Results 1 to 7 of 7
Thread: server hacked for spamming.
-
07-25-2005, 08:18 PM #1WHT Addict
- Join Date
- May 2004
- Location
- chicago
- Posts
- 174
server hacked for spamming.
Hi,
one of my clients server got serverly hacked..and was used for spamming..
now what exactly is happening is..
i think that due to some vunerebilty in phpbb the hacker got access to the tmp directory and was sending emails using nobody through my clients domain
from multiplenames@domain.com
now i tried to find a file which said that .. by phpHS and removed it..
i had permisison i set on it so the root user was non even able to remove it. I changed the permisison and it was removed.
but still the emails are being send using the server;s smtp.
does anybody has any idea how to deal with me.
the file i deleted had the starting contents as under
A powerful php shell program by Hacker Vietnam Association
* Coded for HVA member and Luke's friends to exploit shell
* commands in Unix server. If you have any trouble or suggetion
* contact Luke at hainamluke@hotmail.com or http://hackervn.net
* Special thanks to :
* dodo@****microsoft.com
* con_qua@yahoo.com
* trancongminh@yahoo.com
* HVA Groups
* and people who made PHP Explorer, PHP RemView etc..
if anybody had this kind of thing please help me to get my clients server from being spammed.
thanksCEO - Alakmalak Technologies www.Alakmalak.com
Web Application Development : Website Development Web Designing
Support Toll Free +1-800-789-9620 Skype : rushik Operating Since 2003 || Team size of 35+ Web development center at INDIA
-
07-25-2005, 08:42 PM #2Away
- Join Date
- Jun 2002
- Posts
- 5,278
Hire a server administrator to clean and secure your server:
www.rack911.com
-
07-25-2005, 10:03 PM #3Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Hello,
I am assuming exim is your mail server force another queue run, and flush all frozen messages.
exim -qffServer Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
07-25-2005, 10:11 PM #4WHT Addict
- Join Date
- May 2004
- Location
- chicago
- Posts
- 174
I have done that. now slowly all bounce messages have stopped.
it works..
that means the problemed lied in the tmp folder in that file.
great...CEO - Alakmalak Technologies www.Alakmalak.com
Web Application Development : Website Development Web Designing
Support Toll Free +1-800-789-9620 Skype : rushik Operating Since 2003 || Team size of 35+ Web development center at INDIA
-
07-25-2005, 10:23 PM #5Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Hello,
Please paste the output of `mount`
and
`cat /etc/fstab`
Also please attach the output of ls -al /tmp | grep -v sess_Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
07-25-2005, 11:32 PM #6WHT Addict
- Join Date
- May 2004
- Location
- chicago
- Posts
- 174
out put of mount
/dev/hda5 on /tmp type ext3 (rw,noexec,nosuid,nodev)
output of ls -al /tmp | grep -v sess_
-rw-rw---- 1 harshil harshil 13 Jul 26 08:00 harshil-session-0.645833088158728
regardsCEO - Alakmalak Technologies www.Alakmalak.com
Web Application Development : Website Development Web Designing
Support Toll Free +1-800-789-9620 Skype : rushik Operating Since 2003 || Team size of 35+ Web development center at INDIA
-
07-26-2005, 11:48 AM #7Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Hello,
Both seem fine. Make sure your /dev/shm is almost mounted with noexec. Since this basically limits everything to execute from perl only.
I suggest also installing mod_security
http://www.hostgeekz.com/guides/cPan...d_security.htmServer Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com