[plug] Possible Crack
skribe productions
skribeproductions at gmail.com
Tue Mar 6 13:29:53 WST 2007
Hey folks:
I think my mailserver has been cracked. It's on a fully updated Debian
Sarge running Postfix.
I woke up this morning to find this:
Mar 6 07:56:47 caliban postfix/smtp[7632]: C3B4C42607:
to=<anatoliy at zlat.dp.ua> <anatoliy at zlat.dp.ua>,
relay=webhoster.dp.ua[195.24.144.32], delay=9, status=deferred (host
webhoster.dp.ua[195.24.144.32] refused to talk to me: 421 4.4.5
Directory harvest attack detected)
Now my mail queue is full of:
Mar 6 12:10:12 caliban postfix/smtp[12294]: 7362B42DCC:
to=<bvsuxar at of.racial.attack.com> <bvsuxar at of.racial.attack.com>,
relay=of.racial.attack.com[67.107.40.9], delay=1705, status=deferred
(host of.racial.attack.com[67.107.40.9] refused to talk to me: 554
5.7.1 chifw001.inforte.com Connection not authorized)
Mar 6 12:13:53 caliban postfix/smtp[12239]: 8AACB43170:
to=<job at novattack.com.ua> <job at novattack.com.ua>,
relay=omega.uar.net[194.44.214.39], delay=145, status=bounced (host
omega.uar.net[194.44.214.39] said: 554 5.7.1 Dynamic address
dsl-58-6-5-170.wa.westnet.com.au [58.6.5.170] , use your provider's
SMTP-server (in reply to RCPT TO command))
Mar 6 12:16:50 caliban postfix/qmgr[11082]: 64ED34316E:
from=<sb at art.attack.com> <sb at art.attack.com>, size=5678, nrcpt=4
(queue active)
Suggestions?
skribe
--
One dog said to the other -
http://onedogsaid.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20070306/91663f31/attachment.html>
More information about the plug
mailing list