Re: [exim] Hijacked "www" user for sending out spam

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMThomas Hochstein at <-
MChristian Recktenwald at ->
Delete this message
Reply to this message
Author: christoph.kliemt
Date:  
To: exim-users
Subject: Re: [exim] Hijacked "www" user for sending out spam
"list1" <list1@???> writes:

> Hello,
>
> It seems like somebody has hijacked "www" user for sending out spam
> like there is no tomorrow. You can see a small section of my exim log
> below or a little longer at this address:
> http://www.dnsbureau.com/exim_main.log.txt I've been looking at
> various other logs for hours trying to figure out what was
> compromised, but there is absolutely no trace of activity like logins
> from authenticated or system users via smtp/imap/pop. www is a system
> account with no shell access.

What process run with this id? lamp? Maybe some hijacked that
process...

hth, Christoph


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Hijacked "www" user for sending out spam[exim] Re: Connection refused: too many connections - why?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)