LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page user "apache" email
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Thread Tools
Old 12-12-2007, 01:05 PM   #1
twk
Member
 
Registered: Feb 2002
Location: Canada
Distribution: Fedora/RHEL
Posts: 150
Thanked: 1
user "apache" email

[Log in to get rid of this advertisement]
We have a box that contains user-installed scripts (php/perl/mysql - same as normal share hosting environment), we suspect it's sending out spam (email admin already put a cap on this server). However maillog only shows user apache so we suspect it's one of the web applications/scripts has been compromised. We only inherited this box recently (I really want to get rid of it...). Normally in our environment it's one web application per box and mostly for internal use only therefore figure out which script is sending out email is simple.

How do I figure out which script/webapp (running as apache) is sending out email?
twk is offline     Reply With Quote
Old 12-13-2007, 09:02 AM   #2
jphilput
Member
 
Registered: Nov 2007
Posts: 58
Thanked: 0
You can use the lsof command to list all files opened by the apache user.

lsof -i -u apache

will show you all files opened by the apache user that are currently accessing the network. You can do a lot more with the lsof tool. For more granular information on its options, I would suggest taking a look at the lsof man page.
jphilput is offline     Reply With Quote
Old 12-14-2007, 12:14 AM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 222
Thanked: 1
I ban "apache" and/or "nobody" sent emails at the door with an appropriate bounce message telling why it's being refused. 98% percent of the time it's this exact case here. If you run a mailserver, you might want to consider this case-in-point.
jayjwa is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting apache configured for "~" for user directories Alotau Linux - Server 4 04-04-2007 09:15 AM
Apache "per-user" directories opafire Linux - Software 1 08-15-2004 02:10 AM
How to have vsftpd ask for anon user to "send email for password"? dmurray8888 Linux - Software 0 04-27-2004 04:08 PM
where is "user apache" shell log? mikejrm Linux - Security 2 09-05-2003 04:29 AM
Apache Related: "http://host/~user" instead of "http://host/~user/" ? scrawl Linux - Software 2 05-19-2003 01:02 AM


All times are GMT -5. The time now is 06:34 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration