Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Właśnie się zorientowałem, że ktoś chyba rozsyła z mojego serwera spam, jakiś włoski.
Ponieważ relay jest raczej zablokowany, podejrzewam jakiś bug, jako nadawca zawsze jest Debian-exim@mojadomena.pl
Myślałem ze to może via php, ale wtedy nadawcą byłby raczej www-data@mojadomena.pl
Jak można się zorientować, który program na pewno wysyła ten spam (ja zakładam bug w exim4) i ew. wyeliminować problem?
Serwer to debian lenny postawiony na vps, exim w z pakietów:
root@mojadomena:/var/mail/backup# dpkg -l | grep exim ii exim4 4.69-9+lenny4 metapackage to ease Exim MTA (v4) installati ii exim4-base 4.69-9+lenny4 support files for all Exim MTA (v4) packages ii exim4-config 4.69-9+lenny4 configuration for the Exim MTA (v4) ii exim4-daemon-heavy 4.69-9+lenny4 Exim MTA (v4) daemon with extended features, rc exim4-daemon-light 4.69-9 lightweight Exim MTA (v4) daemon ii exim4-doc-html 4.69-1 documentation for the Exim MTA (v4) in html ii exim4-doc-info 4.69-1 documentation for the Exim MTA (v4) in info root@mojadomena:/var/mail/backup#
Przykład spamu:
Return-path: <Debian-exim@mojadomena.pl> Envelope-to: bigpaul@pluto.it Delivery-date: Fri, 24 Feb 2012 10:50:34 +0100 Received: from Debian-exim by mojadomena.com with local (Exim 4.69) (envelope-from <Debian-exim@mojadomena.pl>) id 1S0jtO-0005iQ-VD for bigpaul@pluto.it; Fri, 24 Feb 2012 02:24:14 +0100 To: bigpaul@pluto.it Subject: In questa pagina puoi verificare l.avvenuta associazione del numero di telefono cellulare, necessario per l.abilitazione al sistema Sicurezza Web, a$ From: Poste Italiane <secureotp@poste.it> Content-Type: text/html Message-Id: <E1S0jtO-0005iQ-VD@mojadomena.com> Date: Fri, 24 Feb 2012 02:24:14 +0100 <html> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style> <!-- p { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: bla$ p1 { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: bl$ span { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: $ --> </style> </head> <body link="#990000" vlink="#990000" alink="#990000" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"><table width="605"><tr><td><span><br><p> <b>Gentile Cliente,</b><br></p><p> Poste Italiane introduce un nuovo sistema di sicurezza pera la tua carta Postepay.<br> Il nuovo sistema per l'autorizzazione delle operazioni di pagamento<br> (ricariche Postepay, ricariche telefoniche, pagamento bollettini)<br> effettuate con la Postepay sui siti di Poste Italiane, prevede l'utilizzo di due strumenti:<br><br> <b>A. la carta Postepay</b>;<br><br> <b>B. il telefono cellulare</b> "associato alla carta", sul quale verrà inviata via SMS<br> la password dispositiva "usa e getta" denominata OTP (One Time Password),<br> appositamente generata per ogni operazione di pagamento.<br><br> <b>Attenzione!</b><br><br> <b>Dal 1 febbraio 2012 è obbligatorio attivare il sistema Sicurezza web Postepay per eseguire le operazioni di ricarica Postepay, ricarica telefonica e pagamento bollettini sui siti di Poste Italiane con la tua Postepay.</b><br><br> Il nuovo processo di autorizzazione riguarderà le operazioni dispositive effettuate tramite pagamento con carta Postepay disponibili sul sito <a href="http://dilao.riniqu.net/x.php" target="_blank"><b>www.poste.it</b></a></p><hr>, all'interno di BancoPostaonline, BancoPosta Cli$ L'attivazione è semplice, gratuita e richiede 1 minuto.<br><br> <b>Prosegui con l'attivazione sul sito di <a href="http://dilao.riniqu.net/x.php" target="_blank"><b>Poste Italiane</b></a></p><hr></b> <br>Distinti saluti,<br> Poste Italiane<br> </span></td></tr> </table> </body> </html>
Offline
Time (s) | Query |
---|---|
0.00012 | SET CHARSET latin2 |
0.00005 | SET NAMES latin2 |
0.00235 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.137.169.14' WHERE u.id=1 |
0.00112 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.137.169.14', 1732635680) |
0.00053 | SELECT * FROM punbb_online WHERE logged<1732635380 |
0.00110 | DELETE FROM punbb_online WHERE ident='3.145.89.89' |
0.00191 | SELECT topic_id FROM punbb_posts WHERE id=195720 |
0.00118 | SELECT id FROM punbb_posts WHERE topic_id=20762 ORDER BY posted |
0.00165 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=20762 AND t.moved_to IS NULL |
0.00019 | SELECT search_for, replace_with FROM punbb_censoring |
0.00133 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=20762 ORDER BY p.id LIMIT 0,25 |
0.00182 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=20762 |
Total query time: 0.01335 s |