System hacked???

cDGo

Verified User
Joined
Sep 21, 2012
Messages
84
Hello,

I received this crash report by email:
abrt_version: 2.0.8
cmdline: /usr/sbin/packagekitd
environ: DBUS_STARTER_BUS_TYPE=system
executable: /usr/sbin/packagekitd
kernel: 2.6.32-279.11.1.el6.x86_64
pid: 6545
pwd: /
reason: Process /usr/sbin/packagekitd was killed by signal 6 (SIGABRT)
time: Tue 01 Apr 2014 03:42:52 AM CEST
uid: 0
username: root

Since than one email acount seems to be comprimissed.
It keeps sending spam, in the brute force attack screen, I can see it from both 127.0.0.1 and extarnal IP's and both dovecot1 and exim2.

How can I stop it?
Any help is highly appreciated.
 
It could be a hack, could also be two different problems.

Do you have Selinux running? Could be cause by that kind of crashes too.

About the spam, you need to spit the logfiles where exactly that it's coming from. Install CSF/LFD if not present already.
Check if the spam is coming from an authenticated account, so somebody does login via password on an account via mail and/or webmail and abuses that.
If that is the case, find out which email account it is and change the password.
Tell the customer to clean his pc, not only with a virusscanner but also with tools like Malware Bytes and ADWCleaner (from bleepingcomputer) or let him seek help for that on specialised forums.

But like I said, the first step is to determine where exactly the spam is coming from.
 
it is very problem, DBUS BFD?
yesterday centos release new version of that
please try to upgrade your server
 
Back
Top