Abuse concept
Aus HS Syswiki
(Unterschied zwischen Versionen)
Tch (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Category:ServerAdmin <b>Actual state:</b> Manuell :- Überlastung des Server (php, courier) :- Spamversand (scripts, sendmail) :- Abuse (Malware, Beschwe…“) |
Tch (Diskussion | Beiträge) |
||
| Zeile 25: | Zeile 25: | ||
<b>Target state:</b> | <b>Target state:</b> | ||
: everything must be trackable (f2b blocks, malware scan!) | : everything must be trackable (f2b blocks, malware scan!) | ||
| − | |||
: redo whole concept, tbd | : redo whole concept, tbd | ||
| + | |||
| + | |||
| + | Microsoft SNDS | ||
| + | https://postmaster.live.com/snds/ | ||
| + | :login: mnaghost@hotmail.com | ||
| + | :pw: 733-mail | ||
Version vom 24. August 2015, 14:07 Uhr
Actual state:
Manuell
- - Überlastung des Server (php, courier)
- - Spamversand (scripts, sendmail)
- - Abuse (Malware, Beschwerden, Copyright usw.)
Automatisch
- - ClamAV (clamscan backupserver)
- - cronjob bkpserver, 0 6 * * * /usr/local/bin/malware-scan.sh > /dev/null 2>&1
- - generate rename script /backup*/malware_blocker.sh
- - cronjob prod, 30 18 * * 1,2,3,4,5 perl /usr/local/bin/antimalware.pl >/dev/null 2>&1
- - get malware_blocker.sh & execute
- - send mail to customer
- - Fail2ban Mailaccounts
- - discarded_spam tag, x5 in 2 minutes, ban 24h
- - /etc/fail2ban/ban_spammer.sh
- - get auhtid, change pw, only local, check ftp/web users:
- - generate mail for customer, /etc/fail2ban/emailsend.pl
- - mailscript_url, http://orderdesk.hoststar.ch/mailbox_spam-h3EJJDIVsjhe084SEhr73S.php";
Target state:
- everything must be trackable (f2b blocks, malware scan!)
- redo whole concept, tbd
Microsoft SNDS
https://postmaster.live.com/snds/
- login: mnaghost@hotmail.com
- pw: 733-mail
