Spam Schleuder ?

D

Dennisda

Registered User
Hallo,

ich möchte lieber auf Nummer sicher gehen.
Innerhalb von 30 min läuft der mailq mit bis zu über 1500 Einträge voll.
Nu so sehe die Einträge aus:

547A3801C1* 9740 Tue Feb 13 12:25:15 MAILER-DAEMON
name@Domain

50574800DB* 619 Tue Feb 13 12:21:22 wwwrun@Hostname
blackbox.storage@yahoo.com

595A5800E1* 3319 Tue Feb 13 12:21:59 wwwrun@Hostname
patrickobasan001@yahoo.dk
Click to expand...

So nu, der Apache läuft auch unter wwwrun. Da habe ich den ganze Großen verdacht das ein Kontakt Formular als Spam Schleuder dient.

Nu ich möchte lieber auf nummer sicher gehen da in den Logs nüx zufinden ist.
Wie sieht Ihr das ?
Kann ich den Fluß Serverseitig stoppen ?
Beim zweiteren bin ich mir nicht so ganz sicher -_-
 
Hallo Dennis!

1. Stoppe Deinen MTA damit darüber kein Spam mehr versendet wird
2. Entferne die Spams aus der Warteschlange
3. Analysiere das Apachelogfile um Deinen Verdacht zu bestätigen
4. Entferne das unsichere Mailformular oder sichere es entsprechend ab

Gruß flyingoffice
 
Hallo flyingoffice,

1) gestoppt. Jedoch steht dieses in der Mailq:

BD54D34802A 945 Tue Feb 13 12:47:55 wwwrun

2F15634802B 945 Tue Feb 13 12:52:52 wwwrun

AD55734802C 10649 Tue Feb 13 12:53:53 wwwrun

55A8034802D 945 Tue Feb 13 12:55:00 wwwrun

C3D9034802E 930 Tue Feb 13 12:58:04 wwwrun

4E32934802F 9583 Tue Feb 13 12:59:21 wwwrun

20FB2348030 9319 Tue Feb 13 13:03:46 wwwrun

A1974348031 10000 Tue Feb 13 13:05:35 wwwrun
Click to expand...
2) Entfernt. Hinzuzufügen möchte ich noch das es Definitive Spam ist:

Code: 
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
72264800CE*   11069 Tue Feb 13 12:39:11  wwwrun@Meinhost
(host mailin-03.mx.aol.com[64.12.137.89] said: 421-:  (RLY:CS4) http://postmaster.info.aol.com/errors/421rlycs4.html  421 SERVICE NOT AVAILABLE)
                                         dragonlady1344@aol.com
(host smtp1.accnorwalk.com[64.186.192.25] said: 450 4.3.2 <sample21@accnorwalk.com>: Recipient address rejected: Try again later)
                                         sample21@accnorwalk.com
(host mailin-02.mx.aol.com[205.188.155.89] said: 421-:  (RLY:CS4) http://postmaster.info.aol.com/errors/421rlycs4.html  421 SERVICE NOT AVAILABLE)
                                         tinab123799@cs.com
              (Name service error for mailrecv.bigmailbox.com: Host not found)
                                         mihar@cybermurid.com
           (connect to a34-mta04.direcpc.com[66.82.4.105]: Connection refused)
                                         kcarter499@direcway.com
     (connect to relay.cisp.com[208.252.179.200]: server refused mail service)
                                         msc85@mailaka.net
                    (Name service error for my.com: Host not found, try again)
                                         sotourban@my.com
  (connect to cluster8a.us.messagelabs.com[216.82.248.44]: Connection refused)
                                         evidal@pennysaverusa.com
                     (connect to punkmail.com[64.40.116.41]: No route to host)
                                         skankinpunk666@punkmail.com
         (connect to tetrafish.shentel.net[204.111.1.229]: Connection refused)
                                         tusngfrm@shentel.net
              (Name service error for brainerd.net: Host not found, try again)
                                         martydog@brainerd.net
(host g.mx.mail.yahoo.com[209.191.88.239] said: 451 Message temporarily deferred - [170])
                                         adil_mafzool@yahoo.com
                                         amygilge@yahoo.com
                                         anastacia_beatles@yahoo.com
                                         arjun_thak99@yahoo.com
                                         audacious31@yahoo.com
                                         aviveros88@yahoo.com
                                         azaliapearson@yahoo.com
                                         beachboys2781@yahoo.com
                                         big_bootygirl68@yahoo.com
                                         birdieus53@yahoo.com
                                         bka_coco@yahoo.com
                                         bleachedandpierced@yahoo.com
                                         blister2001us@yahoo.com
                                         bobrobsutton2002@yahoo.com
                                         c_mushi@yahoo.com
                                         candykisses1475@yahoo.com
                                         candyw2004_69@yahoo.com
                                         carolconner2004@yahoo.com
                                         caroline_zamora@yahoo.com
                                         catscy11@yahoo.com
                                         cervejaycigarro@yahoo.com
                                         cheriaburn00@yahoo.com
                                         cincyfetick@yahoo.com
                                         crzyldy62002@yahoo.com
                                         dannasvir@yahoo.com
                                         davisboi19@yahoo.com
                                         dcable442000@yahoo.com
                                         deamon_killa_89@yahoo.com
                                         dedabutchie@yahoo.com
                                         derric300@yahoo.com
                                         dmdentre@yahoo.com
                                         dos5520@yahoo.com
                                         duke_shiznit@yahoo.com
                                         e17_4@yahoo.com
                                         elephanttrunk05@yahoo.com
                                         elnora_willis@yahoo.com
                                         elsierose37341@yahoo.com
                                         freefallfreak_14000feet@yahoo.com
                                         gineau2004@yahoo.com
                                         gueldrew@yahoo.com
                                         guiccicat@yahoo.com
                                         harlis_59@yahoo.com
                                         hussette@yahoo.com
                                         ironside_1@yahoo.com
                                         j_stone_80@yahoo.com
                                         jamn1884@yahoo.com
                                         jayroc000@yahoo.com
                                         jennirknight@yahoo.com
                                         jermania24us@yahoo.com
                                         jnion2000@yahoo.com
(host mail.texinet.net[208.32.99.23] said: 451 4.7.1 Greylisting in action, please come back in 00:05:00)
                                         jrmusick@texinet.net
                                         lrusso2@rochester.rr.com
                                         kjhna@se.rr.com
                                         llewis5257@cfl.rr.com
                                         miles727272@adelphia.net
                                         lillywanda@mfa.net
                                         amydwill27@adelphia.net
                                         yujtfrzpbhddtf@media4islam.org
                                         calico_collections@yahpp.com
                                         cruehlman@cinci.rr.com
                                         michgirl@mailblocks.com
                                         ashmarsters@xtra.co.nz
                                         sparx@satx.rr.com
                                         dagssmith@optusnet.com.au
                                         jhubbar3@rochester.rr.com
                                         cathyj@kingent.com
                                         dclay2@kc.rr.com

EB64D800D1     2837 Tue Feb 13 12:41:54  MAILER-DAEMON
           (Name service error for jennyspeirs.com: Host not found, try again)
                                         screen-finance.net@jennyspeirs.com

-- 23 Kbytes in 2 Requests.

3) Die Log files sind soweit sauber. Jedoch hier mal die Mail.log:

