Jump to content

Problemas com Spam

Facha

By Facha
in Painéis de controle & Softwares

 Share

Recommended Posts

Facha

Facha

Posted
Posted (edited)

Bem pessoal, estou com um problema aqui, hoje de manha acordei fui ver os tickets que tinha para responder e deparei-me com o site offline junto com todo o servidor cPanel.
 
Fui ver meu email para saber se era alguma manutenção por parte do datacenter e para minha surpresa tinha este email:
 

Hi,

SUSPENDING spamming Server 3707; it has 206 SMTP connections

**********************************************
List of processes running on Server 3707
**********************************************
6340 httpd /usr/local/apache/bin/httpd -k start -DSSL
9114 cpsrvd webmaild - serving 188.114.111.36
19674 cpsrvd webmaild - serving 188.114.111.36
19958 exim /usr/sbin/exim -Mc 1XSPx7-0005W0-Kf
19961 exim /usr/sbin/exim -Mc 1XSPx7-0005W0-Kf
19995 cpsrvd webmaild - serving 188.114.111.36
19999 exim /usr/sbin/exim -Mc 1XSPx8-0005WC-Cv
20009 exim /usr/sbin/exim -Mc 1XSPx8-0005WC-Cv
20014 cpanel /usr/local/cpanel/cpanel -webmail ./webmail/x3/index.html
20018 php
484539 httpd /usr/local/apache/bin/httpd -k start -DSSL
772354 init init
772565 kthreadd/3707
772566 khelper/3707
773039 udevd /sbin/udevd -d
773821 rsyslogd /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
773838 named /usr/sbin/named -u named
773879 snmpd /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
773892 sshd /usr/sbin/sshd
773903 mysqld_safe /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/cp1.vexgames.net.pid
774064 mysqld /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/lib/mysql/cp1.vexgames.net.err --open-files-limit=6164 --pid-file=/var/lib/mysql/cp1.vexgames.net.pid
774222 saslauthd /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
774226 saslauthd /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
774840 pure-ftpd pure-ftpd (SERVER)
774844 pure-authd /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
774855 crond crond
774873 atd /usr/sbin/atd
775361 mingetty /sbin/mingetty console
775364 mingetty /sbin/mingetty tty2
962722 dovecot /usr/sbin/dovecot
962728 pop3-login dovecot/pop3-login
962729 imap-login dovecot/imap-login
962730 anvil dovecot/anvil
962731 log dovecot/log
962733 pop3-login dovecot/pop3-login
962734 imap-login dovecot/imap-login
962735 config dovecot/config
962736 auth dovecot/auth
965677 clamd /usr/local/cpanel/3rdparty/bin/clamd
966214 exim /usr/sbin/exim -bd -q1h
966672 /usr/local/cpan /usr/local/cpanel/3rdparty/perl/514/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid --max-children=3 --max-spare=1
968147 spamd child spamd child
976929 leechprotect /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
976930 httpd /usr/local/apache/bin/httpd -k start -DSSL
976931 httpd /usr/local/apache/bin/httpd -k start -DSSL
976932 httpd /usr/local/apache/bin/httpd -k start -DSSL
976934 httpd /usr/local/apache/bin/httpd -k start -DSSL
977003 httpd /usr/local/apache/bin/httpd -k start -DSSL
977801 httpd /usr/local/apache/bin/httpd -k start -DSSL
980358 queueprocd - wa queueprocd - wait to process a task
980376 cpsrvd cpsrvd - waiting for connections
980397 dnsadmin - serv dnsadmin - server mode
980484 tailwatchd tailwatchd
980498 cPhulkd - proce cPhulkd - processor
980529 cpdavd - accept cpdavd - accepting connections on 2077 and 2078
980538 cpanellogd - sl cpanellogd - sleeping for logs
980566 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
980567 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
980568 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
980569 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
980570 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
980571 stunnel /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
995309 httpd /usr/local/apache/bin/httpd -k start -DSSL
1028957 ssl-params dovecot/ssl-params
1044924 httpd /usr/local/apache/bin/httpd -k start -DSSL
1045000 httpd /usr/local/apache/bin/httpd -k start -DSSL


--
Greg Pulford 

Alguma ideia de como posso encontrar o desgraçado que anda soltando flood da minha maquina?
De momento coloquei um DROP no iptables a todo o SMTP e dei stop no exim para "conter o problema" ate achar uma solução, alguem sabe como acho o desgraçado?

 

 

@EDIT

 

Acho que posso afirmar com segurança que é o "impro" ne?

BQ2NdtP.png

Edited by Facha
0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...

Important Information

Do you agree with our terms?

  I accept
-