Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exploited mail program/cgi??

Discussion in 'E-mail Discussion' started by myrem, Oct 18, 2003.

  1. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    I was watching the exim log when I saw these entries pop up:

    ------
    2003-10-18 21:37:08 1AB2VI-00049o-KH <= chunsengchen@yahoo.com U=nobody P=local S=2025
    2003-10-18 21:37:08 1AB2VI-00049p-Me <= chunsengchen@yahoo.com U=nobody P=local S=2374
    2003-10-18 21:37:12 1AB2VI-00049p-Me mx2.mail.yahoo.com [64.157.4.78]: Connection refused
    2003-10-18 21:37:13 1AB2VI-00049p-Me => chunsengchen@yahoo.com R=lookuphost T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.6]
    2003-10-18 21:37:13 1AB2VI-00049p-Me Completed
    2003-10-18 21:37:14 1AB2VI-00049o-KH => chiewster@hotmail.com R=lookuphost T=remote_smtp H=mx2.hotmail.com [65.54.254.145]
    2003-10-18 21:37:14 1AB2VI-00049o-KH Completed

    ------

    Does this look to you as it does to me? That somebody just sent a test through a vulnerable mail program on my server??? User: nobody would be a script, yes?

    How can I find what script they used?
     
    #1 myrem, Oct 18, 2003
    Last edited: Oct 18, 2003
  2. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    more..

    Found in the "nobody" relay log in WHM:

    --------

    Anyone have any ideas on how to track this down?
    PHP:
    Time Sent Message Id Sender Destination Size in Bytes 
    2003
    -10-18 22:37:14 1AB2VI-00049o-[email]chunsengchen@yahoo.com[/email] [email]chiewster@hotmail.com[/email2025 
    2003
    -10-18 22:37:13 1AB2VI-00049p-[email]chunsengchen@yahoo.com[/email] [email]chunsengchen@yahoo.com[/email2374 
    2003
    -10-18 20:04:55 1AB07v-0001vh-[email]chunsengchen@yahoo.com[/email] [email]day.chris@spartan.ab.ca[/email1507 
    2003
    -10-18 20:04:54 1AB07v-0001vi-[email]chunsengchen@yahoo.com[/email] [email]chunsengchen@yahoo.com[/email1851 
    2003
    -10-18 19:48:14 1AAzrl-0001eb-[email]chunsengchen@yahoo.com[/email] [email]day.chris@spartan.ab.ca[/email2479 
     
  3. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    166
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice