1H Script alert tracking

Post Reply
sunblock
Junior Member
Posts: 6
Joined: 03 Sep 2012, 20:21

1H Script alert tracking

Post by sunblock »

We are seeing an interesting thing today. We have been hit by a sudden spam attack that seems to be taking advantage of a script tracking problem. The 1H tracking you guys implemented no longer appears to be working. Today we have tracked several outgoing spam issues launched by scripts that have not trigger the usual script alert. We have CSF set to chmod and chattr these scriptsvia LF_SCRIPT_PERM, but the script alert is not being triggered at all. I have verified that script tracking is enabled on all of these servers. The localrelay alert is triggered though and is what has alerted us to this problem. Here are some sample log lines from our exim logs where this has happened, have there been any recent changes to CSF that may have created conflicts with the 1H log formats script tracking ?

The forum is not allowing me to post my log cuts, stating You are not currently authorised to post url links,
sunblock
Junior Member
Posts: 6
Joined: 03 Sep 2012, 20:21

Re: 1H Script alert tracking

Post by sunblock »

Would really appreciate a reply to this.
Post Reply