After running lsof -i on my Centos 6.6 server I spotted the following line:
smtpd 38886 postfix 25u IPv4 11990271 0t0 TCP hosting.mydomain.com: smtp->server4.soproseuprazer.com:51973 (ESTABLISHED)
Is this malware? and how do I get rid of it?
lsof -i port entry and how to remove it
Re: lsof -i port entry and how to remove it
server4.soproseuprazer.com is busy sending email to your server. This does not look malware to me.
Re: lsof -i port entry and how to remove it
How to stop it - stop sending them email!
You can query who their mail server is by using the command: dig @8.8.8.8 IN MX soproseuprazer.com (which'll query Google's DNS server).
You can find out information about the company by using whois (although that is not guaranteed).
You can query who their mail server is by using the command: dig @8.8.8.8 IN MX soproseuprazer.com (which'll query Google's DNS server).
You can find out information about the company by using whois (although that is not guaranteed).