On 2/13/06, <b class="gmail_sendername">Madison Kelly</b> <<a href="mailto:linux-5ZoueyuiTZhBDgjK7y7TUQ@public.gmane.org">linux-5ZoueyuiTZhBDgjK7y7TUQ@public.gmane.org</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Jason Shein wrote:<br>> On Monday 13 February 2006 14:04, Madison Kelly wrote:<br>>> How could I check to see if I am an open relay?<br>><br>> These will work.<br>><br>> <a href="http://members.iinet.net.au/~remmie/relay/">
http://members.iinet.net.au/~remmie/relay/</a><br>> <a href="http://www.globedom.com/cgi-bin/relay">http://www.globedom.com/cgi-bin/relay</a><br><br> Thanks for the links! My server passed (not open).<br><br> Since then I've been digging through my logs and found this in
<br>'/var/log/messages'<br><br>Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session opened for user<br>root by (uid=0)<br>Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session closed for user root<br><br> Which is just seconds before the first spam from my 'apache' user was
<br>sent. From '/var/log/maillog':</blockquote><div><br>Madison,</div><br><div>In case someone hasn't already suggested, I highly recommend you disable root logins via ssh: in /etc/ssh/sshd_config (for Mandrake 10, anyway),
<br><br> PermitRootLogin no<br><br>This forces you to use sudo (or su) when you go to that box via ssh. A minor inconvenience, but a great security feature.<br><br></div></div>-- <br>Alex Beamish<br>Toronto, Ontario<br>