The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Have I been hacked

Discussion in 'General Discussion' started by andyorourke, Sep 5, 2004.

  1. andyorourke

    andyorourke Member

    Joined:
    Dec 17, 2003
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    I keep getting hundreds of returned mail (see below) Any advice welcome!
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    xxxxxxx@investing4you2win.com
    unrouteable mail domain "investing4you2win.com"

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <nobody@server1.monstermailz.com>
    Received: from nobody by server1.monstermailz.com with local (Exim 4.41)
    id 1C42uw-00088J-TG
    for xxxxxxx@investing4you2win.com; Sun, 05 Sep 2004 15:43:14 -0400
    To: xxxxxx@investing4you2win.com
    Subject: Real-Time E-Gold/INTGold/EVO Profits. Real-Time Payouts. Up to 350%.
    From: tom.json50b2@hvc.rr.com
    Reply-To: tom.json50b2@hvc.rr.com
    X-Mailer: Outlook 5.0025.005714
    Message-Id: <E1C42uw-00088J-TG@server1.monstermailz.com>
    Date: Sun, 05 Sep 2004 15:43:14 -0400

    HELLO!

    Would you like to receive E-Gold, INTGold or EVOCash profits every Minute doing nothing? This New Totally Passive Income scheme is your freeway to freedom. You can earn Profits every Minute and receive up to 350% of your initial deposit!

    Check this out: http://www.freedomfund.biz/?ref=TraderTom2

    This is truly unique opportunity both for individuals and business clients. Profits are credited in REAL-TIME and you can WITHDRAW Every MINUTE. This program utilizes FULLY AUTOMATED payment processing software so theres no delay in payments and no other problems!


    This header doesnt look like the normal headers from my mailing lists, it also doesnt look like any header from my users email accounts. I did a scan for trojans and I found loads of things that dont show on my other server.:


