The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/var/spool/samba/.mc/timecheck??

Discussion in 'General Discussion' started by nurseryboy, May 13, 2005.

  1. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    I'm getting an email sent to the "nobody" account every 10 mins (started about 12 hours ago). Could someone please explain to me what it means?

    Now, obviously I don't have the "nobody" emails going anywhere, and /var/spool/samba/.mc/timecheck cannot be found.

    What I would like to know, though, is what is this "timecheck" is used for.. and what would be calling it?

    Thanks a bunch,

    Matt
     
    #1 nurseryboy, May 13, 2005
  2. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Ok.. after from grepping around, I found that it was in a cron file for the user "nobody" (in /var/spool/cron/nobody). Any reason why this would be needed? What is it for?

    Thanks,

    Matt
     
    #2 nurseryboy, May 13, 2005
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That looks like a server exploit. You shouldn't have hidden directories in the samba log directory, neither should you have a nobody crontab if you didn't set it up. Sounds like you've had someone exploit a vulnerable php script and install some software which could be doing anything from sending our spam to being part of a DDOS attack somewhere. You need to clean up the server and lock it down, or get someone to do it for you.
     
    #3 chirpy, May 14, 2005
  4. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    I think so, the massage have nothig to to with
    eMail and Chrontab.

    More you send a email over SAMBA and the receiver
    dosen`t exist.

    Time out message of the chron deamon :rolleyes: .
     
    #4 Kerstin, May 14, 2005
  5. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Ok. I commented out the cronjob entry and the emails have stopped. So that was definitely what the source of the emails was. I just removed the nobody cron, and set it up again with chattr -i. Don't know if that will stop anything from modifying it or not.

    I'll start having someone clean up the server too..
     
    #5 nurseryboy, May 14, 2005
  6. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    The comment are not importand ;) when you send a eMail
    over SAMBA (Mail-Function) ,user directorys not exist and
    hidden directorys not viewable.
     
    #6 Kerstin, May 15, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - spool samba timecheck
  1. OooLong

    Safe to remove /var/spool/exim/input, msglog?

    OooLong, Apr 15, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    158
    cPanelMichael
    Apr 17, 2017

Share This Page