Editing / deleting 'mailman' cron

[Notawiz]

Hello everybody,

In the filesystem of our VPS I found
/var/spool/cron/mailman

listing several cron jobs to be ran on behalf of 'mailman' (which we don't use anyway).

Does anybody know how to edit or delete this, since it does not appear in the crontab of the HSPc control panel?
Especially since it runs every 5 minutes (Every 5 mins, try to gate news to mail.)!!!

Thanks.

[WHSP-Mark M]

Hi Notawiz,

Thanks for your post. We have had a few people run into this odd issue as well and although we have been unable to prove this as of yet,  we believe the issue is a glitch between HSPComplete and the way it handles Mailman..

Our reasoning behind this, is in the information we gather from the clients is that this is the only application that randomly adds itself as a cronjob on the selected server. We then check the corresponding access logs and there is no one logged into any type of shell at this time on this account and we certainly would not enable such a feature.

To resolve this matter, simply sign into your WebHSP HSPComplete Control Pannel and select the mailman icon and make sure it is in fact disabled. If it is disabled and you
still recieve these notices, by all means, please open a ticket and we will be happy to look into this for you .

Warm Regards,
Mark
WebHSP Support Team.

[Notawiz]

Hello Mark,

Well, when I wanted to uninstall 'mailman' in my HSPc control panel, I got a warning that it was insecure to do so.
That scared me enough for not proceeding with the uninstall.

What's funny, though, is that the creation date of the mailman cronjob file is in November, 2005, there where our VPS account was activated back in April, 2005.

I'm 100% certain that we did not do this ourselves. So the more that, as I said, these cron jobs for 'mailman' do NOT appear in the crontab on the control panel with our own 'legitimate' crons.

If you can assure me that uninstalling mailman is not insecure, and that I can ignore the warning I received, I shall kill this app.

Kind regards

[jamesy]

Hello Mark,

Well, when I wanted to uninstall 'mailman' in my HSPc control panel, I got a warning that it was insecure to do so.
That scared me enough for not proceeding with the uninstall.

What's funny, though, is that the creation date of the mailman cronjob file is in November, 2005, there where our VPS account was activated back in April, 2005.

I'm 100% certain that we did not do this ourselves. So the more that, as I said, these cron jobs for 'mailman' do NOT appear in the crontab on the control panel with our own 'legitimate' crons.

If you can assure me that uninstalling mailman is not insecure, and that I can ignore the warning I received, I shall kill this app.

Kind regards

[snapback]344[/snapback]

Hello Notawiz,

Mailman is simply a mailing list administration program. I can't fathom why disabling it would cause any security problem. You can feel free to disable it.

Regards,

James @ WebHSP

[Notawiz]

Hello James,

Jeez, forgot about that post.
I indeed disabled the damn thing some time later, but anyhow, the warning message came from within HSP complete control panel.

By the way, disabled almost all applications today, as we were victim of an exploit yesterday night.
Even if we never used one of these applications anyhow.
Very weird stuff, bounced over 6000 Mail Delivery errors back to me! As this must be the tip of the iceberg, God knows how many got through. Enough to label us at www.xquisitus.com as spammers.

But your collegue Ricky blocked the exploit. Makes me think, did he also delete the exploit scripts from the /tmp/ folder?

Regards.

Jan (Notawiz being only a handle).

Hello Notawiz,

Mailman is simply a mailing list administration program. I can't fathom why disabling it would cause any security problem. You can feel free to disable it.

Regards,

James @ WebHSP

[snapback]379[/snapback]

[jamesy]

Hello James,

Jeez, forgot about that post.
I indeed disabled the damn thing some time later, but anyhow, the warning message came from within HSP complete control panel.

By the way, disabled almost all applications today, as we were victim of an exploit yesterday night.
Even if we never used one of these applications anyhow.
Very weird stuff, bounced over 6000 Mail Delivery errors back to me! As this must be the tip of the iceberg, God knows how many got through. Enough to label us at www.xquisitus.com as spammers.

But your collegue Ricky blocked the exploit. Makes me think, did he also delete the exploit scripts from the /tmp/ folder?

Regards.

Jan (Notawiz being only a handle).

[snapback]382[/snapback]

Hi Jan

I checked the tmp folder, and the files are there, but they do not have any permissions, which means they cannot be used. If you login as the "root" user to your server, you can delete them if you wish.

James @ WebHSP