[MDaemon-L] aktivitas account email yang mencurigakan

irwan rj Sun, 18 Dec 2011 21:08:43 -0800

Selamat siang pak Syafril,


Mohon pencerahannya.

 

Salah satu user kami disini, dilihat bahwa ada aktivitas mencurigakan dari
account email tersebut ([email protected]).

Setiap 2-5 menit account tersebut entah itu mengirimkan email atau yang
lain, yang pasti selalu ada aktivitas yang hampir sama dilakukan oleh
account tersebut.

Dibawah ini salah satu dari Log yang saya copy, mungkin bisa membantu untuk
analisanya.

 

Mungkin ada hubungannya atau tidak, terkadang ada email yang dikirimkan oleh
account [email protected] tersebut, terlambat sampai 2 hari (sudah terjadi
ke 3 kalinya).

 

Terima kasih atas perhatian dan bantuannya.

 

Logs:

 

Sat 2011-12-17 16:27:21: Session 8324; child 1; thread 5696

Sat 2011-12-17 16:27:20: Accepting SMTP connection from [182.6.91.202:56009]

Sat 2011-12-17 16:27:20: --> 220 k3m.biz ESMTP MSA MDaemon 10.0.2; Sat, 17
Dec 2011 16:27:20 +0700

Sat 2011-12-17 16:27:21: <-- EHLO [182.6.91.202]

Sat 2011-12-17 16:27:21: --> 250-k3m.biz Hello [182.6.91.202], pleased to
meet you

Sat 2011-12-17 16:27:21: --> 250-AUTH=LOGIN

Sat 2011-12-17 16:27:21: --> 250-AUTH LOGIN CRAM-MD5

Sat 2011-12-17 16:27:21: --> 250-8BITMIME

Sat 2011-12-17 16:27:21: --> 250 SIZE 10000000

Sat 2011-12-17 16:27:21: <-- MAIL FROM:<[email protected]>

Sat 2011-12-17 16:27:21: --> 530 Authentication required

Sat 2011-12-17 16:27:21: <-- QUIT

Sat 2011-12-17 16:27:21: --> 221 See ya in cyberspace

Sat 2011-12-17 16:27:21: SMTP session terminated (Bytes in/out: 59/255)

Sat 2011-12-17 16:27:21: ----------

Sat 2011-12-17 16:27:22: Session 8326; child 1; thread 3616

Sat 2011-12-17 16:27:21: Accepting SMTP connection from [182.6.91.202:56010]

Sat 2011-12-17 16:27:21: --> 220 k3m.biz ESMTP MSA MDaemon 10.0.2; Sat, 17
Dec 2011 16:27:21 +0700

Sat 2011-12-17 16:27:21: <-- EHLO [182.6.91.202]

Sat 2011-12-17 16:27:21: --> 250-k3m.biz Hello [182.6.91.202], pleased to
meet you

Sat 2011-12-17 16:27:21: --> 250-AUTH=LOGIN

Sat 2011-12-17 16:27:21: --> 250-AUTH LOGIN CRAM-MD5

Sat 2011-12-17 16:27:21: --> 250-8BITMIME

Sat 2011-12-17 16:27:21: --> 250 SIZE 10000000

Sat 2011-12-17 16:27:22: <-- MAIL FROM:<[email protected]>

Sat 2011-12-17 16:27:22: --> 530 Authentication required

Sat 2011-12-17 16:27:22: <-- QUIT

Sat 2011-12-17 16:27:22: --> 221 See ya in cyberspace

Sat 2011-12-17 16:27:22: SMTP session terminated (Bytes in/out: 59/255)

Sat 2011-12-17 16:27:22: ----------

Sat 2011-12-17 16:27:25: Session 8327; child 1; thread 4456

Sat 2011-12-17 16:27:23: Accepting SMTP connection from [182.6.91.202:56011]

Sat 2011-12-17 16:27:23: --> 220 k3m.biz ESMTP MSA MDaemon 10.0.2; Sat, 17
Dec 2011 16:27:23 +0700

Sat 2011-12-17 16:27:23: <-- EHLO [182.6.91.202]

Sat 2011-12-17 16:27:23: --> 250-k3m.biz Hello [182.6.91.202], pleased to
meet you

