On Wed, 4 Apr 2001, at 11:49 (GMT -0400), Hal Burgiss wrote:
> On Tue, Apr 03, 2001 at 02:28:08PM -0500, Mitchell Henderson wrote:
> > Hi,
> > I don't know if you could call it new, it's really a combo of
> > everything that we've seen as of late.
>
> Check this out:
>
> ==================================================================
>
> >From [EMAIL PROTECTED] Wed Apr 4 09:53:23 2001
> Date: Wed, 04 Apr 2001 18:38:49 +0800
> From: Leo <[EMAIL PROTECTED]>
> Newsgroups:
>alt.os.linux,comp.os.linux.misc,alt.linux,comp.os.linux.help,comp.os.linux
> Subject: PLEASE HELP!, MY LINUX have been HACKED~
> NNTP-Posting-Host: vp170207.nte.uac1.hknet.com
>
> Dear all,
>
> Today I turn on my linux and I recieved a mail from sendmail
> regarding a failed message posted to someone in @sina.com . SO i check
> it out and it basically it says the following:
>
> ---------- Forwarded message ----------
> Date: Wed, 4 Apr 2001 03:15:21 +0800
> From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Warning: could not send message for past 4 hours
>
> **********************************************
> ** THIS IS A WARNING MESSAGE ONLY **
> ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
> **********************************************
>
> The original message was received at Tue, 3 Apr 2001 21:57:12 +0800
> from root@localhost
>
> ----- The following addresses had transient non-fatal errors -----
> [EMAIL PROTECTED]
>
> ----- Transcript of session follows -----
> 451 4.4.1 timeout writing message to smtp.hknet.com
> [EMAIL PROTECTED] Deferred
> Warning: message still undelivered after 4 hours
> Will keep trying until message is 5 days old
>
> After reading that message, I was curious because I never use ROOT to
> send message out and aparently, that
> "[EMAIL PROTECTED]" looks very unfamilar to me. So i am positive that I
> didn't send such message. Inside the message
> I found two attachment, one dat file and the other text file,..
> Unfortunetly, when I read the text fileI see ALL the confidential
> information all my system all pasted in there. The format looks
> something like this:
>
> /**************************HOST IP*****************************/
> and then i see the whole ifconfig pasted here. then..
> /**************************PS*********************************/
> i see ps -aux, then
> /**************************HISTORY***************************/
> root's command history.. then
> /************************HOSTS*****************************/
> host file, AND EVEN
> /************************PASSWD***************************/
> passwd file , with ROOTS and all users' password unecrypted!!!!
>
>
> I use redhat 7 and i'm sure i have shadow + md5 password enabled.
>
> If anyone have any idea what's going wrong , please let me know and
> how am i getting the file. I know that sina provide freemail service
> but it has an extension of sinaman.com or sinagirl.com, but NOT
> sina.com is that why i am getting the mail bounced back???
>
>
> Any help would be appreciated. Thank you very much !
> Leo
>
> =================================================================
>
>
>
> Unencrypted passwords????
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Total idiot here, but this should not be possible, should it ?
I'm very serious, was that email authentic, is what that guy discribed
possible ??
--
If Bill Gates had a dime for every time a Windows box crashed...
..., Oh wait, he already does.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
