Firstly, disconnect your server from the internet so as to stop spamming
people.
Try "ps" or "top" to see if there are any unidentified processes running,
especially ones using lots of cpu or memory. You may have been compromised
in some other way than FormMail, and a zombie mailserver installed somewhere
like /tmp or /usr/tmp. Eliminate that possibility before assuming mail is
being sent via sendmail through your form. Run one or more rootkit
detection programs such as "rkhunter" or "chkrootkit". If it is being sent
with sendmail, then your syslog daemon should be keeping logs in a standard
location such as /var/log/mail. Look in your apache logs to see if any
weird parameters were passed into any of your scripts at the time the
spamming started, or each time it occurs. If so, create a mod_security rule
to prevent it from happening again. Hope that helps.
Tom
----- Original Message -----
From: "M.Saeed Shaikh" <sha...@gm...>
To: <mod...@li...>
Sent: Thursday, July 28, 2005 4:53 AM
Subject: [mod-security-users] create sendmail command log file
> Hi,
>
> Someone is spamming from our mail server. Is there any way to create
> sendmail commands log file. So at least I can see who is using
> sendmail command. I think its usie php/FormMail script for send mail.
> However i alreay implement FormMail rule.
>
> I just want to create log file whenever sendmail command use.
>
> Thanx.
>
> --
> M.A.Shaikh
> Linux System Administrator
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September
> 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
|
