Re: [mod-security-users] create sendmail command log file
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] create sendmail command log file
|
From: Tom A. <tan...@oa...> - 2005-07-28 15:08:34
|
Firstly, disconnect your server from the internet so as to stop spamming people. Try "ps" or "top" to see if there are any unidentified processes running, especially ones using lots of cpu or memory. You may have been compromised in some other way than FormMail, and a zombie mailserver installed somewhere like /tmp or /usr/tmp. Eliminate that possibility before assuming mail is being sent via sendmail through your form. Run one or more rootkit detection programs such as "rkhunter" or "chkrootkit". If it is being sent with sendmail, then your syslog daemon should be keeping logs in a standard location such as /var/log/mail. Look in your apache logs to see if any weird parameters were passed into any of your scripts at the time the spamming started, or each time it occurs. If so, create a mod_security rule to prevent it from happening again. Hope that helps. Tom ----- Original Message ----- From: "M.Saeed Shaikh" <sha...@gm...> To: <mod...@li...> Sent: Thursday, July 28, 2005 4:53 AM Subject: [mod-security-users] create sendmail command log file > Hi, > > Someone is spamming from our mail server. Is there any way to create > sendmail commands log file. So at least I can see who is using > sendmail command. I think its usie php/FormMail script for send mail. > However i alreay implement FormMail rule. > > I just want to create log file whenever sendmail command use. > > Thanx. > > -- > M.A.Shaikh > Linux System Administrator > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September > 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > |
