LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page user "apache" email
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-12-2007, 12:05 PM   #1
twk
Member
 
Registered: Feb 2002
Location: Canada
Distribution: Fedora/RHEL
Posts: 152

Rep: Reputation: 31
user "apache" email

We have a box that contains user-installed scripts (php/perl/mysql - same as normal share hosting environment), we suspect it's sending out spam (email admin already put a cap on this server). However maillog only shows user apache so we suspect it's one of the web applications/scripts has been compromised. We only inherited this box recently (I really want to get rid of it...). Normally in our environment it's one web application per box and mostly for internal use only therefore figure out which script is sending out email is simple.

How do I figure out which script/webapp (running as apache) is sending out email?
 
Old 12-13-2007, 08:02 AM   #2
jphilput
Member
 
Registered: Nov 2007
Posts: 58

Rep: Reputation: 15
You can use the lsof command to list all files opened by the apache user.

lsof -i -u apache

will show you all files opened by the apache user that are currently accessing the network. You can do a lot more with the lsof tool. For more granular information on its options, I would suggest taking a look at the lsof man page.
 
Old 12-13-2007, 11:14 PM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 774

Rep: Reputation: 243Reputation: 243Reputation: 243
I ban "apache" and/or "nobody" sent emails at the door with an appropriate bounce message telling why it's being refused. 98% percent of the time it's this exact case here. If you run a mailserver, you might want to consider this case-in-point.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting apache configured for "~" for user directories Alotau Linux - Server 4 04-04-2007 08:15 AM
Apache "per-user" directories opafire Linux - Software 1 08-15-2004 01:10 AM
How to have vsftpd ask for anon user to "send email for password"? dmurray8888 Linux - Software 0 04-27-2004 03:08 PM
where is "user apache" shell log? mikejrm Linux - Security 2 09-05-2003 03:29 AM
Apache Related: "http://host/~user" instead of "http://host/~user/" ? scrawl Linux - Software 2 05-19-2003 12:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:15 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration