Shutting down the daemon temporarily would stop the abuse until a better
answer comes to the list. I was helping in the way I new, kill the
process. I used the surf as root as an example. It is the most common
thing new users do. It was also the first security warning I read.
Probably the malicious person, if that is what is happening, knows of a
security hole in a package (an exploit) you have running on your system.
There are places to look for these exploits on a frequent basis, especially
if running a server of some kind. After you shut down Sendmail I suggest
you browse these.
You may find the fix at Mandrake's security fix page.
Again, Good Luck\
Brian
-----Original Message-----
From: Eric L. Damron <
>Ripcrd6,
>
>Although my last post concerns the same problem it also contains new
>information. I want to know what this guy did on my server. Turning off
>sendmail forever isn't an option. And I have never "serfed as root." So
>please, If you have nothing positive to add then don't respond.
>
>Thank you
>-----Original Message-----
>From: Ripcrd6 <>
>
>>Please only start one thread on a subject. Did you see what Steve
Philip
>>wrote? He said turn off Sendmail for a starter. Please listen and
don't
>>panic.
<snip>
