> Is there a static,server-side vulnerability/virus/malware/BadThings™ scanner?4个
我的服务器正在发送垃圾邮件,我无法找出发送它们的脚本.
电子邮件全部来自nobody @ myhost,因此禁用了cpanel,不允许任何人发送电子邮件
现在至少他们不会外出,我一直接受他们.这是我收到的邮件:
A message that you sent Could not be delivered to one or more of itsrecipIEnts. This is a permanent error. The following address(es) Failed: [email protected] Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings------ This is a copy of the message,including all the headers. ------Return-path: <[email protected]>Received: from nobody by cpanel.myserver.com with local (Exim 4.80) (envelope-from <[email protected]>) ID 1UBBap-0007EM-9r for [email protected]; Fri,01 Mar 2013 08:34:47 +1030To: [email protected]: Order DetailFrom: "Manager Ethan Finch" <[email protected]>X-Mailer: Fscfz(ver.2.75)Reply-To: "Manager Ethan Finch" <[email protected]>Mime-Version: 1.0Content-Type: multipart/alternative;boundary="----------1362089087512FD47F4767C"Message-ID: <[email protected]>Date: Fri,01 Mar 2013 08:34:47 +1030------------1362089087512FD47F4767CContent-Type: text/plain; charset="ISO-8859-1"; format=flowedContent-transfer-encoding: 7bit
这是我的exim日志日志:
2013-03-01 14:36:00 no IP address found for host gw1.corpgw.com (during SMTP connection from [203.197.151.138]:54411)2013-03-01 14:36:59 H=() [203.197.151.138]:54411 rejected MAIL [email protected]: HELO required before MAIL2013-03-01 14:37:28 H=(helo) [203.197.151.138]:54411 rejected MAIL [email protected]: Access denIEd - InvalID HELO name (See RFC2821 4.1.1.1)2013-03-01 14:37:28 SMTP connection from (helo) [203.197.151.138]:54411 closed by DROP in ACL2013-03-01 14:37:29 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q2013-03-01 14:37:29 Start queue run: pID=121552013-03-01 14:37:29 1UBBap-0007EM-9r ** [email protected] R=enforce_mail_permissions: Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings2013-03-01 14:37:29 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1UBBap-0007EM-9r2013-03-01 14:37:30 1UBHFp-0003A7-W3 <= <> R=1UBBap-0007EM-9r U=mailnull P=local S=7826 T="Mail delivery Failed: returning message to sender" for [email protected] 14:37:30 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UBHFp-0003A7-W32013-03-01 14:37:30 1UBBap-0007EM-9r Completed2013-03-01 14:37:32 1UBHFp-0003A7-W3 aspmx.l.Google.com [2607:f8b0:400e:c00::1b] Network is unreachable2013-03-01 14:37:38 1UBHFp-0003A7-W3 => [email protected] <[email protected]> R=lookuphost T=remote_smtp H=aspmx.l.Google.com [74.125.25.26] X=TLSv1:RC4-SHA:1282013-03-01 14:37:39 1UBHFp-0003A7-W3 Completed2013-03-01 14:37:39 End queue run: pID=121552013-03-01 14:38:20 SMTP connection from [127.0.0.1]:36667 (TCP/IP connection count = 1)2013-03-01 14:38:21 SMTP connection from localhost [127.0.0.1]:36667 closed by QUIT2013-03-01 14:42:45 cwd=/ 2 args: /usr/sbin/sendmail -t2013-03-01 14:42:45 1UBHKv-0003BH-LD <= [email protected] U=root P=local S=1156 T="[cpanel.server.com] Root Login from IP 122.181.3.130" for [email protected] 14:42:45 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UBHKv-0003BH-LD2013-03-01 14:42:47 1UBHKv-0003BH-LD aspmx.l.Google.com [2607:f8b0:400e:c00::1a] Network is unreachable2013-03-01 14:42:51 1UBHKv-0003BH-LD => [email protected] R=lookuphost T=remote_smtp H=aspmx.l.Google.com [74.125.25.27] X=TLSv1:RC4-SHA:1282013-03-01 14:42:51 1UBHKv-0003BH-LD Completed2013-03-01 14:43:22 SMTP connection from [127.0.0.1]:37499 (TCP/IP connection count = 1)2013-03-01 14:43:23 SMTP connection from localhost [127.0.0.1]:37499 closed by QUIT
有没有办法找到哪个脚本或哪个用户正在生成这些脚本?
解决方法 linux恶意软件检测( http://www.rfxn.com/projects/linux-malware-detect/)安装非常简单:).点击此链接,下载 http://www.rfxn.com/downloads/maldetect-current.tar.gz.此文件的链接位于网页的最顶部.然后解压缩此存档,通过在终端中运行cd转到新创建的目录.在目录中运行
sudo ./install.sh
这将把扫描仪安装到您的系统.要执行扫描本身,您将运行
sudo /usr/local / sbin / maldet -a /
-a选项在这里意味着你想要扫描所有文件.使用-r代替仅扫描最近的. /指定应执行扫描的目录.所以只需将其更改为您想要的任何目录.
只是 )
总结以上是内存溢出为你收集整理的linux – 如何找到我服务器上的哪个脚本发送垃圾邮件?全部内容,希望文章能够帮你解决linux – 如何找到我服务器上的哪个脚本发送垃圾邮件?所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)