Re: [IMail Forum] Some is hijacking my server

Fri, 13 Apr 2007 21:20:11 -0700 

Change the password for root. It's probably "password"


  ----- Original Message ----- 
  From: florida.com 
  To: [EMAIL PROTECTED] 
  Sent: Friday, April 13, 2007 4:29 PM
  Subject: [IMail Forum] Some is hijacking my server


  What is going on here?  

  My log file is huge-  

  Relay is set for NO--  

  It looks like someone logged as ROOT and is sending SPAM

  However user ROOT  is disabled


  see ----- >  (90bf089a00005822)







  04:13 10:16 SMTPD(90bf089a00005822) [209.208.92.68] connect 64.40.84.126 port 
1970
  04:13 10:16 SMTPD(90bf089a00005822) [ 64.40.84.126] EHLO User
  04:13 10:16 SMTPD(90bf089a00005822) Authenticated [EMAIL PROTECTED], session 
treated as local.
  04:13 10:16 SMTPD(90bf089a00005822) [ 64.40.84.126] MAIL FROM:<[EMAIL 
PROTECTED]>
  04:13 10:16 SMTPD(90bf089a00005822) [64.40.84.126] RCPT TO:< [EMAIL 
PROTECTED]>
  04:13 10:16 SMTPD(90bf089a00005822) [x] looking up yahoo.com in HOSTS
  04:13 10:16 SMTPD(90bf089a00005822) [64.40.84.126] 
d:\IMAIL\spool\D90bf089a00005822.SMD 4409 
  04:13 10:16 SMTP-(90bf089a00005822) processing 
d:\IMAIL\spool\Q90bf089a00005822.SMD
  04:13 10:16 SMTP-(90bf089a00005822) Authed User root@
  04:13 10:16 SMTP-(90bf089a00005822) sender < [EMAIL PROTECTED]>
  04:13 10:16 SMTP-(90bf089a00005822) recip is <[EMAIL PROTECTED]>
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up yahoo.com in HOSTS and MX
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up yahoo.com in HOSTS and MX
  04:13 10:16 SMTP-(90bf089a00005822) closed 
d:\IMAIL\spool\_90bf089a00005822.~MD - 1 
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up   in HOSTS and MX
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up   in HOSTS and MX
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up   by stack
  04:13 10:16 SMTP-(90bf089a00005822) [x] looking up   by stack 
  04:13 10:16 SMTP-(90bf089a00005822) R<[EMAIL PROTECTED]> - 1
  04:13 10:16 SMTP-(90bf089a00005822) [x] doing direct send yahoo.com
  04:13 10:16 SMTP-(90bf089a00005822) Trying yahoo.com (0)
  04:13 10:16 SMTP-(90bf089a00005822) [x] Connecting socket to service <SMTP> 
on host <yahoo.com > using protocol <tcp>
  04:13 10:16 SMTP-(90bf089a00005822) [x] using source IP for atlanticcity.com 
[209.208.92.68]
  04:13 10:16 SMTP-(90a9000004a43816) 220 
*********************************************************2***0 ***** 
  04:13 10:16 SMTP-(90a9000004a43816) Connect azfcu.org [64.140.179.115:25] (1)
  04:13 10:16 SMTP-(90a9000004a43816) >EHLO atlanticcity.com
  04:13 10:16 SMTP-(90bf089a00005822) 220 mta505.mail.mud.yahoo.com ESMTP YSmtp 
service ready
  04:13 10:16 SMTP-(90bf089a00005822) Connect yahoo.com [209.191.118.103:25] (1)
  04:13 10:16 SMTP-(90bf089a00005822) >EHLO atlanticcity.com
  04:13 10:16 SMTP-(90bf089a00005822) 250-mta505.mail.mud.yahoo.com
  04:13 10:16 SMTP-(90bf089a00005822) 250-8BITMIME
  04:13 10:16 SMTP-(90bf089a00005822) 250-SIZE 31981568
  04:13 10:16 SMTP-(90bf089a00005822) 250 PIPELINING 
  04:13 10:16 SMTP-(90bf089a00005822) >MAIL FROM:<[EMAIL PROTECTED]> SIZE=4409
  04:13 10:16 SMTP-(90bf089a00005822) 250 sender < [EMAIL PROTECTED]> ok
  04:13 10:16 SMTP-(90bf089a00005822) >RCPT To:<[EMAIL PROTECTED]>
  04:13 10:16 SMTP-(90a9000004a43816) 500 Unknown or unimplemented command 
  04:13 10:16 SMTP-(90a9000004a43816) >HELO atlanticcity.com
  04:13 10:16 SMTP-(90bf089a00005822) 250 recipient <[EMAIL PROTECTED] > ok
  04:13 10:16 SMTP-(90bf089a00005822) >DATA
  04:13 10:16 SMTP-(90bf089a00005822) 354 go ahead
  04:13 10:16 SMTP-(90bf089a00005822) >.
  04:13 10:16 SMTP-(90a9000004a43816) 250 OK
  04:13 10:16 SMTP-(90a9000004a43816) >MAIL FROM:<> 
  04:13 10:16 SMTP-(90bf089a00005822) 451 Message temporarily deferred - [170]
  04:13 10:16 SMTP-(90bf089a00005822) Body of message generated response from 
the SMTP server on yahoo.com: 451 Message temporarily deferred - [170] 
  04:13 10:16 SMTP-(90bf089a00005822) SMTP_DELIV_FAILED
  04:13 10:16 SMTP-(90bf089a00005822) >QUIT
  04:13 10:16 SMTP-(90a9000004a43816) 250  OK
  04:13 10:16 SMTP-(90a9000004a43816) >RCPT To:< [EMAIL PROTECTED]>
  04:13 10:16 SMTP-(90bf089a00005822) 221 mta505.mail.mud.yahoo.com
  04:13 10:16 SMTP-(90bf089a00005822) [u] closing socket (u)
  04:13 10:16 SMTP-(90bf089a00005822) R< [EMAIL PROTECTED]> - 4
  04:13 10:16 SMTP-(90bf089a00005822) [x] doing gatesend
  04:13 10:16 SMTP-(90bf089a00005822) Trying   (1)
  04:13 10:16 SMTP-(90bf089a00005822) [x] Connecting socket to service <SMTP> 
on host < > using protocol <tcp> 
  04:13 10:16 SMTP-(90bf089a00005822) [x] using source IP for atlanticcity.com 
[209.208.92.68]
  04:13 10:16 SMTP-(90bf089a00005822) ERR no address " " 
  04:13 10:16 SMTP-(90bf089a00005822) SMTP connection failed for host  
  04:13 10:16 SMTP-(90bf089a00005822) R<[EMAIL PROTECTED]> - 5
  04:13 10:16 SMTP-(90bf089a00005822) R< [EMAIL PROTECTED]> - 5
  04:13 10:16 SMTP-(90bf089a00005822) requeuing 
d:\IMAIL\spool\Q90bf089a00005822.SMD R0 T1
  04:13 10:16 SMTP-(90bf089a00005822) finished 
d:\IMAIL\spool\Q90bf089a00005822.SMD status=3

Reply via email to