LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-15-2006, 04:36 PM   #1
davidar
LQ Newbie
 
Registered: Oct 2006
Posts: 3

Rep: Reputation: 0
Diagnose virus or hack, where do you start?


I have been using Linux for a couple of years, it has always done what I needed it to so I have never played with it too much.

I run Susi 10., Crossover office Dreamweaver Firefox, Perl and Evoliution.

My problem is this, I have started to receive many emails suggesting an email I sent bounced back.

e.g.

here is one example

From:
MAILER-DAEMON@doll-babies.com
To:
kqsh@bla.co.uk
Subject:
failure notice
Date:
Sun, 15 Oct 2006 10:29:50 -0700 (18:29 BST)


the only email address I use is david@bla.co.uk so the address above has been generated.

So has it been generated by a script on my Linux desktop or has someone got my email and are just generating emails from my valid email address with the exception of changing the name.

I use Avast antivirus and my Linux box looks clean.

can anyone help and advise me where I should look to find the problem.

thanks
David.

Last edited by davidar; 10-16-2006 at 04:22 PM.
 
Old 10-15-2006, 05:49 PM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Seems to me like one of the many many mail address spoofs out there. When I had a Yahoo account, I regularly received emails from myself supposedly.

Do you run the mailserver or is it a hosted server elsewhere?
 
Old 10-15-2006, 07:53 PM   #3
davidar
LQ Newbie
 
Registered: Oct 2006
Posts: 3

Original Poster
Rep: Reputation: 0
The mail server is run by my ISP, I use Susi 10 just as a desktop.

Is there anything I can do, or do I just use a filter to bin rejected emails?

cheers
David.
 
Old 10-16-2006, 01:36 PM   #4
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
If you have the mail headers, you can trace the originating ISP and let them now about the problem - they can then take action at their end.

At your end, you could set up some rules to only allow mail to be received internally from people in your address book....
 
Old 10-16-2006, 01:45 PM   #5
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
Also, I'd edit out your email real address from your first post, otherwise you're likely to find that you start getting a lot of spam to it since it's now in the public domain...
 
Old 10-16-2006, 04:22 PM   #6
davidar
LQ Newbie
 
Registered: Oct 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for all your help everyone.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help. Got virus and now stuck at start up. Tiyogi Linux - General 13 11-06-2007 09:11 PM
Time for Linux users to start using Anti-Virus? pengu Linux - Security 35 08-12-2006 07:32 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
diagnose partition conehead Linux - Software 1 08-27-2003 03:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration