LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page user "apache" email
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-12-2007, 01:05 PM   #1
twk
Member
 
Registered: Feb 2002
Location: Canada
Distribution: Fedora/RHEL
Posts: 152

Rep: Reputation: 31
user "apache" email

We have a box that contains user-installed scripts (php/perl/mysql - same as normal share hosting environment), we suspect it's sending out spam (email admin already put a cap on this server). However maillog only shows user apache so we suspect it's one of the web applications/scripts has been compromised. We only inherited this box recently (I really want to get rid of it...). Normally in our environment it's one web application per box and mostly for internal use only therefore figure out which script is sending out email is simple.

How do I figure out which script/webapp (running as apache) is sending out email?
 
Old 12-13-2007, 09:02 AM   #2
jphilput
Member
 
Registered: Nov 2007
Posts: 58

Rep: Reputation: 15
You can use the lsof command to list all files opened by the apache user.

lsof -i -u apache

will show you all files opened by the apache user that are currently accessing the network. You can do a lot more with the lsof tool. For more granular information on its options, I would suggest taking a look at the lsof man page.
 
Old 12-14-2007, 12:14 AM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 248

Rep: Reputation: 36
I ban "apache" and/or "nobody" sent emails at the door with an appropriate bounce message telling why it's being refused. 98% percent of the time it's this exact case here. If you run a mailserver, you might want to consider this case-in-point.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting apache configured for "~" for user directories Alotau Linux - Server 4 04-04-2007 09:15 AM
Apache "per-user" directories opafire Linux - Software 1 08-15-2004 02:10 AM
How to have vsftpd ask for anon user to "send email for password"? dmurray8888 Linux - Software 0 04-27-2004 04:08 PM
where is "user apache" shell log? mikejrm Linux - Security 2 09-05-2003 04:29 AM
Apache Related: "http://host/~user" instead of "http://host/~user/" ? scrawl Linux - Software 2 05-19-2003 01:02 AM


All times are GMT -5. The time now is 10:24 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration