nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

How do you track a spammer that is sending using nobody

This is a discussion on How do you track a spammer that is sending using nobody within the Mail Servers forums, part of the Mastering Servers category; I have a spammer on one of my servers but I cannot find the user that owns the account. They ...

Go Back   nixCraft Linux Forum > Mastering Servers > Mail Servers

How do you track a spammer that is sending using nobody How do you track a spammer that is sending using nobody

Linux answers from nixCraft.

Register FAQ Members List Social Groups Calendar Forgotten your password? Mark Forums Read

Mail Servers Discussion on Postfix/Sendmail Mail servers and related program such as IMAP/POP3, Anti-Spam technologies.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 23-11-2009, 04:02 AM
DWHS's Avatar
Junior Member
User
  
Join Date: Nov 2009
Location: los angeles
OS: Centos
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
DWHS is on a distinguished road
Default How do you track a spammer that is sending using nobody
I have a spammer on one of my servers but I cannot find the user that owns the account. They are using a script that runs as nobody and then sends out bulk email with no identity. Any ideas of how to track this down?

I have scanned the logs over and over and nothing stands out or referencing a user on the server.
Reply With Quote
  #2 (permalink)  
Old 23-11-2009, 05:19 PM
nixcraft's Avatar
Never say die
User
  
Join Date: Jan 2005
Location: BIOS
OS: RHEL
Scripting language: Bash and Python
Posts: 2,710
Thanks: 11
Thanked 245 Times in 184 Posts
Rep Power: 10
nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute
Default
Can you provide a little more information about mail server, web server, control panel etc?
__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help
Reply With Quote
  #3 (permalink)  
Old 24-11-2009, 04:01 AM
DWHS's Avatar
Junior Member
User
  
Join Date: Nov 2009
Location: los angeles
OS: Centos
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
DWHS is on a distinguished road
Default
Quote:
Originally Posted by nixcraft View Post
Can you provide a little more information about mail server, web server, control panel etc?
Sure it's centos 5, exim (exim-4.69-23.1_cpanel_maildir)

Cpanel, Apache 2.2, php5, mysql 5

Thanks,
Reply With Quote
  #4 (permalink)  
Old 08-12-2009, 05:02 AM
Junior Member
User
  
Join Date: Aug 2009
OS: Debian
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
thewebhostingdir is on a distinguished road
Default
Quote:
Originally Posted by DWHS View Post
I have a spammer on one of my servers but I cannot find the user that owns the account. They are using a script that runs as nobody and then sends out bulk email with no identity. Any ideas of how to track this down?

I have scanned the logs over and over and nothing stands out or referencing a user on the server.
You will need to check the exim logs, if you have an access to the server you can check it from /var/log/exim_mainlog. Once you get the error logs from the header ID you can get the email address from which SMTP authentication the email was sent.
Reply With Quote
Reply

Tags
nobody spammer

« How to configure sendmail | Mail Server Implementation with Heartbeat. »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads

Thread Thread Starter Forum Replies Last Post
Postfix Not Sending Mail manish_2479 Mail Servers 3 10-09-2009 01:38 PM
Script to track the changes made to a file hariharan.nb Shell scripting 1 11-06-2009 03:30 PM
Linux Copy an audio cd / track to hard disk Peterrodg Getting started tutorials 2 12-01-2008 10:50 PM
Track last reboot / shutdown time on linux server sweta Linux software 1 16-07-2007 06:20 AM
track changing in docs file zafar466 Windows Xp/2000/2003 server administration 0 12-03-2007 09:53 PM


All times are GMT +5.5. The time now is 01:06 PM.

Contact Us - nixCraft Home - Archive - Privacy Statement - Terms of Service - Top

Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38