Results 1 to 6 of 6

Thread: Server crashed

  1. #1
    Join Date
    Mar 2005
    Posts
    196

    Server crashed

    My server has crashed couple of times in past few weeks.
    I suspect it has something to do with files I always find at /tmp dir.

    enviar.txt, failed.txt, mailcarteironovo.html, maquinas.txt, ok.txt, spam.pl

    Some of these files contain email addresses and my virus program alerts on that .html file.

    How can I stop these files appearing at my /tmp

  2. #2
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,984
    I find these articles by eth0 very useful, you may read and see if it is of help http://www.eth0.us/?q=tmp

  3. #3
    It does seems like your server is being infiltrated and someone might have placed a trojan on your system to send spam.

    The only way to really stop this from happening would be to find out who and how they got into your system by plugging the security hole and removing the trojan from the system. The fastest way around this might be to reformat the harddisk and start from fresh again and make sure that this time, you handle the security aspects properly.

  4. #4
    Check your mail logs, does it show up as quite a huge number of emails going out ?

  5. #5
    Join Date
    Mar 2005
    Posts
    196
    Thanks for help.

  6. #6
    Join Date
    Feb 2003
    Location
    San Francisco, CA
    Posts
    190
    In your mail logs, look for outgoing mail sent to some email addresses from those files in /tmp. When/if you find them, investigate which user has sent this mail and examine this user's folder for some rootkits, spam scripts, etc.

    Also, the 'last' command will show you all the last logins to your box - be it shell or FTP. Maybe you'll find something suspicious there.
    First Amendment of a webhost: if you fail to prepare, prepare to fail.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •