I do not understand what these mails are but they just started happening on my cloud,, it shows like my system is trying to mail all the weird ass email addresses, and they are failing of course, but what is it and why is it sending these,,, and more importantly where do I stop it!??!?... they been happening for hours now, all night tonight
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
ced@eklettika.it
The mail server could not deliver mail to ced@eklettika.it. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
------ This is a copy of the message, including all the headers. ------
Return-path: <nicola.florindo@unibo.it>
Received: from localhost ([127.0.0.1]:40595 helo=cloud.viptopia.net)
by cloud.viptopia.net with esmtp (Exim 4.82)
(envelope-from <nicola.florindo@unibo.it>)
id 1WDrYp-0002MY-3n
for ced@eklettika.it; Thu, 13 Feb 2014 02:22:19 -0600
Received: from cloud.viptopia.net (axi-64-92 [204.93.210.127]) by cloud.viptopia.net (mailer) with SMTP id 6Hx69Yf2sCXi for <ced@eklettika.it>; Thu, 13 Feb 2014 02:22:18 -0600
Date: Thu, 13 Feb 2014 02:22:18 -0600
From: "VoiceMail443" <nicola.florindo@unibo.it>
Message-ID: <56442517.10923834405320@cloud.viptopia.net>
To: <ced@eklettika.it>
Subject: Messaggio vocale id:9412217862
MIME-Version: 1.0
{LINE[content]#MARK}
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: 8bit
Nome Balbina utente ha lasciato un messaggio vocale.
Oggetto: "Impegno"
Messaggi lunghi 00:04:55.
http://davepridgen.com/Message_110220146785.zip?VoiceMailz3pKwCpOE
MY SITES http://viptopia.net general social networking | http://www.rangerschat.com/ niche site |
and here is another one, they are coming and wont stop and i have no idea what is generating them and where to stop these!
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
apuzone@libeo.it
The mail server could not deliver mail to apuzone@libeo.it. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
------ This is a copy of the message, including all the headers. ------
Return-path: <dernhelm@jumpy.it>
Received: from localhost ([127.0.0.1]:41640 helo=cloud.viptopia.net)
by cloud.viptopia.net with esmtp (Exim 4.82)
(envelope-from <dernhelm@jumpy.it>)
id 1WDrmV-0002x6-S5
for apuzone@libeo.it; Thu, 13 Feb 2014 02:36:27 -0600
Received: from [10.0.0.100] by cloud.viptopia.net id JfZx8JevSn4Z; Thu, 13 Feb 2014 02:36:27 -0600
Message-ID: <00c401cf2896$ae35ca80$6400000a@cloud.viptopia.net>
From: "VoiceMail190" <dernhelm@jumpy.it>
To: <apuzone@libeo.it>
Subject: Nuovo messaggio vocale id-4385
Date: Thu, 13 Feb 2014 02:36:27 -0600
MIME-Version: 1.0
{LINE[content]#MARK}
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: 8bit
Nome Eleanora utente ha lasciato un messaggio vocale.
http://nelliegailorthodontics.com/VoiceMessage.zip?VoiceMailEYgXDGVMZ
Oggetto: "Domande prestito"
Messaggi lunghi 00:02:3.
MY SITES http://viptopia.net general social networking | http://www.rangerschat.com/ niche site |
those email does not exist. For some reason there are emails being sent from your server to them and since the email addresses do not exist, it throws a message back with said information. caredesign.net |
ok i just sshed into my server to see who was logged in and see there are 2 roots logged in and one is me and ONE IS NOT.. i done did a password change but he is still connected, it is the ip to a godaddy server it looks like ip 50.63.53.53
i did iptables -I INPUT -s 50.63.53.53 -j DROP to drop and ban the ip, but "w" still sows he is connected.. i need help fast please!
MY SITES http://viptopia.net general social networking | http://www.rangerschat.com/ niche site |
just did an entire server reboot, im guessing whoever it was got in and was sending out emails,, ok i changed the whm password and the ssh password,, what else do I need to do to get my server back secure???.. dont want to forget something here and have them back in cause worse problems
MY SITES http://viptopia.net general social networking | http://www.rangerschat.com/ niche site |
https://niceday-hosting.co.uk | http://northumberlandfriends.co.uk |http://kids-tv.net |
careful with configserver, I installed it and it locked me out of the server, no shell access. I had to use the KVM console to get into the server and remove it. iptables will do what you need to do.
If you are accessing the server from a static IP address, you can use iptables to lock shell access to just YOUR ip address, or to any other ip address needing root access. Be careful of course as if you enter it wrong you will be locked out. Might be good to lock it to a few ips you have access to in case for some reason your ip address changes.
You can also set up private keys to access the server as an extra measure.
Geeks, making the world a better place |
Think of all the emails that did go out; hopefully your mail server won't get placed on a blacklist(s). Geeks, making the world a better place |