Code: 
Feb 13 12:41:54 p15134871 postfix/cleanup[4819]: EB64D800D1: message-id=<20070213114154.EB64D800D1@meinhost>
Feb 13 12:41:54 p15134871 postfix/qmgr[25330]: EB64D800D1: from=<>, size=2837, nrcpt=1 (queue active)
Feb 13 12:41:55 p15134871 postfix/smtp[3758]: connect to clmboh-01.mgw.rr.com[65.24.7.14]: server refused mail service (port 25)
Feb 13 12:41:55 p15134871 postfix/smtpd[4847]: disconnect from unknown[58.173.224.110]
Feb 13 12:41:56 p15134871 postfix/smtp[4965]: connect to hrndva-01.mgw.rr.com[24.28.204.20]: server refused mail service (port 25)
Feb 13 12:41:57 p15134871 postfix/smtp[5006]: EB64D800D1: to=<screen-finance.net@jennyspeirs.com>, relay=none, delay=3, status=deferred (Name service error for jennyspeirs.com: Host not found, try again)
Feb 13 12:42:00 p15134871 postfix/smtp[2976]: connect to orngca-01.mgw.rr.com[66.75.160.147]: server refused mail service (port 25)
Feb 13 12:42:00 p15134871 postfix/smtp[3786]: connect to orngca-01.mgw.rr.com[66.75.160.130]: read timeout (port 25)
Feb 13 12:42:01 p15134871 postfix/smtp[2772]: connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused mail service (port 25)
Feb 13 12:42:01 p15134871 postfix/smtp[2772]: 4776D800DE: to=<fdavis@si.rr.com>, relay=none, delay=3346, status=deferred (connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused mail service)
Feb 13 12:42:01 p15134871 postfix/qmgr[25330]: warning: qmgr_active_corrupt: save corrupt file queue active id 4776D800DE: No such file or directory
Feb 13 12:42:01 p15134871 postfix/smtp[3786]: connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused mail service (port 25)
Feb 13 12:42:03 p15134871 postfix/smtp[3786]: connect to clmboh-01.mgw.rr.com[65.24.7.10]: server refused mail service (port 25)
Feb 13 12:42:03 p15134871 postfix/smtp[3785]: connect to orngca-02.mgw.rr.com[66.75.160.142]: server refused mail service (port 25)
Feb 13 12:42:03 p15134871 postfix/smtp[2662]: connect to orngca-02.mgw.rr.com[66.75.160.141]: server refused mail service (port 25)
Feb 13 12:42:04 p15134871 postfix/smtp[2976]: connect to clmboh-01.mgw.rr.com[65.24.7.14]: server refused mail service (port 25)
Feb 13 12:42:06 p15134871 postfix/smtp[4965]: connect to clmboh-01.mgw.rr.com[65.24.7.19]: server refused mail service (port 25)
Feb 13 12:42:08 p15134871 postfix/smtp[2662]: connect to clmboh-01.mgw.rr.com[65.24.7.19]: server refused mail service (port 25)
Feb 13 12:42:09 p15134871 postfix/smtpd[3999]: connect from host240-179-dynamic.55-82-r.retail.telecomitalia.it[82.55.179.240]
Feb 13 12:42:09 p15134871 postfix/smtpd[3999]: 41775800CF: client=host240-179-dynamic.55-82-r.retail.telecomitalia.it[82.55.179.240]
Feb 13 12:42:09 p15134871 postfix/cleanup[4831]: 41775800CF: message-id=<01c74f63$fe8f9dd0$6c822ecf@bristle'stoweling>
Feb 13 12:42:09 p15134871 postfix/qmgr[25330]: 41775800CF: from=<bristle'stoweling@publicist.com>, size=3502, nrcpt=1 (queue active)
Feb 13 12:42:09 p15134871 postfix/smtp[2662]: connect to orngca-01.mgw.rr.com[66.75.160.147]: server refused mail service (port 25)
Feb 13 12:42:09 p15134871 postfix/smtpd[3999]: disconnect from host240-179-dynamic.55-82-r.retail.telecomitalia.it[82.55.179.240]
Feb 13 12:42:09 p15134871 postfix/local[4981]: 41775800CF: to=<web40p1@p15134871.meinhostname>, relay=local, delay=0, status=sent (mailbox)
F

4) derzeit in Arbeit.
 
Das einzigste was ich in der Error.log finden konnte ist dieser Eintrag:

[Feb 13 11:22:03 2007] [error] [Client Hier die IP] Client sent Http/1.1 request without hostname ( see RFC2616 section 14.23): /w00tw00.at.ISC.SANS.DFind:)
Click to expand...

Sonst halt das übliche, das Bilder nicht gefunden wurden.
 
Hallo!

Du hast jetzt aber hoffentlich nicht nur das error.log durchsucht. Suche mal in den Logs nach "POST".

Gruß flyingoffice
 
You must log in or register to reply here.
Back
Top