Author: fischb22
Date: 21-09-08 05:08
recently i got a call from the datacenter where my server is located
aparently i am spamming the hell out of everyone, i've since then closed the box down via firewall rules, for investigation
i have found that whenever i log in via SSH an email is created with the username and password of what i logged in with.
i think i have found some discrepancies with sshd
-rwxr-xr-x 1 root wheel 679755 Jan 9 2008 sshd
-r-xr-xr-x 1 root wheel 168488 Jan 9 2008 sshd0
this seems odd to me, all the other files in this directory are dated may 2006
i deleted the source tree, and am doing a csvup right now, going to reinstall sshd when that is done.
was not sure if anyone else found this, or has come accross it.
excpert from /var/log/maillog:
Sep 21 00:43:19 wacko sendmail[6831]: m8L4hIsj006831: to=mosul.cracila@gmail.com, ctladdr=adm
in (1001/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30094, relay=[127.0.0.1] [127
.0.0.1], dsn=2.0.0, stat=Sent (m8L4hIcA006834 Message accepted for delivery)
|
|
