Apache Ausfall durch Spambot?

Apache, Lighttpd, nginx, Cherokee
fulltilt
Posts: 363
Joined: 2006-08-27 02:06

Apache Ausfall durch Spambot?

Post by fulltilt » 2007-12-23 11:56

Kann es sein das dies ein Spambot verursacht?

apache logs:

Code: Select all

access.log
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
127.0.0.1 - - [23/Dec/2007:06:25:01 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:03 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:03 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:04 +0100] "GET /server-status?auto HTTP/1.1" 200 348 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:04 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:08 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:09 +0100] "GET /server-status?auto HTTP/1.1" 200 345 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:10 +0100] "GET /server-status?auto HTTP/1.1" 200 348 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:10 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"


error.log
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header

oxygen
RSAC
Posts: 2179
Joined: 2002-12-15 00:10
Location: Bergheim

Re: Apache Ausfall durch Spambot?

Post by oxygen » 2007-12-23 12:27

Du verschickst Spam.

fulltilt
Posts: 363
Joined: 2006-08-27 02:06

Re: Apache Ausfall durch Spambot?

Post by fulltilt » 2007-12-26 08:33

Da ist irgend ein schrottiges Mailscript im Einsatz:

from=<>

Code: Select all

Dec 25 07:32:31 host1 postfix/qmgr[21340]: 3BB0DE10C24: from=<>, size=15086, nrcpt=1 (queue active)
Dec 25 07:32:43 host1 postfix/qmgr[21340]: 0B01CE10C25: from=<>, size=15535, nrcpt=1 (queue active)


Ist dann [21340] die System User ID ?
Wie kann ich das am besten lokalisieren?

User avatar
Joe User
Project Manager
Project Manager
Posts: 11599
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache Ausfall durch Spambot?

Post by Joe User » 2007-12-26 10:35

fulltilt wrote:Da ist irgend ein schrottiges Mailscript im Einsatz:

Das schrottige Mailscript heisst mod_proxy und möchte richtig konfiguriert werden.
fulltilt wrote:Ist dann [21340] die System User ID ?

Nein, die Prozess-ID.

fulltilt
Posts: 363
Joined: 2006-08-27 02:06

Re: Apache Ausfall durch Spambot?

Post by fulltilt » 2007-12-26 10:50

Danke Joe,

allerdings habe ich mod_proxy gar nicht aktiviert ...

Code: Select all

alias.load            cgi.load      mime_magic.conf     ssl.load
auth_basic.load       deflate.conf  mime_magic.load     status.load
auth_mysql.load       deflate.load  mod-security2.load  suexec.load
authn_file.load       dir.conf      negotiation.load    unique_id.load
authz_default.load    dir.load      php5.conf           userdir.conf
authz_groupfile.load  env.load      php5.load           userdir.load
authz_host.load       include.load  rewrite.load
authz_user.load       info.load     setenvif.load
autoindex.load        mime.load     ssl.conf


Joe User wrote:
fulltilt wrote:Da ist irgend ein schrottiges Mailscript im Einsatz:

Das schrottige Mailscript heisst mod_proxy und möchte richtig konfiguriert werden.
fulltilt wrote:Ist dann [21340] die System User ID ?

Nein, die Prozess-ID.