[plug] Postfix Problems again (Spam Originating frommy mailserver)
Shannon Carver
Shannon.Carver at P-S-T.COM.AU
Thu Dec 1 14:19:15 WST 2005
Reveals:
www-data 8545 0.0 3.8 77168 4776 ? S 06:25 0:00 \_
/usr/sbin/apache
www-data 8546 0.0 3.8 77168 4772 ? S 06:25 0:00 \_
/usr/sbin/apache
www-data 8547 0.0 3.8 77168 4776 ? S 06:25 0:00 \_
/usr/sbin/apache
www-data 8548 0.0 3.8 77168 4776 ? S 06:25 0:00 \_
/usr/sbin/apache
www-data 8549 0.0 3.8 77168 4792 ? S 06:25 0:00 \_
/usr/sbin/apache
www-data 8613 0.0 3.8 77168 4776 ? S 06:28 0:00 \_
/usr/sbin/apache
www-data 8614 0.0 3.8 77172 4772 ? S 06:28 0:00 \_
/usr/sbin/apache
www-data 10850 0.0 3.3 77024 4188 ? S 14:01 0:00 \_
/usr/sbin/apache
www-data 18741 0.0 0.3 2172 492 ? S Nov29 0:00
www-data 32311 0.0 0.7 2172 888 ? S Nov30 0:00
Oh which I didn't notice the last two before, which I assume were
started both at midnight, I'll look at my crons now.. I thought I
checked this already, must have been after I restarted the box.
Shannon
-----Original Message-----
From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
Behalf Of simon
Sent: Thursday, 1 December 2005 2:07 PM
To: plug at plug.org.au
Subject: RE: [plug] Postfix Problems again (Spam Originating frommy
mailserver)
Shannon Carver (Shannon.Carver at P-S-T.COM.AU) wrote:
>
> Thanks, I'm looking into this now. What I've done for the moment is
cut
The other alternative is that youve been compromised (or at least they
have
access to www-data user).
What does "ps auxf |grep www-data" reveal?
--
=================
Simon Scott
simon at chrome64.org
mob: 0409113359
=================
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au
More information about the plug
mailing list