Security :: Server Hacked - Finding Process Behind Sending Emails
Jun 13, 2011
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies
ADVERTISEMENT
Oct 12, 2010
I have wordpress installed on my VPS, which is running 10.04.1 LTS. I appear to be having an issue whereby the server isn't sending out emails to new users, nor to myself when I get comments on the blog.I'm at a dead end for where to look next, because the settings are exactly the same as they were with my previous VPS (and they were always pretty generic), but yet it doesn't work.
View 5 Replies
View Related
Dec 13, 2010
I am using the Postfix SMTP server for sending emails. However I just did a default installation and subsequently someone is sending spam using my SMTP server. I would like some help on securing my Postfix server and to block these mischievous emails being sent from my server.
View 2 Replies
View Related
Jan 21, 2010
One of our postfix servers is for sending/receiving internal emails only. When a user entered a wrong recipient address, it will take almost an hour for the user to get the "Recipient address rejected" email. What can be done to let the user get the "Recipient address rejected" email quickier.
View 7 Replies
View Related
Apr 23, 2011
I have installed an SMTP server using ...
sudo apt-get install postfix
but I sill cannot send emails from my local machine to my yahoo account using ...
echo "Hi Steve que tal ?" | mail -s "test message" steven_matthews_uk@yahoo.co.uk
View 8 Replies
View Related
Apr 11, 2011
Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code:
You have new mail in /var/spool/mail/root
[root@dev etc]# tail /var/spool/mail/root
[code]....
View 11 Replies
View Related
Jan 7, 2010
I have a 64bit linux server with 5 virtual hosts on it. When someone fills out a contact form on one of the sites...I get 15-20 copies of the same email. At first I thought it was the kids clicking send multiple times because the first emails were coming from the children's ministry "Email The Cast" section. But then I started getting multiples from the adult sites too. All contact forms are set to come to me.
What's stranger is that my registration section for one of the sites uses the SAME php script (different file) to email me a notification that someone has registered but I only get 1 copy of that.
View 1 Replies
View Related
Nov 14, 2010
I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
View 9 Replies
View Related
Jun 19, 2010
My server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
View 9 Replies
View Related
Oct 8, 2010
How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies
View Related
Jan 3, 2011
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ...
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
[code].....
View 7 Replies
View Related
Jun 22, 2010
I have a server hacked when i try to log in i type root but won't let me type a passwdthere are no services up, can't see page mail nothing
View 11 Replies
View Related
Sep 8, 2010
Code:
#include <stdio.h>
#include <unistd.h>
#include <signal.h>
[code]....
Description of what the code does or what i intended to do:
1. Created a child process from parent process using 'fork()'
2. Sent a signal 'SIGALRM' from child process to parent process using 'sigqueue' function.
(The Third parameter of 'siqueue' function contains the message (message msg) which the child process wants to send to the parent process.'msg' is a stucture instance containing a) pid of child and b) string) 5. Print the 'msg' sent by child process inside the signal handler function 'sig_action_function' of the parent process I am getting some junk value when this line is executed
Code:
printf("%d
",msg->cpid);
I expected to get the pid of child process, which the child process sent to parent process through the signal.
View 3 Replies
View Related
Jan 18, 2010
i'm not a techie but have tried my best to solve the issue without success. I have a static IP from local ISP and my computer is configured with 192.168.1.2 (LAN IP).
I have installed ubuntu server 9.04 and want to send emails from my server for which I've configured postfix. But I dont know what to do next.
My questions are:
1. Do i need to install DNS server for using postfix? If not, what should I install to send emails from this server?
2. Do I need to forward any particular port in my router?
3. If I dont have a fully qualified domain, what are the configurations I need to do to send emails?
View 1 Replies
View Related
Jun 29, 2010
Currently I'm having a problem with a box which keep sending spams all over the world. yesterday we upgraded some drupal modules (which can send email), and the spam quantity reduced. But still some spams keep on going out from our server. Some of them even have attachment.
Some of them sent using accounts that never exist at our server (e.g. strager@mydomain.com), and some of them are from 'nobody'. what to check, or where to look. I've check the MX-Records and there was no strange forwarders. Really stuck here...
View 9 Replies
View Related
Jun 21, 2010
i've got Evolution as an email client in Fedora 12.ve got only one IMAP account configured, which seems to be working OK. However, temporarily it is not sending emails. I write an email and hit send/receive and get error. "Error while sending message" ir seems that it is downloading messages, but not sending. There is a quick, but annoying solution to it: restart Evolution. As soon as it is restarted (close and ope the application) it is working OK for some time.
View 2 Replies
View Related
Jan 18, 2010
I have a static IP from local ISP and my computer is configured with 192.168.1.2 (LAN IP).
I have installed ubuntu server 9.04 and want to send emails from my server for which I've configured postfix. But I dont know what to do next.
My questions are:
1. Do i need to install DNS server for using postfix? If not, what should I install to send emails from this server?
2. Do I need to forward any particular port in my router?
3. If I dont have a fully qualified domain, what are the configurations I need to do to send emails?
View 1 Replies
View Related
Feb 25, 2010
I have an rsync backup job scripted and run by cron at 12:00 every day. It emails me the log from rsync. The problem is that it sends the same email every minute starting at 12:00 and ending at 1:00. I can't figure out what I did to cause this. It is not happening on my other ubuntu server.
Code:
# m h dom mon dow command
* 12 * * 1,2,3,4,5 /home/barry/bin/backup.sh > /dev/null
Code:
#!/bin/sh
rsync -aut /usr/share/library /mnt/backup/WordPress > /home/barry/backup.log
[Code]....
View 2 Replies
View Related
Sep 14, 2010
I have sendmail setup and it works fine sending emails to outside email addresses. When I try and send email to our internal groupwise server the mail never gets there and I get an error message in the log user unknown.
View 1 Replies
View Related
Nov 2, 2010
I have installed Ubuntu onto a machine and am trying to get it to receive fax's and email them to me! After spending days on this I have installed efax-gtk and have successfully set it up to receive fax's and email them to me!
Everything is working, I can send and receive fax's ok, But when I set it with the 'mail_fax' script, I dont get an attached file, All I get is a directory location of the temp file, Witch is obviously deleted by the 'mail_fax' script! No Attachment is in the email.
/home/dell/efax-gtk-20101103135335.pdf
Fax 20101103135335 received by efax-gtk attached
All I want is the attachment to be attached!
View 3 Replies
View Related
Jun 8, 2010
I'm trying to get logwatch to email me. I think my logwatch.conf file is okay. I have postfix installed. The mailer as far as I can tell is set correctly ("usr/bin/mail"). When I run logwatch - I get "no mail for aubrey"
Heres my logwatch.conf file:
Code:
linux-qwkb:/home/aubrey # edit /usr/share/logwatch/default.conf/logwatch.conf
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
######################################################## .....
View 13 Replies
View Related
Apr 27, 2011
When I am using Mailutils to send messages to myself as a test, I get them but they are from <"ryandward@ryandward"@gmail.com> which is not a valid email address and I have no idea why my system is configured to send them from this address. This is indicative of some problem there is going on in my system.
View 9 Replies
View Related
Jun 20, 2009
i have problem in sending emails using outlook on my client machines i.e XP i am getting the error Relay access denied. i am using fedora 9 as our server. with dovecot and postfix and fetchmail.it was working fine previously .
View 1 Replies
View Related
Mar 8, 2010
I want to know if any one hacked or getting into my computer. I am using lucidlynx right now, My computer directly connected to modem, not using any wireless router. How can i check if some one hacked? How to prevent it?
View 6 Replies
View Related
Jan 3, 2011
I have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
View 8 Replies
View Related
Feb 27, 2011
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
View 9 Replies
View Related
Sep 5, 2011
Since we switched our server to Squeeze, I'm receiving emails from the cron about a mysql error (...can't use locks with log tables). But this is not the issue I want to talk about here. The issue is that since the executed command is: /usr/bin/mysqlcheck -uroot -pmypassword --all-databases --check-only-changed --silent which is a command that was automatically added to the cron by the mysql package (I believe), the password is sent in clear text in the email's subject. In my sense, this is a serious security issue (sending root password in email subject...)
I don't know at what level it should be corrected, but it seems to me like it should be corrected in the Debian distrib, shouldn't it ?
And for now, how can I hide the password in the emails I receive ?
View 1 Replies
View Related
Feb 19, 2011
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies
View Related
Mar 22, 2011
my computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
View 9 Replies
View Related
Jul 3, 2009
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies
View Related
