homepage Welcome to WebmasterWorld Guest from 174.129.62.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
dos attack?
homeless




msg:4053753
 3:31 pm on Jan 4, 2010 (gmt 0)

Hi,

I have several websites on a dedicated server that all function pretty much the same. Over the past few days, I noticed my main website was not loading. I displayed processes and found this....

25165 ? S 0:00 qmail-remote example.net iujelycyt3586@example.net
25166 ? S 0:00 /var/qmail/bin/qmail-remote.moved example.net iujelycyt3586@example.net
25172 ? S 0:00 qmail-remote example1.net.sa nywumyyfaf4577@example1.net.sa
25173 ? S 0:00 /var/qmail/bin/qmail-remote.moved example1.net.sa nywumyyfaf4577@example1.net.sa
25187 ? S 0:00 qmail-remote example.com aviatorsn35@example.com
25188 ? S 0:00 /var/qmail/bin/qmail-remote.moved example.com aviatorsn35@example.com

I've seen up to 10 entries so far. These entries just come and go. My other websites normally just pop right up as normal but one of my main websites does not.

Can someone tell me what this is? How I can stop it? Is it IP or domain related since the other sites don't have as many problems.

Ironically, I was in the process of moving my sites to a different server but I can't even get that done because at times I can't even reach the server.

[edited by: tedster at 5:11 am (utc) on Jan. 5, 2010]
[edit reason] switched to example.com [/edit]

 

lammert




msg:4060278
 11:47 pm on Jan 13, 2010 (gmt 0)

Qmail is a mail server program. It looks like your server is used quite heavily and unauthorized as an email server. There are three possibilities:

  1. Your server is hacked and someone is sending emails from the system level
  2. Your email server has an open relay setup and someone is using your server to distribute mail from another source outside of your server
  3. One of your websites has a hackable email form which is currently abused to send email from that webform via your email server to the outside world.

In all three cases: try to find the leak and close it, or better: move to a new server if you had that plan already.

homeless




msg:4060305
 12:26 am on Jan 14, 2010 (gmt 0)

Thank you for your response.

I think it is option 1. At 1 point my server reported that it would not allow me to sign in because it's log was full (or something like that).

I'm almost done moving. They will need to find a different host in a couple of days.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved