[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hacked? Was RE: [cobalt-users] ATT Cable changed email addreses, how to find them?
- Subject: Hacked? Was RE: [cobalt-users] ATT Cable changed email addreses, how to find them?
- From: "agility" <webmgr@xxxxxxxxxxxxxxxxxx>
- Date: Mon Jun 30 07:09:00 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> On Mon, 30 Jun 2003, agility wrote:
> > I have quite a few site users that could have been AT&T users.
> > Locally that hast changed their email address from someone@xxxxxxxxx
> > to someone@xxxxxxxxxxx
> >
> > Anyone able to tell me where to locate which users have attbi.com
> > addresses so that I can preempt the phone calls of "I'm not getting my
> > email!"
>
> Scan /etc/virtusertable for attbi
> Maybe /etc/mail/virtusertable, depends on the version of sendmail.
>
> RaQ2 Shell tools:
> ftp://ftp-eng.cobalt.com/pub/users/jeffb/shell-tools/RaQ2-shell-to
> ols-1.1-2.noarch.rpm
Oh Crunch, not a good sign!
My virtusertable contains a lot of entries that I'm sure should not be
there.
such as
MAILER-DAEMON@xxxxxxxxxxxxxxxx
root@xxxxxxxxxxxxxxxx
sys@xxxxxxxxxxxxxxxx
postmaster@xxxxxxxxxxxxxxxx
there are a load of these type of entry in my Virtusertable for several
sites.
are my worst fears correct, I've been hacked big time?
Paul ASI.