EMERGENCY - need to secure my server against an ongoing SPAMMER
Bob Brennan
rbrennan96 at gmail.com
Fri Mar 11 11:16:25 UTC 2005
On Fri, 11 Mar 2005 11:06:13 +0000, Paul Howarth <paul at city-fan.org> wrote:
> Bob Brennan wrote:
> > On Fri, 11 Mar 2005 10:48:29 +0000, Paul Howarth <paul at city-fan.org> wrote:
> >
> >>Bob Brennan wrote:
> >>
> >>>Sorry for the brevity here but I woke this morning to find my
> >>>mailserver sending 1000+ rejected email notices to postmaster@, and it
> >>>was increasing by the minute. I have shut down Sendmail and am
> >>>removing all relay permissions (I hope) but have a few issues that
> >>>need to be resolved quickly before going back online - knowing the
> >>>spammer will be retrying and my legitimate users are losing services.
> >>
> >>What relaying permissions did you have?
> >
> >
> > FEATURE('relay_entire_domain')
> > HACK('popauth')
> > ...none of which worked for *me* in my continuing struggle to find a
> > secure way to let my users use a remote MUA
> > ...both commented out for now, as well as removed all domains in the
> > "Relay Domains" (Webmin again) file
>
> No real clues there, need to see a qf file as mentioned last time.
Sorry - could you explain "qf" file?
> >>>2. MySql is shut down for some reason, I don't know if it's related to
> >>>the attack. "service msqld status" returns "msqld dead but subsys
> >>>locked"
> >>
> >>Perhaps it collapsed under the load? Will "service msqld restart"
> >>restart it?
> >
> >
> > "Timeout error occured trying to start MySQL Deamon"
> > "Starting MySQL [FAILED]
> > ... having to do with the "subsys locked" problem above I believe -
> > but how to fix that?
>
> Doesn't "service msqld stop" clear the "subsys locked" error?
no - start, stop, restart, nothing works
in the logfile is the entry:
/usr/libexec/mysqld: Can't find file: './mysql/host.frm' (errno:13)
which isn't in previous restart attempts
More information about the fedora-list
mailing list