On 30/11/2007, Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 <kd4efm at kd4efm.org> wrote: > By any chances, have you ran 'ps ax' from root and looked > to see what does not look like it should be there?? > > IF you are willing, paste your 'ps' output for us to > help you find the program that is running and sending out > the emails. > > also review your sendmail rule set. > Next, to help lock down your server a little more > make sure you have set a password on your VNC. Tunnel your VNC over SSH (or SSL?). See http://en.wikipedia.org/wiki/Virtual_Network_Computing#Security about how insecure is the VNC protocol. > I had and Italian 17 year old poking around one > of my Amateur Radio boxes via VNC, simply cause I > forgot to set a vnc password, so it was wide open > like a windoz server box without a login screen, > you know, the good old "I AM OPEN FOR YOUR PLEASURES..." > > Also change your sshd, the port it is on, and do a rule > set that only allows a specific ip to access it. That's a good advise. I have yet to see my non-standard sshd server scanned since I changed it over 3-4 years ago. Same with a private http server. > I think I am correct saying you can do that as well with VNC. See above - the VNC protocol is not secure on its own, but you can tunnel it over secure protocols. > > The other option would be to stop the service all together > IF your not needing it. Of course. That's up in the top ten commandments - stop any service (and remove any package, I would add) that you don't need on the server. --Amos