getting mailgraph spam and virus

Discussion in 'HOWTO-Related Questions' started by rayit, Jul 22, 2006.

  1. TheRudy

    TheRudy Member

    Code:
    drwxr-xr-x  2 web3_internet web3 4096 2006-07-28 16:48 .
    drwxr-xr-x  9 web3_internet web3 4096 2006-07-28 17:26 ..
    -rw-r--r--  1 web3_internet web3    0 2006-07-28 16:48 .csc
    -rwxr-xr-x  1 web3_internet web3 7009 2004-11-27 19:37 mailgraph.cgi
    -r--------  1 root          root    0 2006-06-18 11:09 .no_delete
    
    Before mailgraph.cgi was set as root - root with root, it didn't even show page.. I changed mailgrapgh.cgi manually to current permission..

    Any more ideas?
     
  2. falko

    falko Super Moderator Howtoforge Staff

    What's in suexec.log now? What's the output of
    Code:
    grep web3_internet /etc/passwd
    and
    Code:
    grep web3 /etc/group
    ?
     
  3. TheRudy

    TheRudy Member

    The same as already posted..
    Code:
    [2006-08-01 09:53:07]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 09:53:07]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 09:53:07]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 09:53:08]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:12]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    [2006-08-01 11:11:13]: uid: (10007/web3_internet) gid: (10003/10003) cmd: mailgraph.cgi
    
    Still the same..
    Code:
    web3_internet:x:10007:10003:internet email:/var/www/web3:/bin/false

    And again the same..
    Code:
    users:x:100:web3_xxx,web3_xxx,web3_alex,web3_xxx,web3_xxx,web3_xxx,web3_xxx
    web3:x:10003:admispconfig,web3_internet
    
    xxx replaced by me.. Could it be the problem that web3_internet is not on the users list? I mean, all users are listed there except for web3_internet user who is admin and is under web3.. eh..
     
  4. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    grep 10007 /etc/passwd
    ? I think that maybe more than one user has this ID on your system (otherwise suexec.log should mention web3_internet instead of 10007).
     
  5. TheRudy

    TheRudy Member

    Code:
    web3_internet:x:10007:10003:internet email:/var/www/web3:/bin/false
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Hm... And the output of
    Code:
    grep 10003 /etc/group
    ?
     
  7. TheRudy

    TheRudy Member

    Code:
    web3:x:10003:admispconfig,web3_internet
    I've done so much googling for this, trying a few things but the only way to get it working is by setting suexec to off.. I see that you also are a bit lost in the dark here.. its weird right?
     
  8. falko

    falko Super Moderator Howtoforge Staff

    It's strange, indeed...
     
  9. Ovidiu

    Ovidiu Active Member

  10. falko

    falko Super Moderator Howtoforge Staff

  11. Ovidiu

    Ovidiu Active Member

    very funny :D

    do you think you could share the regex (is that the right word?) expression which catches viruses and spams?
     
  12. falko

    falko Super Moderator Howtoforge Staff

    It's a standard amavisd.conf. Nothing special...
     

Share This Page