Been blacklisted >_< Was: Re:Is this spam coming from inside my network?

Alex Beamish talexb-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Feb 14 16:58:56 UTC 2006


On 2/13/06, Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> wrote:
>
> Jason Shein wrote:
> > On Monday 13 February 2006 14:04, Madison Kelly wrote:
> >> How could I check to see if I am an open relay?
> >
> > These will work.
> >
> > http://members.iinet.net.au/~remmie/relay/
> > http://www.globedom.com/cgi-bin/relay
>
>    Thanks for the links! My server passed (not open).
>
>    Since then I've been digging through my logs and found this in
> '/var/log/messages'
>
> Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session opened for user
> root by (uid=0)
> Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session closed for user root
>
>    Which is just seconds before the first spam from my 'apache' user was
> sent. From '/var/log/maillog':


Madison,

In case someone hasn't already suggested, I highly recommend you disable
root logins via ssh: in /etc/ssh/sshd_config (for Mandrake 10, anyway),

  PermitRootLogin no

This forces you to use sudo (or su) when you go to that box via ssh. A minor
inconvenience, but a great security feature.

--
Alex Beamish
Toronto, Ontario
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20060214/a29d94eb/attachment.html>


More information about the Legacy mailing list