Sat 2011-12-17 16:27:23: --> 250-AUTH=LOGIN

Sat 2011-12-17 16:27:23: --> 250-AUTH LOGIN CRAM-MD5

Sat 2011-12-17 16:27:23: --> 250-8BITMIME

Sat 2011-12-17 16:27:23: --> 250 SIZE 10000000

Sat 2011-12-17 16:27:23: <-- AUTH LOGIN

Sat 2011-12-17 16:27:23: --> 334 VXNlcm5hbWU6

Sat 2011-12-17 16:27:24: <-- d2F0aUBrM20uYml6

Sat 2011-12-17 16:27:24: --> 334 UGFzc3dvcmQ6

Sat 2011-12-17 16:27:24: <-- ******

Sat 2011-12-17 16:27:24: [email protected] account is currently disabled

Sat 2011-12-17 16:27:24: --> 535 Authentication failed

Sat 2011-12-17 16:27:25: Connection closed

Sat 2011-12-17 16:27:25: SMTP session terminated (Bytes in/out: 65/263)

Sat 2011-12-17 17:14:42: ----------

Sat 2011-12-17 17:15:18: Session 8991; child 1; thread 5052

Sat 2011-12-17 17:15:17: Accepting SMTP connection from [182.7.133.55:56071]

Sat 2011-12-17 17:15:17: --> 220 k3m.biz ESMTP MSA MDaemon 10.0.2; Sat, 17
Dec 2011 17:15:17 +0700

Sat 2011-12-17 17:15:17: <-- EHLO [182.7.133.55]

Sat 2011-12-17 17:15:17: --> 250-k3m.biz Hello [182.7.133.55], pleased to
meet you

Sat 2011-12-17 17:15:17: --> 250-AUTH=LOGIN

Sat 2011-12-17 17:15:17: --> 250-AUTH LOGIN CRAM-MD5

Sat 2011-12-17 17:15:17: --> 250-8BITMIME

Sat 2011-12-17 17:15:17: --> 250 SIZE 10000000

Sat 2011-12-17 17:15:18: <-- MAIL FROM:<[email protected]>

Sat 2011-12-17 17:15:18: --> 530 Authentication required

Sat 2011-12-17 17:15:18: <-- QUIT

Sat 2011-12-17 17:15:18: --> 221 See ya in cyberspace

Sat 2011-12-17 17:15:18: SMTP session terminated (Bytes in/out: 59/255)

Sat 2011-12-17 17:15:18: ----------

Sat 2011-12-17 17:15:19: Session 8992; child 1; thread 5912

Sat 2011-12-17 17:15:18: Accepting SMTP connection from [182.7.133.55:56072]

Sat 2011-12-17 17:15:18: --> 220 k3m.biz ESMTP MSA MDaemon 10.0.2; Sat, 17
Dec 2011 17:15:18 +0700

Sat 2011-12-17 17:15:19: <-- EHLO [182.7.133.55]

Sat 2011-12-17 17:15:19: --> 250-k3m.biz Hello [182.7.133.55], pleased to
meet you

Sat 2011-12-17 17:15:19: --> 250-AUTH=LOGIN

Sat 2011-12-17 17:15:19: --> 250-AUTH LOGIN CRAM-MD5

Sat 2011-12-17 17:15:19: --> 250-8BITMIME

Sat 2011-12-17 17:15:19: --> 250 SIZE 10000000

Sat 2011-12-17 17:15:19: <-- MAIL FROM:<[email protected]>

Sat 2011-12-17 17:15:19: --> 530 Authentication required

Sat 2011-12-17 17:15:19: <-- QUIT

Sat 2011-12-17 17:15:19: --> 221 See ya in cyberspace

Sat 2011-12-17 17:15:19: SMTP session terminated (Bytes in/out: 59/255)

 


 <http://www.mas-indo.com/> www.mas-indo.com

Komplek D'Best Fatmawati Blok C19

Jl. RS. Fatmawati No. 15

Jakarta Selatan, 12420, Jakarta

Indonesia

 

LOGO MASINDO.jpg


Irwan R Jazir

        

E-mail:  <mailto:[email protected]> [email protected]

Mobile:+62-8997 80700

Office Line: +62 21 7697070

Fax: +62 21 75901777

<<image001.jpg>>

[MDaemon-L] aktivitas account email yang mencurigakan

Kirim email ke