Re: FED Up.
From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 01/06/04
- Next message: Giovanni: "Re: apache web server compromised and backdoor"
- Previous message: Cutaway: "Files not in default twpol.txt"
- In reply to: Nasir: "FED Up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 Jan 2004 22:22:28 +0000
Nasir spilled the following:
>
> I have a DATABASE server running MySQLD 3.23.58.Users vist and sign up
> their interest in my website.Now the problem is arising that when a
> user signs up first , they get emails of confirmation from my
> server.In addition to these emails , the customer also gets some
> annoyed e-mails from someone residing/depending totllay on @yahoo.com
> email-address maintaining the anonymity.
>
> I did try by sending only e-mails to some my own email address,
> whether someone is sniffering through my traffic, but I got no e-mail
> except the ones I had sent myself.
>
> After this I added some other email addresses in my DB server but I
> sent no email to them at all.This time all email addresses got those
> *annoying* e-mails also.
> I am really fed up with this issue, getting no clue how to come to
> know about this.
>
If you've get evidence that spammers have got Email addresses from your
database, and are continuing to do so, then it's much more likely that your
system has been compromised the data has been 'sniffed' from the internet.
> I am now thinking about adding --log option to safe_mysql to log all
> queries, But I am again doubtfull if that would do any help to me .
>
I guess from what you're (not) saying you don't run an IDS?
Check your firewall by running a remote scan on your server.
Install & run chkrootkit (http://www.chkrootkit.org/).
If your distro has package verification tools use them (e.g. rpm --verify)
If this doesn't turn up anything then you need to have a good hard look at
the CGI scripts you're using.
Don't feel bad - it happens to everybody at least once.
HTH
Colin
- Next message: Giovanni: "Re: apache web server compromised and backdoor"
- Previous message: Cutaway: "Files not in default twpol.txt"
- In reply to: Nasir: "FED Up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
