hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : is it normal?
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

is it normal?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 05-30-2004, 01:48 AM
Lem0nHead Lem0nHead is offline
Web Hosting Master
  
Join Date: Feb 2004
Posts: 1,226

is it normal?

Quote:
root@server01 [/var/spool/exim]# du --max-depth=1
298240 ./input
151296 ./msglog
480 ./db
450028 .
seens weird... 450 MBs on /var/spool/exim

thanks

Reply With Quote


Sponsored Links
  #2  
Old 05-30-2004, 01:51 AM
Steven Steven is offline
I like ice cream
  
Join Date: Mar 2003
Location: California USA
Posts: 11,590
Quote:
root@w00t [/var/spool/exim]# ls
./ ../ db/ exim-daemon.pid input/ msglog/
root@w00t [/var/spool/exim]# du --max-depth=1
392 ./input
96 ./msglog
44 ./db
540 .
root@w00t [/var/spool/exim]#
You might have a spammer, or a very large mail queue

__________________
Steven Ciaburri | Proactive Linux Server Management - Rack911.com | 1.855.RACK911
System Administration Extraordinaire

Managed Dedicated Servers, Linux Server Management, Disaster Recovery, Server Security Audits

Reply With Quote
  #3  
Old 05-30-2004, 01:55 AM
Lem0nHead Lem0nHead is offline
Web Hosting Master
  
Join Date: Feb 2004
Posts: 1,226
Quote:
Originally posted by thelinuxguy
You might have a spammer, or a very large mail queue
this thing is growing madly now

i noticed that while trying to rsync this dir with backup and it never ending

exim_mainlog shows a lot of things like
Quote:
2004-05-30 02:54:41 1BUFXg-0001DP-E0 ** jimbocvzitkwnaz@sudose.com <jimbocvzItkWnaZ@sudose.com> R=fail_remote_domains: unrouteable mail domain "sudose.com"
2004-05-30 02:54:41 1BUFXg-0001DP-E0 Frozen (delivery error message)
2004-05-30 02:54:41 1BUFXZ-0006ZZ-Or Message is frozen
2004-05-30 02:54:41 1BUFXT-00080X-2E Message is frozen
2004-05-30 02:54:41 1BUFWz-0005mR-4n Unfrozen by auto-thaw
2004-05-30 02:54:41 1BUFWz-0005mR-4n ** bsmin777frjedy@luzon.tr <bsmin777FRjEDY@luzon.tr> R=fail_remote_domains: unrouteable mail domain "luzon.tr"
2004-05-30 02:54:41 1BUFWz-0005mR-4n Frozen (delivery error message)
2004-05-30 02:54:41 1BUFWt-0007vI-DT Unfrozen by auto-thaw
2004-05-30 02:54:41 1BUFWt-0007vI-DT ** pap1652cuaczszjoqfye@ipaintball.net <pap1652cuAcZszJOQfye@ipaintball.net> R=fail_remote_domains: unrouteable mail domain "ipaintball.net"
2004-05-30 02:54:41 1BUFWt-0007vI-DT Frozen (delivery error message)
2004-05-30 02:54:41 1BUFWk-0004cL-SN Unfrozen by auto-thaw
does anyone know how can I trace which user is doing that?

thanks

Reply With Quote
Sponsored Links
  #4  
Old 05-30-2004, 02:33 AM
Lem0nHead Lem0nHead is offline
Web Hosting Master
  
Join Date: Feb 2004
Posts: 1,226
even if I STOP exim (service exim stop), those messages doesn't stop appearing!!

any ideas?

Reply With Quote
  #5  
Old 05-30-2004, 02:51 PM
visiondream3 visiondream3 is offline
WHT Addict
  
Join Date: Jun 2003
Posts: 102
I guess this is because spamming is going on through a web script, using /usr/sbin/sendmail or /usr/sbin/exim directly and not via connect to a host ip at port 25.

__________________
Dream, Envision, Enrich the world

Reply With Quote
  #6  
Old 05-30-2004, 02:58 PM
Steven Steven is offline
I like ice cream
  
Join Date: Mar 2003
Location: California USA
Posts: 11,590
might have a bad formmail script

__________________
Steven Ciaburri | Proactive Linux Server Management - Rack911.com | 1.855.RACK911
System Administration Extraordinaire

Managed Dedicated Servers, Linux Server Management, Disaster Recovery, Server Security Audits

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
VIDEO: GlowTouch VP of Operations Russ Broomell Talks Parallels Automation on AWS Whir Tv 2013-02-25 18:07:04
What the new version of Google Analytics brings to your business Blog 2011-12-20 15:56:29
Noise Filter: Trust in Certificate Authorities Weakens After DigiNotar Hack Web Hosting News 2011-09-09 18:26:57
Situation Normal, Everything Must Change, with Simon Wardley Web Hosting News 2011-08-09 07:25:52
Cloud Security Firm Dome9 Names David Meizlik VP of Marketing Web Hosting News 2011-06-22 16:47:50


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks

Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?