Server gehackt 20.000 emails verschickt was nun?

[ssh3.de]

Hi, jemand hat aus Italien meinen server gehackt bzw. mit Qmail tausende emails verschickt.

1) Wie kann ich mich wehren
2) Wie haben die das gemacht? Lücke im System? (Opensuse 11)
3) Wie kann ich die Lücke Schließen?
4) Mach ich mich strafbar? (ehe nicht)

MfG

Filip

Jan 23 16:52:21 h124444 relaylock: /var/qmail/bin/relaylock: mail from 88.56.79.2:17420 (host2-79-static.56-88-b.business.telecomitalia.it)
Jan 23 16:52:21 h124444 qmail-queue-handlers[32632]: Handlers Filter before-queue for qmail started ...
Jan 23 16:52:21 h124444 qmail-queue-handlers[32632]: from=sixtiethyj5@3dstructures.com
Jan 23 16:52:21 h124444 qmail-queue-handlers[32632]: to=d24webuse@ssh3.de
Jan 23 16:52:21 h124444 qmail: 1264261941.819475 new msg 19029428
Jan 23 16:52:21 h124444 qmail: 1264261941.819604 info msg 19029428: bytes 1047 from <sixtiethyj5@3dstructures.com> qp 32633 uid 2020
Jan 23 16:52:21 h124444 qmail: 1264261941.829190 starting delivery 1119: msg 19029428 to local 7-d24webuse@ssh3.de
Jan 23 16:52:21 h124444 qmail: 1264261941.829398 status: local 1/10 remote 0/20
Jan 23 16:52:21 h124444 qmail-local-handlers[32634]: Handlers Filter before-local for qmail started ...
Jan 23 16:52:21 h124444 qmail-local-handlers[32634]: from=sixtiethyj5@3dstructures.com
Jan 23 16:52:21 h124444 qmail-local-handlers[32634]: to=d24webuse@ssh3.de
Jan 23 16:52:21 h124444 qmail-local-handlers[32634]: mailbox: /var/qmail/mailnames/ssh3.de
Jan 23 16:52:21 h124444 qmail-queue-handlers[32636]: Handlers Filter before-queue for qmail started ...
Jan 23 16:52:21 h124444 qmail-queue-handlers[32636]: from=sixtiethyj5@3dstructures.com
Jan 23 16:52:21 h124444 qmail-queue-handlers[32636]: to=cbs@gmx.de
Jan 23 16:52:21 h124444 qmail: 1264261941.848407 new msg 19029431
Jan 23 16:52:21 h124444 qmail: 1264261941.848476 info msg 19029431: bytes 1152 from <sixtiethyj5@3dstructures.com> qp 32637 uid 110
Jan 23 16:52:21 h124444 qmail: 1264261941.855084 starting delivery 1120: msg 19029431 to remote cbs@gmx.de
Jan 23 16:52:21 h124444 qmail: 1264261941.855210 status: local 1/10 remote 1/20
Jan 23 16:52:21 h124444 qmail: 1264261941.855248 delivery 1119: success: did_0+1+0/qp_32636/
Jan 23 16:52:21 h124444 qmail: 1264261941.855283 status: local 0/10 remote 1/20
Jan 23 16:52:21 h124444 qmail: 1264261941.855317 end msg 19029428
Jan 23 16:52:21 h124444 qmail-remote-handlers[32638]: Handlers Filter before-remote for qmail started ...
Jan 23 16:52:21 h124444 qmail-remote-handlers[32638]: from=sixtiethyj5@3dstructures.com
Jan 23 16:52:21 h124444 qmail-remote-handlers[32638]: to=cbs@gmx.de
Jan 23 16:52:22 h124444 qmail: 1264261942.147410 delivery 1120: success: 213.165.64.102_accepted_message./Remote_host_said:_250_2.6.0_Message_accepted_{mx117}/
Jan 23 16:52:22 h124444 qmail: 1264261942.147543 status: local 0/10 remote 0/20
Jan 23 16:52:22 h124444 qmail: 1264261942.147581 end msg 19029431
