[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ1: Hacker Login?

Subject: Re: [cobalt-users] RaQ1: Hacker Login?
From: "Franklin S. Werren" <fswerren@xxxxxxxxxxxx>
Date: Wed Mar 15 11:56:34 2000

Title: RE: [cobalt-users] RaQ1: Hacker Login?

It looks like you are the victim of a mail relay

or SPAM!!!

This is how a mass e-mail is done without the

knowelege of the servers owner...

This will also load down your bandwidth...

almost as bad as that DOS a couple of weeks ago...

I do not think RAQ1's can turn off relay

You may need to do a complete upgrade in software to RAQ2 , it's $99 from Cobalt....

Franklin S. Werren, webmaster@xxxxxxxxxxxx www.bagpipes.net
Modem Madness Ringmaster at www.madbbs.com/webring/
ICQ 8556386 or fswerren46 on AOL's IM

Frank's Radio, P.O. Box 990, Sherman NY 14781-0990

For the best ISP in Chautauqua County NY and Warren Co. Pa
go to www.madbbs.com They treat you right.

----- Original Message -----

From: cwickham@xxxxxxxxxxxxxxxx

To: cobalt-users@xxxxxxxxxxxxxxx

Sent: Wednesday, March 15, 2000 2:32 PM

Subject: RE: [cobalt-users] RaQ1: Hacker Login?

That looks like pop connections. But why it is in /var/log/secure I don't know. From what I can tell that looks like nothing to worry about. Just one of your customers poping their mail..... unless you don't have any customers in Italy ;-)

Charlie

-----Original Message-----
From: Erik O [mailto:erik@xxxxxxxxx]
Sent: Wednesday, March 15, 2000 1:28 PM
To: cobalt-users@xxxxxxxxxxxxx; Brian Curtis; Mat Kovach; Joe Kerns
Subject: [cobalt-users] RaQ1: Hacker Login?

I have a few strange logins recorded in /var/log/secure

I can figure out what it is [ipop2d]. Here's the entry...

Mar 13 18:55:37 ns ipop2d[21805]: connect from 207.253.51.131
Mar 13 18:55:37 ns ipop2d[21806]: connect from 207.253.51.131

It has accepted connections from two IP's since the log rotated.

207.253.51.131
130.251.169.187

The last one resolves to ....
Name: ciclamino.dibe.unige.it

I just don't like the looks of this. I can't seem to find this service
running anywhere.

Help? :)

Erik

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

BEGIN:VCARD
VERSION:2.1
N:Werren;Franklin;S
FN:Franklin S Werren
NICKNAME:Frank
ORG:Frank's Radio
TITLE:Owner
TEL;WORK;FAX:716-761-6460
ADR;WORK:;716-753-3500;P.O. Box 990;Sherman;NY;14781-0990
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:716-753-3500=0D=0AP.O. Box 990=0D=0ASherman, NY 14781-0990
X-WAB-GENDER:2
URL:
URL:http://www.bagpipes.net/satellite
BDAY:19550617
EMAIL;PREF;INTERNET:webmaster@xxxxxxxxxxxx
EMAIL;INTERNET:fswerren@xxxxxxxxxxxx
EMAIL;INTERNET:fswerren@xxxxxxxxxx
REV:20000315T195526Z
END:VCARD

References:
- RE: [cobalt-users] RaQ1: Hacker Login?
  - From: cwickham

Prev by Date: [cobalt-users] WARNING. Someone sent you a potential virus or unauthorised code
Next by Date: Re: [cobalt-users] RaQ1: Hacker Login?
Previous by thread: RE: [cobalt-users] RaQ1: Hacker Login?
Next by thread: Re: [cobalt-users] RaQ1: Hacker Login?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index