The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exploited mail program/cgi??

Discussion in 'E-mail Discussions' started by myrem, Oct 18, 2003.

  1. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I was watching the exim log when I saw these entries pop up:

    ------
    2003-10-18 21:37:08 1AB2VI-00049o-KH <= chunsengchen@yahoo.com U=nobody P=local S=2025
    2003-10-18 21:37:08 1AB2VI-00049p-Me <= chunsengchen@yahoo.com U=nobody P=local S=2374
    2003-10-18 21:37:12 1AB2VI-00049p-Me mx2.mail.yahoo.com [64.157.4.78]: Connection refused
    2003-10-18 21:37:13 1AB2VI-00049p-Me => chunsengchen@yahoo.com R=lookuphost T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.6]
    2003-10-18 21:37:13 1AB2VI-00049p-Me Completed
    2003-10-18 21:37:14 1AB2VI-00049o-KH => chiewster@hotmail.com R=lookuphost T=remote_smtp H=mx2.hotmail.com [65.54.254.145]
    2003-10-18 21:37:14 1AB2VI-00049o-KH Completed

    ------

    Does this look to you as it does to me? That somebody just sent a test through a vulnerable mail program on my server??? User: nobody would be a script, yes?

    How can I find what script they used?
     
    #1 myrem, Oct 18, 2003
    Last edited: Oct 18, 2003
  2. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    more..

    Found in the "nobody" relay log in WHM:

    --------

    Anyone have any ideas on how to track this down?
    PHP:
    Time Sent Message Id Sender Destination Size in Bytes 
    2003
    -10-18 22:37:14 1AB2VI-00049o-[email]chunsengchen@yahoo.com[/email] [email]chiewster@hotmail.com[/email2025 
    2003
    -10-18 22:37:13 1AB2VI-00049p-[email]chunsengchen@yahoo.com[/email] [email]chunsengchen@yahoo.com[/email2374 
    2003
    -10-18 20:04:55 1AB07v-0001vh-[email]chunsengchen@yahoo.com[/email] [email]day.chris@spartan.ab.ca[/email1507 
    2003
    -10-18 20:04:54 1AB07v-0001vi-[email]chunsengchen@yahoo.com[/email] [email]chunsengchen@yahoo.com[/email1851 
    2003
    -10-18 19:48:14 1AAzrl-0001eb-[email]chunsengchen@yahoo.com[/email] [email]day.chris@spartan.ab.ca[/email2479 
     
  3. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
Loading...

Share This Page