[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Have I been hacked?
- Subject: Re: [cobalt-users] Have I been hacked?
- From: Rob kennedy <rob@xxxxxxxxx>
- Date: Mon Apr 9 12:36:44 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
'Lame server' isn't anything to worry about.. it's using the true
deffinition of lame, not the slang version ;) I forget what it is
exactly, but when your server tried to reverselookup one of the visitors
to your machine, it got either bad info, or no info from the ip.. so prob
no reverse lookup info ..
Rob
--
Rob Kennedy
ASPRE, Inc.
rkennedy@xxxxxxxxx
http://www.aspre.net/
Managed e-Business that works
---------------------------------
the first exclusive e-Business Application Service Provider (ASP)
t. 215.957.2266 Ext. 2145
f. 215.957.2277
113 Rock Road
Horsham, PA 19044
On Wed, 4 Apr 2001, George Ewing wrote:
> I'm having major probs with my server, keeps dying. Looked at this in my /var/log/messages file - anyone tell me what a 'lame
> server' is?
>
>
> Apr 4 18:55:30 ns named[376]: Lame server on '188.176/28.83.159.210.in-addr.arpa' (in '176/28.83.159.210.in-ad$
> Apr 4 18:55:30 ns named[376]: Lame server on '188.176/28.83.159.210.in-addr.arpa' (in '176/28.83.159.210.in-ad$
> Apr 4 19:00:03 ns proftpd[8473]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - no such user 'anonymous'
> Apr 4 19:00:03 ns proftpd[8473]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - no such user 'anonymous'
> Apr 4 19:00:03 ns proftpd[8473]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - FTP session closed.
> Apr 4 19:03:18 ns named[376]: Cleaned cache of 196 RRsets
> Apr 4 19:03:18 ns named[376]: USAGE 986407398 986396598 CPU=1.89u/0.82s CHILDCPU=0u/0s
> Apr 4 19:03:18 ns named[376]: NSTATS 986407398 986396598 A=745 CNAME=1 SOA=6 PTR=507 MX=215 AAAA=1 ANY=1015
> Apr 4 19:03:18 ns named[376]: XSTATS 986407398 986396598 RR=1898 RNXD=171 RFwdR=1178 RDupR=2 RFail=0 RFErr=0 R$
> Apr 4 19:03:35 ns named[376]: Response from unexpected source ([194.33.26.136].53)
> Apr 4 19:04:56 ns named[376]: "teknophobe.co.uk IN NS" points to a CNAME (seawest2.seawest.net)
> Apr 4 19:04:56 ns named[376]: "backwell.bristol.sch.uk IN MX" points to a CNAME (mail.backwell.bristol.sch.uk)
> Apr 4 19:05:17 ns named[376]: "worldpop.com IN MX" points to a CNAME (backup.worldpop.com)
> Apr 4 19:05:17 ns named[376]: Lame server on 'west-thames.ac.uk' (in 'west-thames.AC.uk'?): [193.63.106.103].5$
> Apr 4 19:15:04 ns proftpd[9156]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - no such user 'anonymous'
> Apr 4 19:15:04 ns proftpd[9156]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - no such user 'anonymous'
> Apr 4 19:15:04 ns proftpd[9156]: ns.top-graphics.co.uk (localhost[127.0.0.1]) - FTP session closed.
> Apr 4 19:21:22 ns named[376]: Lame server on '66.67.40.213.in-addr.arpa' (in '40.213.in-addr.arpa'?): [193.0.0$
> Apr 4 19:23:07 ns sshd[9491]: Accepted password for admin from 62.31.233.33 port 1862
> Apr 4 19:23:08 ns PAM_pwdb[9491]: (sshd) session opened for user admin by (uid=0)
> Apr 4 19:23:16 ns PAM_pwdb[9527]: (su) session opened for user root by admin(uid=110)
>
> George Ewing
> Director
> Top Host Ltd
>
> Tel: 0870 7872193
> Fax: 0870 7872194
> email: george@xxxxxxxxxxxx
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>