449CBB': No such file or directory
du: cannot access `var/spool/postfix/incoming/478C44A4CA': No such file or directory
du: cannot access `var/spool/postfix/incoming/12D364E9FF': No such file or directory
du: cannot access `var/spool/postfix/incoming/49A1452434': No such file or directory
du: cannot access `var/spool/postfix/incoming/796A1912AC': No such file or directory
du: cannot access `var/spool/postfix/incoming/6B329917E5': No such file or directory
7.2G var/


Is there a possibility i`m under a spam attack? If not, how can i find out what's the reason for my full harddisk?

Greets,
Arjan.
Reply With Quote
Sponsored Links
  #2  
Old 29th April 2013, 22:33
hermestrismegistus hermestrismegistus is offline
Junior Member
 
Join Date: Aug 2012
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
Default

It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.
Reply With Quote
  #3  
Old 30th April 2013, 01:16
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 218
Thanks: 22
Thanked 16 Times in 16 Posts
Default

I'm not fluent in my commands, but did you do a 'df' to see what's eating up your space?
Reply With Quote
  #4  
Old 30th April 2013, 08:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,769
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Quote:
Originally Posted by hermestrismegistus View Post
It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.
Thats quite big. Chech with

postqueue -p

How many mails are in the queue. Maybe someone sends spam trough our server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 2nd May 2013, 02:24
hermestrismegistus hermestrismegistus is offline
Junior Member
 
Join Date: Aug 2012
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
Default You're right, i got blacklisted by google since today.

Yeah spam abuse.... Just done the postqueue -p and i see severall emails a second.

870878614C* 3007 Mon Apr 29 20:24:59 MAILER-DAEMON
web10@(mydomain).nl

I also got blacklisted by google since today. This is the second time spam got send from my ip. I still not know how they do it, but a fact is they do it.

Any idea's suggestion to get rid of this spam abuse?
Reply With Quote
  #6  
Old 2nd May 2013, 03:42
hermestrismegistus hermestrismegistus is offline
Junior Member
 
Join Date: Aug 2012
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
Default

Something that pokes me, is the web10, its the folder where the website of that domain is hosted. Also there is no web10 email adres configured.

Would it mean a security problem in the website that is hosted in the web10 folder...? I made a little script that logged everything that wen't trough sendmail, but no weird emails get logged.
Reply With Quote
  #7  
Old 2nd May 2013, 10:16
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,769
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

This means that the web10 website sent spam, mots likely trough a vulnerable cms system or contact form. If there is a cms installed in that site, then install all available updates for that cms.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 2nd May 2013, 16:49
hermestrismegistus hermestrismegistus is offline
Junior Member
 
Join Date: Aug 2012
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

Oke, i disabled the mail form(only mail possibility at that website).

But then it seems i made a mistake. I wanted to clear out the log files and because there where so extreme long, i deleted them using rm. Which now results in postfix not writing anything in those log files.

Probably the permissions are wrong, any idea how i can restore the log files?

Greets,
Arjan.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sometimes the / partition is full for few minutes... voltron81 Installation/Configuration 4 12th March 2010 10:43
rsync and destination is full rusty Server Operation 1 15th February 2010 13:21
watchdog_task: NIC Link is Up 10 Mbps Full Duplex Chad Server Operation 0 8th October 2008 03:04
Howto: Make Webalizer show full QueryString!! Zoon Tips/Tricks/Mods 1 5th November 2007 02:12
Update caused / to become full... Joffar Installation/Configuration 2 3rd March 2006 11:56


All times are GMT +2. The time now is 15:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.