Results 1 to 13 of 13

Thread: Server abuse

  1. #1

    Server abuse

    Hi,

    My name is Todd, and I've been renting a VPS from TekTonic Networks for about a month now, and just yesterday, I got a report saying that my server was being used to send automated spam e-mails every second. I noticed it was a problem with Postfix. I had about 100 processes going saying "smtp -t unix -u -c" in the process name.

    I couldn't prevent it so I reverted my server to a backup I made previously. Everything is working fine now, but I didn't put any script in there to use Postfix and SMTP to spam people. I was wondering if there is a way to prevent this, and I can't do it easily since removing Postfix will remove MySQL from my server as well.

    So I'm asking what you think it might have been? And how can I prevent this further on? I looked in the crontabs and nothing in there told me it was executing Postfix.

    Any ideas? Thanks for your time.

    Regards,
    Todd Suess

  2. #2
    Join Date
    Dec 2005
    Location
    United Kingdom, Liverpool
    Posts
    115
    What operating system, i'm sure you can disable Postfix from running at startup, which should stop postfix from running at all.
    Linux/Windows Technician
    JCulpin [at] Gmail.com

  3. #3
    I'm using Debian 3.1 (Sarge) and I tried disabling Postfix but for some reason, it would just restart itself later, and I don't know how.

  4. #4
    Join Date
    Dec 2005
    Location
    United Kingdom, Liverpool
    Posts
    115
    You can edit the startup lines, it should disable it if you do that, then reboot. I'm not so sure where they're locted in Debian though, i'll take a look around for you and post back
    Linux/Windows Technician
    JCulpin [at] Gmail.com

  5. #5
    Join Date
    Jul 2006
    Posts
    34
    kill all the postfix processes, then

    try, "chmod a-x /etc/init.d/postfix"

    or, "apt-get remove --purge postfix" and use another mailder daemon

  6. #6
    Awesome, I'll try that if it happens again. Thanks very much.

    You wouldn't happen to know what would cause Postfix to automatically send spam e-mails out? If you want, I can upload my mail logs.

  7. #7
    My guess is your VPS either got comprimised or you were running it as an open relay.

  8. #8
    Not to seem like a noob, but are you saying that maybe there are some security holes?

  9. #9
    Join Date
    Jun 2005
    Location
    Canada
    Posts
    2,493
    Quote Originally Posted by tlsuess
    Not to seem like a noob, but are you saying that maybe there are some security holes?
    That's the point of the forums, to educate. Being a noob isn't a bad thing...

    It sounds like you manage it yourself -- there's always a chance for holes unless you are an expert. You might consider hiring someone do to a quick lookover if you see any problems in the future.
    GeeksGather - Undergoing redevelopment. Stand by.

  10. #10
    Quote Originally Posted by tlsuess
    Not to seem like a noob, but are you saying that maybe there are some security holes?
    In simple terms, being compromised is more or less being hacked.

    An "open relay" means that your mail server (postfix) is configured to deliver messages for any host. So basically, if someone wanted to send spams, they could connect to your server and have your server send spam on their behalf. But from what I know, most mail servers should not be running as an open relay by default. Maybe you did something to your mail server which enabled relaying?

  11. #11
    Would there be a way to disable that in Postfix?

  12. #12
    I don't know anything about postfix, but this page may make sense to you: http://www.postfix.org/SMTPD_ACCESS_README.html

  13. #13
    Thanks, and I have to admit I am not a pro either.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •