Menu
▾
▴
RE: [webmin-l] Sendmail config deleted messages
|
From: Neil A. <neil@JAMMConsulting.com> - 2003-08-15 03:49:54
|
Jamie: Thanks for the info. I think I found out what happened... The account was hacked. I see several logins from an IP address that I don't recognize and then searching /var/log/messages for that IP gives me many sequential port hits on the firewall. Someone obviously scanned my machine and hacked webmin before I could apply the upgrate that fixed the security hole. Thanks, Neil -- Neil Aggarwal, JAMM Consulting, (972)612-6056, www.JAMMConsulting.com FREE! Valuable info on how your business can reduce operating costs by 17% or more in 6 months or less! => http://newsletter.JAMMConsulting.com > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf > Of Jamie Cameron > Sent: Thursday, August 14, 2003 8:44 PM > To: web...@li... > Subject: RE: [webmin-l] Sendmail config deleted messages > > > Have a look at /var/webmin/miniserv.log for any calls to > sendmail/delete_mail.cgi - that is the only script that removes > messages. > > - Jamie > > On Thu, 2003-08-14 at 12:00, Neil Aggarwal wrote: > > Bill: > > > > Any ideas where I should look for a log of the deletion? > > I checked /var/log/messages and /var/log/maillog and don't > > see any evidence of it. > > > > Thanks, > > Neil > > > > -- > > Neil Aggarwal, JAMM Consulting, (972)612-6056, > www.JAMMConsulting.com > > FREE! Valuable info on how your business can reduce > operating costs by > > 17% or more in 6 months or less! => > http://newsletter.JAMMConsulting.com > > > > > -----Original Message----- > > > From: web...@li... > > > [mailto:web...@li...] On Behalf > > > Of Bill James > > > Sent: Wednesday, August 13, 2003 9:16 PM > > > To: web...@li... > > > Subject: Re: [webmin-l] Sendmail config deleted messages > > > > > > > > > Also I'll bet the deletion (if that's what happened) is > > > logged somewhere. > > > ----- Original Message ----- > > > From: "Joe Cooper" <jo...@sw...> > > > To: <web...@li...> > > > Sent: Wednesday, August 13, 2003 9:10 PM > > > Subject: Re: [webmin-l] Sendmail config deleted messages > > > > > > > > > > Blame the user. ;-) > > > > > > > > Seriously, though...I once was confused when mutt moved my > > > messages into > > > > an mbox in my home directory, out of the spool file. You > > > could check > > > > the home directory of the user, and the "mail" > subdirectory therein > > > > ("mail" is the directory where Usermin/Webmin keep folders, > > > by default). > > > > Maybe they accidentally moved them somewhere. But then > > > again, it's > > > > just as likely the messages were deleted accidentally, i.e. > > > not very. > > > > > > > > Neil Aggarwal wrote: > > > > > Joe: > > > > > > > > > > I checked the /var/mail file for the user. > > > > > There are messages in there, but they are from > > > > > today and on. There are none from before that. > > > > > > > > > > The messages he was saving are gone. > > > > > > > > > > Any ideas? > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet > _072303_01/01 > - > Forwarded by the Webmin mailing list at > web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > |