[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] HELP!! Somebody is spamming through my box!
- Subject: [cobalt-users] HELP!! Somebody is spamming through my box!
- From: Chip <chip@xxxxxxxxxx>
- Date: Wed Sep 12 12:06:30 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I just checked the admin logs, and found hundreds of messages like the
following. I know that I have relaying turned off, I'm using
pop-before-smtp for security, and I've got all of the updates installed.
I don't know how to figure out which user is doing this, and I obviously
want to stop it immediately, but have enough clients on the box that I
can't just mail services down.
Here is a small example of what I'm seeing.
Security Violations
=-=-=-=-=-=-=-=-=-=
Sep 9 16:58:56 www PAM_pwdb[24262]: authentication failure; (uid=0) ->
admin for ahttpd service
Sep 9 16:48:25 www sendmail[11725]: QAA11723:
to=corso5@xxxxxxx,abean34@xxxxxxx,huskerhawg@xxxxxxx,bucksfan@xxxxxxx,angeiofsorrow@xxxxxxx,bling02bling@xxxxxxx,rleon2@xxxxxxx,rubertin@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-04.mx.aol.com. [152.163.224.122], stat=Sent (OK)
Sep 9 16:48:25 www sendmail[11729]: QAA11727:
to=baridb2@xxxxxxx,apmiles66@xxxxxxx,broncojcp@xxxxxxx,brettga@xxxxxxx,bbjj007@xxxxxxx,aimes51896@xxxxxxx,beanl6@xxxxxxx,debrn145@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-04.mx.aol.com. [152.163.224.122], stat=Sent (OK)
Sep 9 16:48:38 www sendmail[11757]: QAA11755:
to=fd128@xxxxxxx,elfieldy69@xxxxxxx,dsmale1@xxxxxxx,greenacres1980@xxxxxxx,jvm216@xxxxxxx,icemanlar@xxxxxxx,iebony4life@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mailin-01.mx.aol.com. [152.163.224.26], stat=Sent (OK)
Sep 9 16:48:39 www sendmail[11761]: QAA11759:
to=jackiek85@xxxxxxx,fordtrucktexan@xxxxxxx,dvfrly@xxxxxxx,khaisou@xxxxxxx,fulhrd699@xxxxxxx,kenshin29@xxxxxxx,hft8286@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-02.mx.aol.com. [64.12.136.89], stat=Sent (OK)
Sep 9 16:49:53 www sendmail[11819]: QAA11817:
to=haegerklaus@xxxxxxx,gerryke@xxxxxxx,kikiholley@xxxxxxx,e16vball@xxxxxxx,jkid5433@xxxxxxx,fracklerok@xxxxxxx,gnehntng@xxxxxxx,
ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
relay=mailin-01.mx.aol.com. [205.188.156.122], stat=Sent (OK)
Sep 9 16:49:53 www sendmail[11821]: QAA11815:
Any help GREATLY appreciated!!