Hi! One of my servers was hit with spam. One of my clients was spamming through this machine. It was hard to figure out who it really is, because the sites being advertised were not on my server and the return address was either <> or <anonymouse@xxxxxxx>. Now I have closed one of these hosting accounts n since last 24 hrs there is no suspecious activity. However there are couple of things that make me worried. 1. last time the spammed email's return-path was <root@xxxxxxxxxxxx> 2. if i issue the command #last if would see a user logging in within last few days. I have banned shell access accept from couple of hosts.. and most of the list is pretty much ok... except few entries like ... clientloginname ftpd30692 somehost.somedomain Fri Dec 3 13:30 gone - no logout clientloginname ftpd440 somehost.somedomain Thu Dec 2 20:29 - 20:29 (00:00) there are only very few users with shall, to my idea this clientloginname should not appear in the #last's list. Should I be suspecious and take some actions and what do I need to do, is there any checklist kind of thing so that I can assure if all is safe now. How can I check if there is no keylogger kinda thing in there. Kindly advise. Asif -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
