Facebook
Twitter
T
tnats@
Guest
One of my customers is somehow being hacked but we can't figure it out. Somehow someone is injecting 1000s of emails into qmail.
In the apache error log, I keep seeing this but it doesn't provide an IP address:
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory
sh: /cd: No such file or directory
More fun stuff:
qmail-inject: fatal: unable to parse this line:
bcc: [email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],mbeaud44@avalue="likelihood inurl:
sh: /uname: No such file or directory
sh: /id: No such file or directory
sh: /echo: No such file or directory
[Sun Feb 18 10:58:03 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Sun Feb 18 13:42:44 2007] [error] [client 71.212.177.30] File does not exist: /usr/share/psa-horde/favicon.ico
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory
The 71. IP address is a legit customer.
Can anyone help me here?
Thanks,
Tom
In the apache error log, I keep seeing this but it doesn't provide an IP address:
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory
sh: /cd: No such file or directory
More fun stuff:
qmail-inject: fatal: unable to parse this line:
bcc: [email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],mbeaud44@avalue="likelihood inurl:
sh: /uname: No such file or directory
sh: /id: No such file or directory
sh: /echo: No such file or directory
[Sun Feb 18 10:58:03 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Sun Feb 18 13:42:44 2007] [error] [client 71.212.177.30] File does not exist: /usr/share/psa-horde/favicon.ico
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory
The 71. IP address is a legit customer.
Can anyone help me here?
Thanks,
Tom
