1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

hacking attempt ???

Discussion in 'Plesk for Linux - 8.x and Older' started by xtreme2490, Mar 28, 2005.

  1. xtreme2490

    xtreme2490 Guest

    0
     
    My cron daemon mails me every our this :

    Subj : Cron <root@Rayden> /usr/local/psa/admin/bin/php /usr/local/psa/admin/bin/ttsmailparse.php

    Body :
    Failed to open mailbox: Login failed.,Login failed.,Login failed.,Too many login failures


    Yesterday i had 35000 mails in queue with sgemaileditor@catcha.com as sendto adress.


    What can i do to prevent this. Which countermeasures to take.


    Plesk 7.5.2 on RH 9.0
     
  2. poke

    poke Guest

    0
     
    absolutely a spam attempt i think.....

    Install qmhandle to delete the 35,000 mails in queue.
    here is the link: http://sourceforge.net/projects/qmhandle

    Typically, this will more than likely be an actual customer of yours. Look around at your domains that look shady and check out some of the scripts they might be using.

    I really don't know much else, just trying help get this thread started!

    Best Regards,
    poke
     
  3. xtreme2490

    xtreme2490 Guest

    0
     
    any idea what this ttsmailparse.php file does ?
    It seems that it is executed by cron every hour .
     
  4. poke

    poke Guest

    0
     
    Hey,
    I have no idea what the php file might be doing.... I've had a couple spam attacks, but were all cgi related.

    They were also trusted customers, then boom. Watch your a$$ or else you'll be on every spam DB out there......

    As far as cron, dude, you must have a client or hacker that has your passwords to at least a low privalege account.

    Delete the cron at once...... then investigate from there..... what username is executing the cron???

    Best Regards,
    poke
     
  5. xtreme2490

    xtreme2490 Guest

    0
     
    Found what its for , its for the helpdesk mailgate so it's normal.
     
Loading...