Today i recieved a call from a customer, and told me his website could not connect to the database. After looking at it, i discovered that my server hard disk is full. But i can't discover how my hard disk became so full. I done: du -sh */ 5.0M bin/ 14M boot/ 96K dev/ 7.6M etc/ 3.3M home/ 88M lib/ 16K lost+found/ 12K media/ 4.0K mnt/ 4.0K opt/ du: cannot access `proc/19595': No such file or directory du: cannot access `proc/19596': No such file or directory du: cannot access `proc/19597': No such file or directory du: cannot access `proc/19600': No such file or directory du: cannot access `proc/19601/task/19601/fd/4': No such file or directory du: cannot access `proc/19601/task/19601/fdinfo/4': No such file or directory du: cannot access `proc/19601/fd/4': No such file or directory du: cannot access `proc/19601/fdinfo/4': No such file or directory du: cannot access `proc/19603': No such file or directory du: cannot access `proc/19604': No such file or directory du: cannot access `proc/19605': No such file or directory du: cannot access `proc/19606': No such file or directory 0 proc/ 39M root/ 4.1M sbin/ 4.0K selinux/ 4.0K srv/ 0 sys/ 4.0K tmp/ 836M usr/ du: cannot access `var/spool/postfix/incoming/907E449CBB': No such file or directory du: cannot access `var/spool/postfix/incoming/478C44A4CA': No such file or directory du: cannot access `var/spool/postfix/incoming/12D364E9FF': No such file or directory du: cannot access `var/spool/postfix/incoming/49A1452434': No such file or directory du: cannot access `var/spool/postfix/incoming/796A1912AC': No such file or directory du: cannot access `var/spool/postfix/incoming/6B329917E5': No such file or directory 7.2G var/ Is there a possibility i`m under a spam attack? If not, how can i find out what's the reason for my full harddisk? Greets, Arjan.
It seems the pool directory is 4,9gb is that normal that this directory gets so big? All the mailboxes together only use a couple of hundreds mb.
Thats quite big. Chech with postqueue -p How many mails are in the queue. Maybe someone sends spam trough our server.
You're right, i got blacklisted by google since today. Yeah spam abuse.... Just done the postqueue -p and i see severall emails a second. 870878614C* 3007 Mon Apr 29 20:24:59 MAILER-DAEMON web10@(mydomain).nl I also got blacklisted by google since today. This is the second time spam got send from my ip. I still not know how they do it, but a fact is they do it. Any idea's suggestion to get rid of this spam abuse?
Something that pokes me, is the web10, its the folder where the website of that domain is hosted. Also there is no web10 email adres configured. Would it mean a security problem in the website that is hosted in the web10 folder...? I made a little script that logged everything that wen't trough sendmail, but no weird emails get logged.
This means that the web10 website sent spam, mots likely trough a vulnerable cms system or contact form. If there is a cms installed in that site, then install all available updates for that cms.
Oke, i disabled the mail form(only mail possibility at that website). But then it seems i made a mistake. I wanted to clear out the log files and because there where so extreme long, i deleted them using rm. Which now results in postfix not writing anything in those log files. Probably the permissions are wrong, any idea how i can restore the log files? Greets, Arjan.
