hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Spam??
Reply

Forum Jump

Spam??

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-21-2001, 12:20 PM
Pluto Pluto is offline
Junior Guru Wannabe
 
Join Date: Oct 2001
Posts: 31

Spam??


I am getting tones of line when I check the "top" command?
Anyone know how to check who is doing this??

11572 root 9 0 2304 2304 2024 S 2.2 0.1 0:00 /usr/sbin/exim -bd -q1h



Sponsored Links
  #2  
Old 11-21-2001, 01:45 PM
jucebro jucebro is offline
Junior Guru Wannabe
 
Join Date: Jun 2001
Posts: 46
Try doing a 'ps fax' at the command prompt. this will give you a tree view so you can see what process started this. For example, here is a 'ps fax' snip from my current ssh session:

352 ? S 0:15 sshd
5678 ? S 0:00 \_ sshd
5679 pts/0 S 0:00 \_ -bash
5693 pts/0 S 0:00 \_ su
5713 pts/0 S 0:00 \_ sh
6928 pts/0 R 0:00 \_ ps fax

So If you were looking for who was running the 'ps fax' command, you can just fallow the tree to the top.

'ps faux' will show you the user too:

root 352 0.0 0.1 2100 268 ? S Oct11 0:15 sshd
root 5678 0.0 0.9 2988 1496 ? S 09:07 0:00 \_ sshd
admin 5679 0.0 0.5 1696 936 pts/0 S 09:07 0:00 \_ -bash
root 5693 0.0 0.5 2088 936 pts/0 S 09:07 0:00 \_ su
root 5713 0.0 0.6 1748 988 pts/0 S 09:07 0:00 \_ sh
root 7047 0.0 0.4 2344 696 pts/0 R 09:32 0:00 \_ ps faux

Your process bellow is being run as root. So either someone logged in as root started it, or a service you have running as root started it, such as crond.

  #3  
Old 11-21-2001, 08:57 PM
Pluto Pluto is offline
Junior Guru Wannabe
 
Join Date: Oct 2001
Posts: 31
Anyone know how to make sure sendmail relay is closed?

Sponsored Links
  #4  
Old 11-21-2001, 09:06 PM
jucebro jucebro is offline
Junior Guru Wannabe
 
Join Date: Jun 2001
Posts: 46
I use Sam Spade. It has an SMTP relay check:

http://samspade.org/ssw/

  #5  
Old 11-22-2001, 03:16 AM
comphost comphost is offline
Junior Guru Wannabe
 
Join Date: Nov 2001
Posts: 41
SMTP

Simply starting it with just -bd
and relay is not activatd... you also can make a relay-domains
file with allowed hosts if using it

__________________
Mike@
CompHost.com - Hosting Services


  #6  
Old 11-22-2001, 06:37 AM
mahinder mahinder is offline
Web Hosting Master
 
Join Date: Aug 2001
Location: Matrix
Posts: 2,469
when people run script for spaming it runs as
user nobody.

so you can tran the process nobody and see his pid and kill it with pid id.

kill -9 <pid id>

you may also consider killing all nobody pidds with this command

kill -9 `ps aux | awk '{if($1 == "nobody") print $2}'`

then goto

/var/log

and see your sendmail.log file
pico sendmail.log

and see who is spaming (you will continues entries with same pid) that user is spaming. then bust him like bush did to taliban

spamer

__________________
CPHosting - Web Hosting Experts Since 1998.
United States | Europe | Singapore | Australia
Visit Us! www.cphosting.com

Reply

Related posts from TheWhir.com
Title Type Date Posted
Successful Ingredients for Stopping Outbound Spam Blog 2013-07-30 09:54:15
Outbound Spam Causing Sleepless Nights? Blog 2013-05-13 09:52:21
eleven Email Security Report Finds European Countries Top Spam Senders in October, November Web Hosting News 2012-12-13 10:05:37
eleven August Email Security Report Sees Highest Spam Growth Rate in Two Years Web Hosting News 2012-08-08 13:22:20
eleven Report Sees Spam Soar by 54.8 Percent in First Half of 2012 Web Hosting News 2012-07-25 12:37:46


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?