EMERGENCY - need to secure my server against an ongoing SPAMMER
Bob Brennan
rbrennan96 at gmail.com
Fri Mar 11 11:17:03 UTC 2005
On Fri, 11 Mar 2005 18:59:39 +0800 (SGT), Lai Zit Seng <lzs at pobox.com> wrote:
> On Fri, 11 Mar 2005, Bob Brennan wrote:
>
> > Sorry for the brevity here but I woke this morning to find my
> > mailserver sending 1000+ rejected email notices to postmaster@, and it
> > was increasing by the minute. I have shut down Sendmail and am
> > removing all relay permissions (I hope) but have a few issues that
> > need to be resolved quickly before going back online - knowing the
> > spammer will be retrying and my legitimate users are losing services.
> >
> > 1. There are 700+ emails sitting in the outgoing queue, I am using
> > WebMin to delete them but at 20 at-a-time it is useless. I need a
> > command line that will do it without causing more damage.
>
> I guess the fastest way is to simply delete everything under
> /var/spool/mqueue.
>
> > 2. MySql is shut down for some reason, I don't know if it's related to
> > the attack. "service msqld status" returns "msqld dead but subsys
> > locked"
>
> Well you could check the mysql logs to see if it gives you any clue about
> what might be wrong...
in the logfile is the entry:
/usr/libexec/mysqld: Can't find file: './mysql/host.frm' (errno:13)
which isn't in previous restart attempts
More information about the fedora-list
mailing list