    Appears Clean
    /dev/stderr
    Scanning for Trojan Horses.....
    Possible Trojan - /sbin/rpc.lockd
    Possible Trojan - /sbin/rpc.statd
    Possible Trojan - /sbin/rpcdebug
    Possible Trojan - /usr/sbin/exportfs
    Possible Trojan - /usr/sbin/nhfsstone
    Possible Trojan - /usr/sbin/rpc.mountd
    Possible Trojan - /usr/sbin/rpc.nfsd
    Possible Trojan - /usr/sbin/showmount
    Possible Trojan - /usr/share/redhat-config-network/neat-control.py
    Possible Trojan - /usr/share/redhat-config-network/netconf-cmd.py
    Possible Trojan - /usr/share/redhat-config-network/netconf-tui.py
    Possible Trojan - /usr/share/redhat-config-network/netconf.py
    Possible Trojan - /usr/share/redhat-config-network/version.py
    Possible Trojan - /usr/bin/gpg
    Possible Trojan - /usr/bin/gpgsplit
    Possible Trojan - /usr/bin/gpgv
    Possible Trojan - /usr/lib/gnupg/gpgkeys_ldap
    Possible Trojan - /lib/security/pam_smb_auth.so
    Possible Trojan - /usr/kerberos/lib/libcom_err.so.3.0
    Possible Trojan - /usr/kerberos/lib/libdes425.so.3.0
    Possible Trojan - /usr/kerberos/lib/libdyn.so.1.0
    Possible Trojan - /usr/kerberos/lib/libgssapi_krb5.so.2.2
    Possible Trojan - /usr/kerberos/lib/libgssrpc.so.3.0
    Possible Trojan - /usr/kerberos/lib/libk5crypto.so.3.0
    Possible Trojan - /usr/kerberos/lib/libkadm5clnt.so.5.0
    Possible Trojan - /usr/kerberos/lib/libkadm5srv.so.5.0
    Possible Trojan - /usr/kerberos/lib/libkdb5.so.3.2
    Possible Trojan - /usr/kerberos/lib/libkrb4.so.2.0
    Possible Trojan - /usr/kerberos/lib/libkrb5.so.3.1
    Possible Trojan - /usr/kerberos/lib/libpty.so.1.2
    Possible Trojan - /usr/bin/ssh-keygen
    Possible Trojan - /usr/libexec/openssh/ssh-keysign
    Possible Trojan - /usr/lib/python2.2/site-packages/rhpl/_diskutil.so
    Possible Trojan - /usr/lib/python2.2/site-packages/rhpl/_translate.so
    Possible Trojan - /usr/lib/python2.2/site-packages/rhpl/ethtool.so
    Possible Trojan - /usr/lib/python2.2/site-packages/rhpl/iconv.so
    Possible Trojan - /sbin/ip
    Possible Trojan - /sbin/rtmon
    Possible Trojan - /sbin/tc
    Possible Trojan - /usr/sbin/rtacct
    Possible Trojan - /usr/bin/rsync
    Possible Trojan - /bin/grep
    Possible Trojan - /bin/bash
    Possible Trojan - /usr/bin/bashbug
    Possible Trojan - /usr/bin/scp
    Possible Trojan - /usr/bin/sftp
    Possible Trojan - /usr/bin/ssh
    Possible Trojan - /usr/bin/ssh-add
    Possible Trojan - /usr/bin/ssh-agent
    Possible Trojan - /usr/bin/ssh-keyscan
    Possible Trojan - /usr/sbin/tcpdump
    Possible Trojan - /usr/bin/lftp
    Possible Trojan - /usr/lib/lftp/2.6.3/cmd-mirror.so
    Possible Trojan - /usr/lib/lftp/2.6.3/cmd-sleep.so
    Possible Trojan - /usr/lib/lftp/2.6.3/libnetwork.so
    Possible Trojan - /usr/lib/lftp/2.6.3/proto-file.so
    Possible Trojan - /usr/lib/lftp/2.6.3/proto-fish.so
    Possible Trojan - /usr/lib/lftp/2.6.3/proto-ftp.so
    Possible Trojan - /usr/lib/lftp/2.6.3/proto-http.so]
    Possible Trojan - /usr/bin/slocate
    Possible Trojan - /bin/basename
    Possible Trojan - /bin/cat
    Possible Trojan - /bin/chgrp
    Possible Trojan - /bin/chmod
    Possible Trojan - /bin/chown
    Possible Trojan - /bin/cp
    Possible Trojan - /bin/cut
    Possible Trojan - /bin/date
    Possible Trojan - /bin/dd
    Possible Trojan - /bin/df
    Possible Trojan - /bin/echo
    Possible Trojan - /bin/env
    Possible Trojan - /bin/false
    Possible Trojan - /bin/link
    Possible Trojan - /bin/ln
    Possible Trojan - /bin/ls
    Possible Trojan - /bin/mkdir
    Possible Trojan - /bin/mknod
    Possible Trojan - /bin/mv
    Possible Trojan - /bin/nice
    Possible Trojan - /bin/pwd
    Possible Trojan - /bin/rm
    Possible Trojan - /bin/rmdir
    Possible Trojan - /bin/sleep
    Possible Trojan - /bin/sort
    Possible Trojan - /bin/stty
    Possible Trojan - /bin/su
    Possible Trojan - /bin/sync
    Possible Trojan - /bin/touch
    Possible Trojan - /bin/tru
    Possible Trojan - /bin/uname
    Possible Trojan - /bin/unlink
    Possible Trojan - /usr/bin/cksum
    Possible Trojan - /usr/bin/comm
    Possible Trojan - /usr/bin/csplit
    Possible Trojan - /usr/bin/dir
    Possible Trojan - /usr/bin/dircolors
    Possible Trojan - /usr/bin/dirname
    Possible Trojan - /usr/bin/du
    Possible Trojan - /usr/bin/expand
    Possible Trojan - /usr/bin/expr
    Possible Trojan - /usr/bin/factor
    Possible Trojan - /usr/bin/fmt
    Possible Trojan - /usr/bin/fold
    Possible Trojan - /usr/bin/head
    Possible Trojan - /usr/bin/hostid
    Possible Trojan - /usr/bin/id
    Possible Trojan - /usr/bin/install
    Possible Trojan - /usr/bin/join
    Possible Trojan - /usr/bin/kill
    Possible Trojan - /usr/bin/logname
    Possible Trojan - /usr/bin/md5sum
    Possible Trojan - /usr/bin/mkfifo
    Possible Trojan - /usr/bin/nl
    Possible Trojan - /usr/bin/od
    Possible Trojan - /usr/bin/paste
    Possible Trojan - /usr/bin/pathchk
    Possible Trojan - /usr/bin/pinky
    Possible Trojan - /usr/bin/pr
    Possible Trojan - /usr/bin/printenv
    Possible Trojan - /usr/bin/printf
    Possible Trojan - /usr/bin/ptx
    Possible Trojan - /usr/bin/readlink
    Possible Trojan - /usr/bin/seq
    Possible Trojan - /usr/bin/sha1sum
    Possible Trojan - /usr/bin/shred
    Possible Trojan - /usr/bin/split
    Possible Trojan - /usr/bin/stat
    Possible Trojan - /usr/bin/sum
    Possible Trojan - /usr/bin/tac
    Possible Trojan - /usr/bin/tail
    Possible Trojan - /usr/bin/tee
    Possible Trojan - /usr/bin/test
    Possible Trojan - /usr/bin/tr
    Possible Trojan - /usr/bin/tsort
    Possible Trojan - /usr/bin/tty
    Possible Trojan - /usr/bin/unexpand
    Possible Trojan - /usr/bin/uniq
    Possible Trojan - /usr/bin/users
    Possible Trojan - /usr/bin/vdir
    Possible Trojan - /usr/bin/wc
    Possible Trojan - /usr/bin/who
    Possible Trojan - /usr/bin/whoami
    Possible Trojan - /usr/bin/yes
    Possible Trojan - /usr/sbin/chroot
    Possible Trojan - /usr/libexec/openssh/sftp-server
    Possible Trojan - /usr/sbin/sshd
    Possible Trojan - /usr/lib/python2.2/site-packages/dmimodule.so
    Possible Trojan - /usr/sbin/rhnsd
    Possible Trojan - /usr/share/rhn/up2date_client/up2date.py
    Possible Trojan - /usr/share/rhn/up2date_client/up2date.pyc
    Possible Trojan - /usr/share/rhn/up2date_client/up2dateUtils.py
    Possible Trojan - /usr/sbin/nscd
    Possible Trojan - /usr/bin/funzip
    Possible Trojan - /usr/bin/unzip
    Possible Trojan - /usr/bin/unzipsfx
    Possible Trojan - /usr/bin/zipinfo
    Possible Trojan - /lib/libcrypto.so.0.9.7a
    Possible Trojan - /lib/libssl.so.0.9.7a
    Possible Trojan - /usr/bin/openssl
    Possible Trojan - /usr/bin/lha
    Possible Trojan - /usr/sbin/utempter
    162 POSSIBLE Trojans Detected
     
  2. *kb*

    *kb* Member

    Joined:
    Aug 13, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Maybe it's cos your spamming and your host isn't happy about it.
     
  3. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Yeah check out his 'SafeList' SPAM Site

    SPAM SPAM SPAM

    lol

    Where your TOS, AUP???

    SPAM SPAM SPAM
     
Loading...

Share This Page