Server is sending massive spam.

New Member Joined: Aug 18, 2004 Posts: 6

Hello all, I have been getting thousands upon thousands of returned spam email touting some spray that you put on your license plate to keep cameras from taking your picture of your plate when you blow a stop sign. Any way I originally thought that they were just using my domain for all the bounces because they are using a ficticious account name. But now my server company tells me that I have been hacked. So this email is being sent from my server. Here is the email they sent me.

[root@ chkrootkit-0.44]# ./chkrootkit|grep INFECTED
warning, got bogus unix line.
Checking `bindshell'... INFECTED (PORTS: 465)

I am a rookie to command line. I dont have much understanding of administering my server as root.

Right now I have qmail turned off to stop the spam. The problem is that I run two email sites on my server and now they cannot send or recieve email.

Is there anyone that can give me a suggestion as to what to do?

Thank you

Pilgrim

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

This, to me, sounds like since they hacked your server, your host is the one that needs to figure this out as they are responsible for your server software and protection. Of course this would depend upon your SLA with your host.

Posted: Thu Sep 23, 2004 2:17 pm

Yes, well you get what you pay for, and my agreement with the host is that its unmanaged. In any case from what I have been reading around the net, the only way to be sure that the installed root kit is completely removed is to back up your websites, and then re-install the server and start from scratch. I was just hoping to avoid doing that. But I guess I dont have a choice. Thanks.

Pilgrim