General discussion

Locked

Think I may have been rooted - HELP!

By jdclyde ·
I started a thread under e-mail because I am having a problem getting blacklisted by http://cbl.abuseat.org for a "CBL" violation.
I have been blacklisted five times in the last week.

http://techrepublic.com.com/5208-6230-0.html?PromoFeature=discussion&PromoByPassed=1&forumID=84&threadID=166540

The reasons for getting blacklisted are if you are a relay, (tested, not a relay) if you are NAT'ing the address then a different system may be running a trojan on them. I blocked all SMTP traffic from our lan to the internet from all except our mail server.

This is a linux RedHat 7.3 server running Domino 6.5.

The only thing left I can think of is someone hacked my system and is using me for SPAM?

Any advice? Links to follow? Which log files would show this and what to look for?

HTTP,SMTP, and POP are the only ports open to the mail server through our firewall.

Thanks for taking the time to look this over and for any advice you may have.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

chkrootkit

by apotheon In reply to Think I may have been roo ...

RedHat should include a "chkrootkit" command line utility that can check that sort of thing for you. If you're running 7.3, it's entirely possible that you don't have a really recent version of chkrootkit, unfortunately. You may want to look into getting a recent chkrootkit utility to find out if you've been "rooted".

Collapse -

Rootkit Hunter

by Thrash Cardiom In reply to Think I may have been roo ...

Download a copy of Rootkit Hunter from

http://www.rootkit.nl/projects/rootkit_hunter.html

Run it and check the results.

Collapse -

Linux conspiracy?

by jdclyde In reply to Think I may have been roo ...

Sorry I haven't checked back in or replied.

Seems these discussions never showed up in "my discussions" and it was out of sight/mind from there on.

I will go back and try to update the root checker, as well as the download recommended and see what that does for me.

The last time we tried to update the linux version if "broke" the dominos server. Will have to try it again with the most recent version of domino and the new Fedora core to see what that will do for us.

Thanks for taking the time to respond with your advice.

jeff

Back to Linux Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums