Harddisk full

Discussion in 'General' started by hermestrismegistus, Apr 29, 2013.

  1. hermestrismegistus

    hermestrismegistus New Member

    Today i recieved a call from a customer, and told me his website could not connect to the database. After looking at it, i discovered that my server hard disk is full.

    But i can't discover how my hard disk became so full.

    I done: du -sh */

    5.0M bin/
    14M boot/
    96K dev/
    7.6M etc/
    3.3M home/
    88M lib/
    16K lost+found/
    12K media/
    4.0K mnt/
    4.0K opt/
    du: cannot access `proc/19595': No such file or directory
    du: cannot access `proc/19596': No such file or directory
    du: cannot access `proc/19597': No such file or directory
    du: cannot access `proc/19600': No such file or directory
    du: cannot access `proc/19601/task/19601/fd/4': No such file or directory
    du: cannot access `proc/19601/task/19601/fdinfo/4': No such file or directory
    du: cannot access `proc/19601/fd/4': No such file or directory
    du: cannot access `proc/19601/fdinfo/4': No such file or directory
    du: cannot access `proc/19603': No such file or directory
    du: cannot access `proc/19604': No such file or directory
    du: cannot access `proc/19605': No such file or directory
    du: cannot access `proc/19606': No such file or directory
    0 proc/
    39M root/
    4.1M sbin/
    4.0K selinux/
    4.0K srv/
    0 sys/
    4.0K tmp/
    836M usr/
    du: cannot access `var/spool/postfix/incoming/907E449CBB': No such file or directory
    du: cannot access `var/spool/postfix/incoming/478C44A4CA': No such file or directory
    du: cannot access `var/spool/postfix/incoming/12D364E9FF': No such file or directory
    du: cannot access `var/spool/postfix/incoming/49A1452434': No such file or directory
    du: cannot access `var/spool/postfix/incoming/796A1912AC': No such file or directory
    du: cannot access `var/spool/postfix/incoming/6B329917E5': No such file or directory
    7.2G var/


    Is there a possibility i`m under a spam attack? If not, how can i find out what's the reason for my full harddisk?

    Greets,
    Arjan.
     
  2. hermestrismegistus

    hermestrismegistus New Member

    It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.
     
  3. Turbanator

    Turbanator Member HowtoForge Supporter

    I'm not fluent in my commands, but did you do a 'df' to see what's eating up your space?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats quite big. Chech with

    postqueue -p

    How many mails are in the queue. Maybe someone sends spam trough our server.
     
  5. hermestrismegistus

    hermestrismegistus New Member

    You're right, i got blacklisted by google since today.

    Yeah spam abuse.... Just done the postqueue -p and i see severall emails a second.

    870878614C* 3007 Mon Apr 29 20:24:59 MAILER-DAEMON
    web10@(mydomain).nl

    I also got blacklisted by google since today. This is the second time spam got send from my ip. I still not know how they do it, but a fact is they do it.

    Any idea's suggestion to get rid of this spam abuse?
     
  6. hermestrismegistus

    hermestrismegistus New Member

    Something that pokes me, is the web10, its the folder where the website of that domain is hosted. Also there is no web10 email adres configured.

    Would it mean a security problem in the website that is hosted in the web10 folder...? I made a little script that logged everything that wen't trough sendmail, but no weird emails get logged.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    This means that the web10 website sent spam, mots likely trough a vulnerable cms system or contact form. If there is a cms installed in that site, then install all available updates for that cms.
     
  8. hermestrismegistus

    hermestrismegistus New Member

    Oke, i disabled the mail form(only mail possibility at that website).

    But then it seems i made a mistake. I wanted to clear out the log files and because there where so extreme long, i deleted them using rm. Which now results in postfix not writing anything in those log files.

    Probably the permissions are wrong, any idea how i can restore the log files?

    Greets,
    Arjan.
     

Share This Page