How many IP addresses are assigned to that machine? Several people here have mentioned that multiple IP machines get the messenger spam for each IP. Fun, eh?
-Kevin > -----Original Message----- > From: Al Musella, DPM [mailto:musella@;virtualtrials.com] > Sent: Wednesday, November 13, 2002 1:12 PM > To: CF-Server > Subject: RE: Server Security Breach > > > > I am not so sure that this is totally innocuous. > My server has been running nicely for at least the last year or so - no > reboots needed except for installing patches, except for 2 problems: > > This morning. I wake up and find all of my websites are down. The > logs are > full of hundreds of this one error: > > "208.206.10.19" > "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" > "unknown exception condition > Error occured for unknown cause. > Date/Time: 11/13/02 07:02:11 > Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) > Remote Address: 208.206.10.19 > > So I log onto the server, and there are hundreds of pop up alerts saying: > --------------------- > Application popup: Messenger Service > Message from CAUTION to 208.206.10.16 on 11/12/2002 6:25:47 AM > > SECURITY ALERT! > > YOUR COMPUTER IS RECORDING!! > > Currently Recorded Items... > > * Instant Messages > * Chat Sessions > * Websites Visited > * Pop-Ups Loaded > * Pictures in YOUR Email & on your hard drive > * Started & Finished Downloads > * Your Credit Card Information > * Your Home Address & Phone > (Do you have Autocompleted turned on?) > > For Information on how to BEST protect yourself, > send an empty email to: > > [EMAIL PROTECTED] > ------------------- > The logs show that the cold fusion service restarted itself a LOT of > time, and that didn't help. > I manually restarted the cold fusion services as well as the web > services, and that didn't help. > I had to reboot, and that fixed the problem. > > A similar thing happened about a week ago. > > Could be a coincidence, but until these messages happened, I had > no problem. > Al > > > > > > > > >The link Howie posted is a good description of the problem. As it states, > >you can disable the Messenger service to prevent this. Or, you can just > >click "OK" and ignore it, frankly - it can't really do anything to the > >machine. > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
