Help! I've been used as a SPAM launch point!

Mike Edwards Mon, 8 Jun 1998 16:02:14 -0400
When I got back from lunch today, I heard our server's hard drive spinning
like crazy.  We don't get a lot of traffic, so this concerned me.  A quick
look at ps aux and my debug.log showed that I was being used as a SPAM
host.  I'm pretty mad right now!
What can I do to prevent this from happening again?  Anything?  I thought
I was snug and cozy behind our firewall...

FWIW, here's a snippet from my debug.log (pardon my verbosity):

Jun  8 13:43:15 iserver sendmail[12617]: NAA12617: Authentication-Warning: 
iserver.ega.com: mail set sender to <[EMAIL PROTECTED]> 
using -f
Jun  8 13:43:15 iserver sendmail[12617]: NAA12617: 
from=<[EMAIL PROTECTED]>, size=5518, class=0, pri=35518, 
nrcpts=1, msgid=<000b01bd930c$9d0011c0$[EMAIL PROTECTED]>, 
relay=mail@localhost
Jun  8 18:43:15 iserver smapd[12616]: delivered file=sma012615 pid=12617 code=0
Jun  8 13:43:16 iserver sendmail[12619]: NAA12617: to=<[EMAIL PROTECTED]>, 
ctladdr=<[EMAIL PROTECTED]> (8/0), delay=00:00:01, 
xdelay=00:00:01, mailer=local, stat=Sent
Jun  8 13:43:28 iserver ipop3d[12621]: connect from jim3_pc
Jun  8 13:43:28 iserver ipop3d[12621]: Login user=edwards host=jim3_pc
Jun  8 13:43:28 iserver ipop3d[12621]: Logout user edwards host jim3_pc
Jun  8 18:43:37 iserver smap[12622]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:37 iserver smap[12623]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:37 iserver smap[12624]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:38 iserver smap[12625]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:38 iserver smap[12626]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:38 iserver smap[12627]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:39 iserver smap[12628]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:39 iserver smap[12629]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:39 iserver smap[12630]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:40 iserver smap[12631]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:40 iserver smap[12632]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:40 iserver smap[12633]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:41 iserver smap[12634]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:41 iserver smap[12635]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:42 iserver smap[12636]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:42 iserver smap[12637]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:42 iserver smap[12638]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:43 iserver smap[12639]: connect 
host=ad21-107.arl.compuserve.com/199.174.163.107
Jun  8 18:43:48 iserver smap[12623]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:48 iserver smap[12623]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:48 iserver smap[12623]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:48 iserver smap[12623]: exiting 
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
[snip]
Jun  8 18:43:50 iserver smap[12626]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:50 iserver smap[12626]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:50 iserver smap[12626]: host=ad21-107.arl.compuserve.com/199.174.163.107 
bytes=4510 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 18:43:50 iserver smap[12626]: exiting 
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
[snip]
Jun  8 19:57:19 iserver smap[13758]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8347 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:57:19 iserver smap[13758]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8347 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:57:19 iserver smap[13758]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8347 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:54 iserver smap[13759]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8081 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:00 iserver smap[13760]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8219 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:00 iserver smap[13760]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8219 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:00 iserver smap[13760]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8219 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
Jun  8 19:56:00 iserver smap[13760]: host=ad52-001.arl.compuserve.com/199.174.186.1 
bytes=8219 from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]

(My apologies to anyone that received this sh*t through me!)

Thanks!
Mike
==========================
Mike Edwards, MIS
Edwards Graphic Arts, Inc.
mailto:[EMAIL PROTECTED]


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.
Help! I've been used as a SPAM launch point!

Reply via email to
