homepage Welcome to WebmasterWorld Guest from 54.242.126.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
/var/log full, have i been attacked?
site went down due to full /var/log directory, have we been attacked?
suga

5+ Year Member



 
Msg#: 4050657 posted 5:53 am on Dec 29, 2009 (gmt 0)

our site went down due to a full /var/log directory, the maillog file was particularly large. that file has been since deleted and we're now back up.

how can i tell if we have been attacked? where can i learn to analyze the maillog file to see if our domain is being used to spam people? here is an example of a line in our maillog file:

Dec 28 21:26:43 servername postfix/qmgr[2152]: 212DFC4323: to=<root@mydomain.com>, relay=none, delay=3969, delays=3939/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mydomain.com[ipaddress]: Connection timed out)

thanks in advance!

 

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4050657 posted 9:23 pm on Dec 31, 2009 (gmt 0)

If you have a problem, *save* your log files, don't delete them!
Or at least download and save part of the log files...

Check your FormMail (or similar script) to be sure that it is up-to-date and secure. Make sure that it does not accept newlines or any special characters in any of the 'address' headers such as 'To', 'From', 'CC', 'BCC', 'Reply-to' or 'Subject'. If it does, then it will be quite easy to send spam from your server using simple injection tricks.

If your server is commercially-hosted, ask your host for help. If they can't help, then you need a new host.

Jim

suga

5+ Year Member



 
Msg#: 4050657 posted 12:19 am on Jan 12, 2010 (gmt 0)

thank you for your response. yes i agree, the log file should have been saved! i will have to make sure our form mail is secure. thank you again.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved