Abuse concept
Aus HS Syswiki
Version vom 24. August 2015, 14:11 Uhr von Tch (Diskussion | Beiträge)
Actual state:
Manuell
- - Überlastung des Server (php, courier)
- - Spamversand (scripts, sendmail)
- - Abuse (Malware, Beschwerden, Copyright usw.)
Automatisch
- - ClamAV (clamscan backupserver)
- - cronjob bkpserver, 0 6 * * * /usr/local/bin/malware-scan.sh > /dev/null 2>&1
- - generate rename script /backup*/malware_blocker.sh
- - cronjob prod, 30 18 * * 1,2,3,4,5 perl /usr/local/bin/antimalware.pl >/dev/null 2>&1
- - get malware_blocker.sh & execute
- - send mail to customer
- - Fail2ban Mailaccounts
- - discarded_spam tag, x5 in 2 minutes, ban 24h
- - /etc/fail2ban/ban_spammer.sh
- - get auhtid, change pw, only local, check ftp/web users:
- - generate mail for customer, /etc/fail2ban/emailsend.pl
- - mailscript_url, http://orderdesk.hoststar.ch/mailbox_spam-h3EJJDIVsjhe084SEhr73S.php";
Target state:
- everything must be trackable (f2b blocks, malware scan!)
- redo whole concept, tbd
Microsoft SNDS
https://postmaster.live.com/snds/
- login: mnag-host@hotmail.com
- pw: 733-mail