[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacker activity?
- Subject: Re: [cobalt-users] Hacker activity?
- From: flash22@xxxxxxx
- Date: Tue Feb 20 16:41:25 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 20 Feb 2001, Rodrigo Velasco wrote:
> This is a piece of my last downloaded log-file from my Raq4i, I'm just
> ns.mydomain.com 127.0.0.1 - - [19/Feb/2001:04:30:00 -0300] "HEAD / HTTP" 200
Normal, active monitor checking that your web server is working....
> Feb 18 09:30:01 ns proftpd[22666]: ns.rvhost.net (localhost[127.0.0.1]) -
Normal "" checking ftp
> Feb 18 10:11:54 ns named[444]: Cleaned cache of 0 RRsets
> Feb 18 10:11:54 ns named[444]: USAGE 982501914 982125691 CPU=0.41u/0.27s
Normal..statistics about your nameserver...
> Feb 18 10:15:03 ns telnetd[24555]: ttloop: read: Broken pipe
Normal...checking telnet works...
> Feb 19 22:00:00 ns imapd[14801]: imap service init from 127.0.0.1
> Feb 19 22:00:00 ns imapd[14801]: Logout user=??? host=localhost [127.0.0.1]
Normal... checking imap works
> Feb 19 22:00:01 ns sendmail[14803]: NOQUEUE: localhost [127.0.0.1] did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Normal checking sendmail works...griping a bit because sendmail now
complains when you connect and don't send any mail..
> Of course it's not me who is accessing the server every 15 minutes from last
> December around the clock.
> I don't know if this kind of activity is normal or not (looks very
> suspicious to me).
Nope, perfectly normal (127.0.0.1 is the internal loopback address, used
when something inside your machine wants to connect to something else in
your machine)
gsh