[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Possibly OT: Maillog entries missing
- Subject: Re: [cobalt-users] Possibly OT: Maillog entries missing
- From: SM <nntp@xxxxxxxxx>
- Date: Fri Jan 4 19:27:01 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
At 13:55 04-01-2002 +0000, Edward Bishop wrote:
>A few hours ago my maillog stopped recording "To" lines, then this morning
>stopped showing POP logins. The "From" line for each email, whether incoming
>or outgoing, still appears, and there are a lot of "Port 110 service init"s.
That sound like the POP3 server is restarting. If I recall correctly,
there was a vulnerability in a version of poprelayd.
>During the day before this happened, a few worrying things appeared in
>messages - for example
>Jan 3 06:04:48 ns ftpd[25875]: ACCESS DENIED (not in any class) TO
>modemcable002.222-203-24.mtl.mc.videotron.ca [24.203.222.2]
Someone tried to access the ftp server.
>Clearly this is some swine scanning for vulnerabilities. I'd be grateful for
>any suggestions as to how I can find out if they've been successful, or
>where I should start looking to find out what's wrong with maillog. I'm
>concerned that the server is being used to send spam and tracks being
>covered.
There is the usual portscans followed by unauthorized attempts to gain
access to the server. First of all, verify whether you have the latest
versions of all services which you are running and that they are configured
so as to be secure. Then verify whether the login and system logs to see
whether there is anything abnormal.
Regards,
-sm