Apache, Lighttpd, nginx, Cherokee
-
fulltilt
- Posts: 366
- Joined: 2006-08-27 02:06
-
Post
by fulltilt »
Kann es sein das dies ein Spambot verursacht?
apache logs:
Code: Select all
access.log
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
122.126.111.4 - - [23/Dec/2007:06:23:21 +0100] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 302 369 "-" "-"
127.0.0.1 - - [23/Dec/2007:06:25:01 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:03 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:03 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:04 +0100] "GET /server-status?auto HTTP/1.1" 200 348 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:04 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:08 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:09 +0100] "GET /server-status?auto HTTP/1.1" 200 345 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:10 +0100] "GET /server-status?auto HTTP/1.1" 200 348 "-" "libwww-perl/5.805"
127.0.0.1 - - [23/Dec/2007:06:25:10 +0100] "GET /watch-list HTTP/1.1" 200 9808 "-" "libwww-perl/5.805"
error.log
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
sendmail: fatal: No recipient addresses found in message header
-
oxygen
- Posts: 2138
- Joined: 2002-12-15 00:10
- Location: Bergheim
-
Post
by oxygen »
Du verschickst Spam.
-
fulltilt
- Posts: 366
- Joined: 2006-08-27 02:06
-
Post
by fulltilt »
Da ist irgend ein schrottiges Mailscript im Einsatz:
from=<>
Code: Select all
Dec 25 07:32:31 host1 postfix/qmgr[21340]: 3BB0DE10C24: from=<>, size=15086, nrcpt=1 (queue active)
Dec 25 07:32:43 host1 postfix/qmgr[21340]: 0B01CE10C25: from=<>, size=15535, nrcpt=1 (queue active)
Ist dann [21340] die System User ID ?
Wie kann ich das am besten lokalisieren?
-
Joe User
- Project Manager
- Posts: 11185
- Joined: 2003-02-27 01:00
- Location: Hamburg
-
Post
by Joe User »
fulltilt wrote:Da ist irgend ein schrottiges Mailscript im Einsatz:
Das schrottige Mailscript heisst mod_proxy und möchte richtig konfiguriert werden.
fulltilt wrote:Ist dann [21340] die System User ID ?
Nein, die Prozess-ID.
-
fulltilt
- Posts: 366
- Joined: 2006-08-27 02:06
-
Post
by fulltilt »
Danke Joe,
allerdings habe ich mod_proxy gar nicht aktiviert ...
Code: Select all
alias.load cgi.load mime_magic.conf ssl.load
auth_basic.load deflate.conf mime_magic.load status.load
auth_mysql.load deflate.load mod-security2.load suexec.load
authn_file.load dir.conf negotiation.load unique_id.load
authz_default.load dir.load php5.conf userdir.conf
authz_groupfile.load env.load php5.load userdir.load
authz_host.load include.load rewrite.load
authz_user.load info.load setenvif.load
autoindex.load mime.load ssl.conf
Joe User wrote:fulltilt wrote:Da ist irgend ein schrottiges Mailscript im Einsatz:
Das schrottige Mailscript heisst mod_proxy und möchte richtig konfiguriert werden.
fulltilt wrote:Ist dann [21340] die System User ID ?
Nein, die Prozess-ID.
