- Joined
- Sep 1, 2007
- Messages
- 334 (0.05/day)
- Location
- UK
System Name | Moose 5800X3D |
---|---|
Processor | AMD Ryzen 7 5800X3D 3.4Ghz 4.5Ghz Boost 96MB L3 Cache |
Motherboard | Asus Prime X570-P |
Cooling | Custom Liquid Cooling covering CPU and GPU including liquid backplate for graphics memory cooling |
Memory | G.Skill Trident Z RGB 32GB (2 x 16GB) DDR4 DRAM 3600MHz CL18 |
Video Card(s) | PNY GeForce RTX 3090 XLR8 Gaming 24GB |
Storage | WD Black SN770 2 TB PCIe 4.0 NVMe M.2 + Samsung 970 EVO 1TB PCIe NVMe M.2 + 2x WD Caviar Black 750GB |
Display(s) | AOC 34" CU34G2/BK Ultra Wide @ 3440x1440 |
Case | Thermaltake Level 20 HT |
Audio Device(s) | Creative Sound Blaster Z SE |
Power Supply | Corsair TX850M 850W Semi Modular |
Mouse | Razer Viper Ultimate |
Keyboard | Rii K61c |
Software | Windows 11 Pro |
My server (Ubuntu 12.04) has recently been unable to send emails as it's IP has been blocked due to it being reported for email spam. I decided to investigate and was not pleased by what I discovered!
A wireshark capture revealed an email attempted to be sent about once every 10 seconds, further investigation seemed to show that sshd sessions were being initiated which were sending tons of emails, the sshd sessions also appeared to be connected to other ips who were presumably logged in?
The sshd sessions are called "sshd: root" so they are logged in as root, first thing I did was change the root password and remove all the keys.
Still sshd connections are being made and are sending emails! What can I do?
A wireshark capture revealed an email attempted to be sent about once every 10 seconds, further investigation seemed to show that sshd sessions were being initiated which were sending tons of emails, the sshd sessions also appeared to be connected to other ips who were presumably logged in?
The sshd sessions are called "sshd: root" so they are logged in as root, first thing I did was change the root password and remove all the keys.
Still sshd connections are being made and are sending emails! What can I do?