Portal Home > Knowledgebase > Articles Database > VPS Hacked? I'm lost!
VPS Hacked? I'm lost!
|Posted by ChaseMe, 06-04-2010, 02:01 PM|
|I have a CentOS 5.2 VPS running cPanel. This machine isn't up to much, hosts a small basic website with BEA and MySQL.
Now I noticed in the Exim log that 'mailnull' has been sending 1 message a day to a gmail account I'm not familiar with. I checked with the hosting company and they don't have any info for me on this.
So I see 4 'nobody' running HTTPD, but I've read this should be normal. Then I see 'mailnull' running Exim as well as root. Is this normal? Any ideas how or why this person is getting a message sent to them once a day?
No the website on this server does not have the ability to send mails to users/visitors.
|Posted by venkatam, 06-04-2010, 02:18 PM|
|Maybe the following will help:
|Posted by htbsales, 06-04-2010, 02:20 PM|
|CENTOS 5.2 is a bit dated with 5.5 out now. You should at least be running 5.3 or 5.4 to remain somewhat updated. Do you keep CPANEL updated as well?
You can install CSF as a firewall on your VPS which will help reduce cases such as these where mailnull and increase the logging in exim to report the user who may be sending this message.
You can also switch to suPHP which would prevent normal distribution of mail as the mailnull identity.
|Posted by ChaseMe, 06-04-2010, 02:21 PM|
|Now that I look at it again I have the follow two instances:
mailnull 30347 0.0 0.1 10232 1184 ? Ss 02:16 0:00 /usr/sbin/exim -bd -q60m
|Posted by cmimrie, 06-04-2010, 07:11 PM|
|That process looks fine, it's simply exim running with a queue time of 60 minutes.
What sort of message is being sent, is it spam or is it a server message?
|Posted by ChaseMe, 06-07-2010, 09:53 AM|
|Forgive my inexperience with Linux and Exim, how can I check the contents of a message that's been sent from the server?
Add to Favourites Print this Article
OpenVZ to XEN (Views: 311)