Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

/var/spool/samba/.mc/timecheck??

Discussion in 'General Discussion' started by nurseryboy, May 13, 2005.

  1. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    I'm getting an email sent to the "nobody" account every 10 mins (started about 12 hours ago). Could someone please explain to me what it means?

    Now, obviously I don't have the "nobody" emails going anywhere, and /var/spool/samba/.mc/timecheck cannot be found.

    What I would like to know, though, is what is this "timecheck" is used for.. and what would be calling it?

    Thanks a bunch,

    Matt
     
  2. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Ok.. after from grepping around, I found that it was in a cron file for the user "nobody" (in /var/spool/cron/nobody). Any reason why this would be needed? What is it for?

    Thanks,

    Matt
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That looks like a server exploit. You shouldn't have hidden directories in the samba log directory, neither should you have a nobody crontab if you didn't set it up. Sounds like you've had someone exploit a vulnerable php script and install some software which could be doing anything from sending our spam to being part of a DDOS attack somewhere. You need to clean up the server and lock it down, or get someone to do it for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    I think so, the massage have nothig to to with
    eMail and Chrontab.

    More you send a email over SAMBA and the receiver
    dosen`t exist.

    Time out message of the chron deamon :rolleyes: .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Ok. I commented out the cronjob entry and the emails have stopped. So that was definitely what the source of the emails was. I just removed the nobody cron, and set it up again with chattr -i. Don't know if that will stop anything from modifying it or not.

    I'll start having someone clean up the server too..
     
  6. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    The comment are not importand ;) when you send a eMail
    over SAMBA (Mail-Function) ,user directorys not exist and
    hidden directorys not viewable.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice