Weird stuff in mail logs. Was my server hacked?
June 6, 2013 1:24 PM Subscribe
I'm running the latest LTS version of Ubuntu on my hosting provider's cloud VPS service. I recently noticed a series of weird, spammy looking messages in my server's mail.log file. Tech support at my hosting provider says it does not appear to be compromised; are they wrong?
posted by compartment to Computers & Internet (2 answers total) 1 user marked this as a favorite
Here is a random example of what shows up when I run the command
grep -v notification mail.log.4 | grep \ to\= | head -1:
May 10 09:36:18 mono postfix/smtp: 7FE39198497: to=[REMOVED EMAIL ADDRESS FOR WEBMASTER at SEO DOMAIN], relay=[REMOVED SPAMMY URL and IPv4 ADDRESS]:25, delay=1.4, delays=0.02/0.01/0.88/0.48, dsn=2.0.0, status=sent (250 OK id=1UajkQ-0000sB-4j)
I shouldn't actually copy/paste the email addresses and URLs here, but trust me that they are super sketchy looking: SEO, weight loss, "golf tips 4 u", and unrecognized hotmail/gmail accounts. Am I misreading my mail logs, or is my server sending out emails to these super sketchy-looking addresses?
These show up at a rate of only 5 to 10 a day; I would expect more outbound traffic if my machine was now moonlighting as an evil spam robot.