I have a site on a shared server at dreamhost. My email account has been turned into a zombie and is sending out thousands of emails daily. This, charmingly, coincides with a Good Morning America-induced traffic spike of humongous proportions. DreamHost is breathing down my neck pretty badly. Can anyone direct me to a source of info on steps I can take to resolve the problem-particularly written for someone who still needs to concentrate real hard just to successfully FTP? Thanks in advance fellow DPers!
first if its a virus sending the mail, disconnect from net and scan your own system and see if the problem is your end, might pay to ask dreamhost to do the same? (some cpanels now have virus checkers in them) or, you could always change your email details (password etc)
J.D.- Debian Sarge. I can upload and run programs, but I have minimal expertise there. I can upload php and css files just fine, but my host installs my databases and mail app for me. Just-4-teens, I am on a mac with NAV, so I think I'm clean. I will look into changing my passwords. I have also noticed a script called "stealth" running on my account that is eating up a ton of CPU cycles, but I don't know if that script is something that should be there or not.
One of my websites is sending out alot of emails to all any name it can think of such as , , etc., etc. They all contain an attachment which is a virus, I simply delete all emails and run the virus scan provided in cPanel. I have contacted my host for this account as it is not hosted by myself and they said it is a virus which has been around for years and theres nothing you can do about it. Drew.
do you have access to that program "stealth"? download it, if its a virus NAV will pick it up, then ya know if thats the prob or not.
have you pointed out this "stealth" script to the host? do you have any form scripts that have been exploited?
This is the most idiotic and ridiculous response that a hosting company could've possibly come up with. It shows that they completely lost control over their environment and also means that you should switch to some other hosting cmpany whose personnel knows what they are doing. J.D.
Run "sudo netstat -antp" to see which ports this stealth script is using. Is it a VPS or just a shared server? The reason I'm asking is that you need to figure out how whatever's doing it got on this machine. If you are the only user, then you need to check all your access logs (e.g. somebody may have copied this program over FTP and then launched it over ssh). If you are not, then chances are that your hosting company misconfigured this machine and let the thing in. J.D.
HA! It was the Lupper virus targeting XML-RPC for PHP! http://www.theregister.co.uk/2005/11/07/linux_worm/ My host had to deal with the problem, and I had to rattle their cage a whole lot, but all is well now. Thank you all for your responses.
I agree. To say that they cannot remove the malware from their own machine shows ignorance and/or disdain for their customers.