Off Topic - Can someone help?

Martin.Hepworth martinh at
Thu Jan 3 08:43:34 GMT 2008

Yeah, could be compromised php script that installed a root kit. Could be lots of things...

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces at [mailto:mailscanner-
> bounces at] On Behalf Of Hugo van der Kooij
> Sent: 03 January 2008 06:29
> To: MailScanner discussion
> Subject: Re: Off Topic - Can someone help?
> Hash: SHA1
> ajos1 at wrote:
> > I think I have a safe-ish system... (ie) not an open relay and so on...
> but TONIGHT all of a sudden something/someone is "suposably" able to
> relay.
> You are broken in to in some manner. Unless you take the system offline
> you will be sending spam and are to be held accountable.
> > Jan  3 01:28:50 www sendmail[5955]: m031SgPv005955:
> from=<dwkscy at>, size=1658, class=0, nrcpts=1,
> daemon=MTA, relay=localhost.localdomain []
> Your SMTP client lives localy.
> > Jan  3 01:49:36 www sendmail[8581]: m031mFpI008581:
> from=<okorfhzoaiadke at>, size=6253, class=0, nrcpts=51,
> msgid=<CYSGRANINJSFZUJCWXBWXXN at>, bodytype=8BITMIME, proto=SMTP,
> daemon=MTA, relay=localhost.localdomain []
> And agaim.
> So you need to take the system offline and start forensics on the unit.
> As it is you should not trust ANYTHING on that machine. So anything you
> use to investigate needs to be started from a ReadOnly medium and not
> the system itself.
> I would start with the usual suspects like an SSH break in, ....
> Hugo.
> - --
> hvdkooij at     
> PGP/GPG? Use:
> 	A: Yes.
> 	>Q: Are you sure?
> 	>>A: Because it reverses the logical flow of conversation.
> 	>>>Q: Why is top posting frowned upon?
> Bored? Click on and rate those images.
> Version: GnuPG v1.4.7 (GNU/Linux)
> iD8DBQFHfIDCBvzDRVjxmYERAt5+AJ4o3lMKzJvK9NiklyXEQuGDmE7pxwCgiAAo
> zu88W1I9IC4qsfICJENFR6Q=
> --
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!

Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom

More information about the MailScanner mailing list