Re: [Exim] Server hacked....

Top Page
Delete this message
Reply to this message
Author: jvandal
Date:  
To: System
CC: Exim
Subject: Re: [Exim] Server hacked....
This message is in MIME format.
--
This message is in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi,

Not related to exim but your box is victim of a rootkit. Whant kind of O/S ? If it's Linux, does your kernel is patched against ptrace exploit ? Do you have apache or samba running on this box ?

Check the content of a message, I`ve see a few box that have been hacked and all message that are send out are "fake" eBay password reminder...

--
Joel Vandal

> From last few days the server load is continuously running between 25% -
> 75%. Someone has hacked into the server sending mail. Is there some way we
> can tract this and shut them out.
>
> 6166 root 0 3.2 0.5 sendmail
> 6173 root 0 3.2 0.5 sendmail
> 6175 root 0 3.0 0.5 sendmail
> 6180 root 0 3.0 0.5 sendmail
> 6187 root 0 3.0 0.5 sendmail
> 6163 root 0 2.9 0.5
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx2.mail.yahoo.com219R55Q-0003AL-00
> 6182 root 0 2.9 0.5 sendmail
> 6190 root 0 2.9 0.5
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx2.mail.yahoo.com219R55R-0003AU-00
> 6194 root 0 2.7 0.5
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx2.mail.yahoo.com219R55P-0003AE-00
> 5595 nobody 0 2.5 3.8 httpd
> 6155 root 0 2.5 0.5 sendmail
> 6186 root 0 2.5 0.5
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx2.mail.yahoo.com219R55T-0003Al-00
> 6158 root 0 2.3 1.0
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx2.mail.yahoo.com219R55S-0003AZ-00
> 6160 root 0 2.3 0.5 sendmail
> 6165 root 0 2.3 0.5
> /usr/sbin/exim-MCS-MCP-MCremote_smtpmx1.mail.yahoo.com219R55V-0003At-00
>
>
> Thank you,
>
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##

--
Content-Description: Clef publique PGP

[ Content of type application/pgp-keys deleted ]
--