[Hidden-tech] Need help finding what hijacked our email server port 25
Rich@tnr
rich at tnrglobal.com
Wed Sep 11 17:57:23 UTC 2024
Quick answer that might be helpful.
Requires SSH access:
fuser -n tcp 25
will give process ID using port 25 (SMTP), and then
ps process-id
That will give you the process runing the smtp server
and then kill it with (that will need root access)
kill -15 process-id
Rich (sorry booked up to help directly - let me know if no other answers.)
On 9/11/2024 1:16 PM, Steven Aronstein via Hidden-discuss wrote:
> Hi,
>
> We have an email server (Communigate hosted on Linode) that stopped
> responding. We discovered it was because something else on the server
> started using port 25. Except it wasn't anything we installed.
>
> master 811 root 13u IPv4 28666 0t0 TCP 127.0.0.1:25
> <http://127.0.0.1:25> (LISTEN) master 811 root 14u IPv6 28667 0t0
> TCP [::1]:25 (LISTEN)
>
>
> Then Linode warned us (and blocked) our server because the detected
> spam being sent from it. Which wasn't us.
>
> So, we appear to have some kind of virus or app that has hacked into
> our server and is using it.
> This may actually be a fairly simple process for someone in the know,
> but we don't have the resources at this moment to be that someone fast
> enough. We've had enough bad experiences hiring random gig workers
> online that we don't want to trust someone like that with access,
> however brief, to our mail server.
>
> Is there anyone in this group or locally or that people here trust up
> for a quick gig finding and purging the uninvited guest from our
> server so the mail server starts running and Linode will unblock it?
>
> You can call or text or email me privately as well. All suggestions,
> guidance, or references welcome.
>
> Thanks!
> Steve
> 413-207-5610
>
>
>
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page:http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
--
Rich Roth
CEO TnR Global
Bio and personal blog:http://rizbang.com
Building the really big sites:http://www.tnrglobal.com
Small/Soho business in the PV:http://www.hidden-tech.net
Places to meet for business:http://www.meetmewhere.com
And for Arts and relaxation:
http://TarotMuertos.com - Artistic Tarot Deck
http://www.welovemuseums.com
http://www.artonmytv.com/
Shakers:http://www.shakerpedia.com/
Helping move the world:http://www.earththrives.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20240911/28153808/attachment.html>
More information about the Hidden-discuss
mailing list