Jan 23 16:57:11 h124444 relaylock: /var/qmail/bin/relaylock: mail from 189.132.192.135:8148 (dsl-189-132-192-135-dyn.prod-infinitum.com.mx)
Jan 23 16:57:13 h124444 qmail-queue-handlers[1640]: Handlers Filter before-queue for qmail started ...
Jan 23 16:57:14 h124444 qmail-queue-handlers[1640]: from=teflonYa@pressdisplay.com
Jan 23 16:57:14 h124444 qmail-queue-handlers[1640]: to=thisisjusttestletter@ssh3.de
Jan 23 16:57:14 h124444 qmail-queue-handlers[1640]: to=d24webuse@ssh3.de
Jan 23 16:57:14 h124444 qmail: 1264262234.989512 new msg 19029428
Jan 23 16:57:14 h124444 qmail: 1264262234.989621 info msg 19029428: bytes 5790 from <teflonya@pressdisplay.com> qp 1641 uid 2020
Jan 23 16:57:14 h124444 qmail: 1264262234.996754 starting delivery 1121: msg 19029428 to local 7-thisisjusttestletter@ssh3.de
Jan 23 16:57:14 h124444 qmail: 1264262234.996886 status: local 1/10 remote 0/20
Jan 23 16:57:14 h124444 qmail: 1264262234.996979 starting delivery 1122: msg 19029428 to local 7-d24webuse@ssh3.de
Jan 23 16:57:14 h124444 qmail: 1264262234.997046 status: local 2/10 remote 0/20
Jan 23 16:57:15 h124444 qmail-local-handlers[1643]: Handlers Filter before-local for qmail started ...
Jan 23 16:57:15 h124444 qmail-local-handlers[1643]: from=teflonya@pressdisplay.com
Jan 23 16:57:15 h124444 qmail-local-handlers[1643]: to=thisisjusttestletter@ssh3.de
Jan 23 16:57:15 h124444 qmail-local-handlers[1643]: mailbox: /var/qmail/mailnames/ssh3.de
Jan 23 16:57:15 h124444 qmail-local-handlers[1644]: Handlers Filter before-local for qmail started ...
Jan 23 16:57:15 h124444 qmail-local-handlers[1644]: from=teflonya@pressdisplay.com
Jan 23 16:57:15 h124444 qmail-local-handlers[1644]: to=d24webuse@ssh3.de
Jan 23 16:57:15 h124444 qmail-local-handlers[1644]: mailbox: /var/qmail/mailnames/ssh3.de
Jan 23 16:57:15 h124444 qmail-queue-handlers[1646]: Handlers Filter before-queue for qmail started ...
Jan 23 16:57:15 h124444 qmail-queue-handlers[1645]: Handlers Filter before-queue for qmail started ...
Jan 23 16:57:15 h124444 qmail-queue-handlers[1645]: from=teflonya@pressdisplay.com
Jan 23 16:57:15 h124444 qmail-queue-handlers[1645]: to=cbs@gmx.de
Jan 23 16:57:15 h124444 qmail-queue-handlers[1646]: from=teflonya@pressdisplay.com
Jan 23 16:57:15 h124444 qmail-queue-handlers[1646]: to=cbs@gmx.de
Jan 23 16:57:15 h124444 qmail: 1264262235.028029 new msg 19029445

es kam bei mir folgende email an:


Von: d24webuse@ssh3.de ins Adressbuch

An: d24webuse@ssh3.de
Betreff: If you are disappointed in its second half, bold, come in!
Datum: Sat, 23. Jan 2010 16:50:56

If you are disappointed in its second half, bold, come in! 100% check - please visit
Natürlich ist der letzte Satz ein Link!

Ich kill erstmal qmail, damit das erstmal nicht passierte bevor wir das Problem lösen!
:evil:

[Joe User]

http://www.rootforum.org/forum/viewtopi ... 12#p316312

[Der-Tim]

Ich finde Punkt 1 und 2 mehr als wichtig... Vorallem sollte der Host neuinstalliert werden...