Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: debian-user@lists.debian.org
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: Tazman Deville <tazmandevil@gmx.com>
Date: Thu, 12 Dec 2013 05:22:03 +0100
Message-id: <[🔎] 20131212042203.GA23697@myownsite.me>
In-reply-to: <[🔎] 52A9287E.7010708@holgerdanske.com>
References: <[🔎] CAKkTUv2hUccoNBJ-UX1E=aqkdT9JSoVddG9mcVxgxQjE3qCzFQ@mail.gmail.com> <[🔎] 52A9287E.7010708@holgerdanske.com>

On Wed, Dec 11, 2013 at 07:07:42PM -0800, David Christensen wrote:
> On 12/11/2013 06:57 PM, Lukasz Szybalski wrote:
> >I run my own site, and I do have postfix, apache, wordpress, and moinmoin
> >installed. www-data is sending 100s of emails a minute. Either wordpress or
> >moinmoin is compromised? How do I debug to find out where is the problem?
> 
> I suggest that you shut down the machine immediately, pull all the
> drives, take images, put them into another machine, mount them, and
> start analyzing the contents.

At the very least, stop postfix.

Taz
-- 
http://tazmandevil.info
taz hungry

Reply to:

References:
- Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by Date: Using an AOS 1600x900 monitor with Wheezy
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread