Suspicious System Activity
Fajar Priyanto
fajarpri at arinet.org
Fri Feb 6 10:23:42 UTC 2009
On Fri, Feb 6, 2009 at 6:06 PM, Dake K. Odzangba <odzangba at gmail.com> wrote:
> Hello, my system logs contain some pretty suspicious entries:
> Feb 6 09:57:20 mal-zeth nullmailer[13750]: Starting delivery: protocol: smtp
> host: mail. file: 1232786107.30076
> Feb 6 09:57:26 mal-zeth nullmailer[31122]: smtp: Failed: Connect failed
> Feb 6 09:57:26 mal-zeth nullmailer[13750]: Sending failed: Host not found
> Feb 6 09:57:26 mal-zeth nullmailer[13750]: Delivery complete, 5 message(s)
> remain.
>
> I have no idea what it's trying to send out and the same sequence repeats
> itself every two minutes or so. I'm freaking out here... has my system been
> compromised?
First of all it fails to send whatever, so, at least less risk.
Second, do: last
It will list all login activities, see if you see suspicious.
Third, do:
sudo updatedb
locate one of the file: locate 1232786107.30076
Try what file it is and the content.
Last, if you don't need nullmailer, uninstall it.
More information about the ubuntu-users
mailing list