nixCraft Linux / UNIX / Shell Scripting Forum

nixCraft

Linux / UNIX Tech Support Forum

How do you track a spammer that is sending using nobody

This is a discussion on How do you track a spammer that is sending using nobody within the Mail Servers forums, part of the Mastering Servers category; I have a spammer on one of my servers but I cannot find the user that owns the account. They ...

Register free or login to your account to remove all advertisements.

Go Back   nixCraft Linux / UNIX / Shell Scripting Forum > Mastering Servers > Mail Servers

How do you track a spammer that is sending using nobody How do you track a spammer that is sending using nobody

Linux answers from nixCraft.

Register FAQ Members List Social Groups Calendar Forgotten your password? Mark Forums Read

Mail Servers Discussion on Postfix/Sendmail Mail servers and related program such as IMAP/POP3, Anti-Spam technologies.

Reply

 

Thread Tools Display Modes
  #1 (permalink)  
Old 23rd November 2009, 04:02 AM
DWHS's Avatar
Junior Member
  
Join Date: Nov 2009
Location: los angeles
OS: Centos
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
DWHS is on a distinguished road
Default How do you track a spammer that is sending using nobody
I have a spammer on one of my servers but I cannot find the user that owns the account. They are using a script that runs as nobody and then sends out bulk email with no identity. Any ideas of how to track this down?

I have scanned the logs over and over and nothing stands out or referencing a user on the server.
Reply With Quote
  #2 (permalink)  
Old 23rd November 2009, 05:19 PM
nixcraft's Avatar
Never say die
  
Join Date: Jan 2005
Location: BIOS
OS: RHEL
Scripting language: Bash, Perl, Python
Posts: 3,299
Thanks: 13
Thanked 413 Times in 306 Posts
Rep Power: 10
nixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond reputenixcraft has a reputation beyond repute
Default
Can you provide a little more information about mail server, web server, control panel etc?
__________________
Vivek Gite
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
 Do you run a Linux? Let's face it, you need help!
Cricket & IPL News Blog
Reply With Quote
  #3 (permalink)  
Old 24th November 2009, 04:01 AM
DWHS's Avatar
Junior Member
  
Join Date: Nov 2009
Location: los angeles
OS: Centos
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
DWHS is on a distinguished road
Default
Quote:
Originally Posted by nixcraft View Post
Can you provide a little more information about mail server, web server, control panel etc?
Sure it's centos 5, exim (exim-4.69-23.1_cpanel_maildir)

Cpanel, Apache 2.2, php5, mysql 5

Thanks,
Reply With Quote
  #4 (permalink)  
Old 8th December 2009, 05:02 AM
Junior Member
  
Join Date: Aug 2009
OS: Debian
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
thewebhostingdir is on a distinguished road
Default
Quote:
Originally Posted by DWHS View Post
I have a spammer on one of my servers but I cannot find the user that owns the account. They are using a script that runs as nobody and then sends out bulk email with no identity. Any ideas of how to track this down?

I have scanned the logs over and over and nothing stands out or referencing a user on the server.
You will need to check the exim logs, if you have an access to the server you can check it from /var/log/exim_mainlog. Once you get the error logs from the header ID you can get the email address from which SMTP authentication the email was sent.
Reply With Quote
Reply

Tags
nobody spammer

« How to configure sendmail | Mail Server Implementation with Heartbeat. »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads

Thread Thread Starter Forum Replies Last Post
Postfix Not Sending Mail manish_2479 Mail Servers 3 10th September 2009 01:38 PM
Script to track the changes made to a file hariharan.nb Shell scripting 1 11th June 2009 03:30 PM
Linux Copy an audio cd / track to hard disk Peterrodg Getting started tutorials 2 12th January 2008 10:50 PM
Track last reboot / shutdown time on linux server sweta Linux software 1 16th July 2007 06:20 AM
track changing in docs file zafar466 Windows Xp/2000/2003 server administration 0 12th March 2007 09:53 PM


All times are GMT +5.5. The time now is 01:01 PM.

Contact Us - Home - Archive - Privacy Statement - Terms of Service - Top

Powered by vBulletin® Version 3.8.6 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40