Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 15:29:26

Author Topic: /script/fixmail starts itself ?!  (Read 3472 times)

0 Members and 1 Guest are viewing this topic.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
/script/fixmail starts itself ?!
« on: 2014-04-14, 23:06:02 »
Why is this happening ?

It's very scary that fix processes are being started without knowledge of admin ...

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: /script/fixmail starts itself ?!
« Reply #1 on: 2014-04-15, 03:14:23 »
What's action before you found fixmail start?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: /script/fixmail starts itself ?!
« Reply #2 on: 2014-04-15, 08:52:36 »
Hi,

I tried to track a similar problem by making observation in csf a change of /home/vpopmail/etc/vpopmail.mysql. Then I knew precisely if that got changed and when.

I have a cron to reset the pass at a certain odd time.

When I receive an email from csf for that time, I know that it was by my cron. If not, then there is a problem that a trojaner exists the system, most likely that got through any of weak scripts residing on the server.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: /script/fixmail starts itself ?!
« Reply #3 on: 2014-04-15, 09:35:19 »
My customer got a message from Afterlogic that his account was full so he was trying to remove some junk mail then something started /script/fixmail-all....

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: /script/fixmail starts itself ?!
« Reply #4 on: 2014-04-15, 10:53:33 »
Hi Spacedust,

I can only shiver on what you are writing and hope that it is all wrong what you are saying!

How can it be that a script from a local directory be able to execute a fix script? That means that there was come code in the email ASCII file under email/inbox that could be executed by qmail spawn script, right?

Grrrr, thats really scary to hear...

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo

Page created in 0.03 seconds with 18 queries.

web stats analysis