Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
On Wed, Dec 11, 2013 at 07:07:42PM -0800, David Christensen wrote:
> On 12/11/2013 06:57 PM, Lukasz Szybalski wrote:
> >I run my own site, and I do have postfix, apache, wordpress, and moinmoin
> >installed. www-data is sending 100s of emails a minute. Either wordpress or
> >moinmoin is compromised? How do I debug to find out where is the problem?
>
> I suggest that you shut down the machine immediately, pull all the
> drives, take images, put them into another machine, mount them, and
> start analyzing the contents.
At the very least, stop postfix.
Taz
--
http://tazmandevil.info
taz hungry
Reply to: