hacking attempt ???

[xtreme2490]

My cron daemon mails me every our this :

Subj : Cron <root@Rayden> /usr/local/psa/admin/bin/php /usr/local/psa/admin/bin/ttsmailparse.php

Body :
Failed to open mailbox: Login failed.,Login failed.,Login failed.,Too many login failures


Yesterday i had 35000 mails in queue with [email protected] as sendto adress.


What can i do to prevent this. Which countermeasures to take.


Plesk 7.5.2 on RH 9.0

 

[poke]

absolutely a spam attempt i think.....

Install qmhandle to delete the 35,000 mails in queue.
here is the link: http://sourceforge.net/projects/qmhandle

Typically, this will more than likely be an actual customer of yours. Look around at your domains that look shady and check out some of the scripts they might be using.

I really don't know much else, just trying help get this thread started!

Best Regards,
poke

 

[xtreme2490]

any idea what this ttsmailparse.php file does ?
It seems that it is executed by cron every hour .

 

[poke]

Hey,
I have no idea what the php file might be doing.... I've had a couple spam attacks, but were all cgi related.

They were also trusted customers, then boom. Watch your a$$ or else you'll be on every spam DB out there......

As far as cron, dude, you must have a client or hacker that has your passwords to at least a low privalege account.

Delete the cron at once...... then investigate from there..... what username is executing the cron???

Best Regards,
poke

 

[xtreme2490]

Found what its for , its for the helpdesk mailgate so it's normal.