Welcome to WebmasterWorld Guest from 54.146.5.196

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

/var/log full, have i been attacked?

site went down due to full /var/log directory, have we been attacked?

     
5:53 am on Dec 29, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 23, 2007
posts: 48
votes: 0


our site went down due to a full /var/log directory, the maillog file was particularly large. that file has been since deleted and we're now back up.

how can i tell if we have been attacked? where can i learn to analyze the maillog file to see if our domain is being used to spam people? here is an example of a line in our maillog file:

Dec 28 21:26:43 servername postfix/qmgr[2152]: 212DFC4323: to=<root@mydomain.com>, relay=none, delay=3969, delays=3939/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mydomain.com[ipaddress]: Connection timed out)

thanks in advance!

9:23 pm on Dec 31, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


If you have a problem, *save* your log files, don't delete them!
Or at least download and save part of the log files...

Check your FormMail (or similar script) to be sure that it is up-to-date and secure. Make sure that it does not accept newlines or any special characters in any of the 'address' headers such as 'To', 'From', 'CC', 'BCC', 'Reply-to' or 'Subject'. If it does, then it will be quite easy to send spam from your server using simple injection tricks.

If your server is commercially-hosted, ask your host for help. If they can't help, then you need a new host.

Jim

12:19 am on Jan 12, 2010 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 23, 2007
posts:48
votes: 0


thank you for your response. yes i agree, the log file should have been saved! i will have to make sure our form mail is secure. thank you again.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members