echo "your box is owned via httpd. it was being used to attack se..."/>

Unknown issue please assist

Hello,

I have been having a problem with my VPS account for days. Every hour I get a message stating:

"Subject: Cron <nobody@--------> echo "your box is owned via httpd. it was being used to attack servers. httpd is being killed via crontab. please secure your machine" | wall; killall -9 httpd
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=nobody>
Message-Id: <E1BKYRh-0005RW-AM@-----------.net>
Date: Mon, 03 May 2004 03:05:01 -0500

httpd(28458): Operation not permitted"

I then set SMTP tweak and turned off mail from nobody and mailmull. This fixed it I thought until I saw that they were sitting in my mail que as undeliverable.

Mixed in with these undeliverable messages are what appear to be spam that is being sent from my account under different domains that I host. I looked at the HTML portion of the mail and it uses links to one of my domains and also has an iframe it, presumably for a viral exploit.

I have searched online for the last 3 days and heven't found anything that helps. Possibly I'm not searching the right topics but I am at a loss now.

I don't know what to think. My first guess is that someone is sending spam off my box and has an open door to do so.

How can I fix this ASAP? Help.

 

 

 

 

Top