yellowdefend
11-26-2002, 01:35 PM
I had recently installed PortSentry/LogSentry on our XTR by the company I purchased the RAQ from.
Not knowing the full details of the e-mails received I searched the sites and found nothing on it.
About every 15 min I get the following Msg:
Security Violations
=-=-=-=-=-=-=-=-=-=
Nov 26 08:30:00 www cced(smd)[21844]: client [0:21842] has admin rights Nov 26 08:30:05 www sendmail[21867]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 26 08:30:00 www cced(smd)[3453]: client connection accepted from [0:21842] Nov 26 08:30:00 www cced(smd)[21844]: client [0:21842] has admin rights Nov 26 08:30:03 www cced(smd)[21844]: client [0:21842] disconnected Nov 26 08:30:03 www proftpd[21845]: www.mydomain.com (localhost[127.0.0.1]) - FTP session opened.
Nov 26 08:30:03 www proftpd[21845]: www.mydomain.com (localhost[127.0.0.1]) - FTP session closed.
Nov 26 08:30:03 www in.proftpd[21845]: connect from 127.0.0.1 Nov 26 08:30:04 www imapd[21846]: connect from 127.0.0.1 Nov 26 08:30:05 www in.qpopper[21866]: connect from 127.0.0.1 Nov 26 08:22:01 www amavis[21508]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002 Nov 26 08:24:32 www amavis[21615]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002 Nov 26 08:30:04 www imapd[21846]: imap service init from 127.0.0.1 Nov 26 08:30:04 www imapd[21846]: Logout user=??? host=localhost [127.0.0.1] Nov 26 08:30:05 www sendmail[21867]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Nov 26 08:31:33 www amavis[21938]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002
I have been using the UI daily but not 24/7
Am I being hacked or is there a bug in the software.
Alan
Not knowing the full details of the e-mails received I searched the sites and found nothing on it.
About every 15 min I get the following Msg:
Security Violations
=-=-=-=-=-=-=-=-=-=
Nov 26 08:30:00 www cced(smd)[21844]: client [0:21842] has admin rights Nov 26 08:30:05 www sendmail[21867]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 26 08:30:00 www cced(smd)[3453]: client connection accepted from [0:21842] Nov 26 08:30:00 www cced(smd)[21844]: client [0:21842] has admin rights Nov 26 08:30:03 www cced(smd)[21844]: client [0:21842] disconnected Nov 26 08:30:03 www proftpd[21845]: www.mydomain.com (localhost[127.0.0.1]) - FTP session opened.
Nov 26 08:30:03 www proftpd[21845]: www.mydomain.com (localhost[127.0.0.1]) - FTP session closed.
Nov 26 08:30:03 www in.proftpd[21845]: connect from 127.0.0.1 Nov 26 08:30:04 www imapd[21846]: connect from 127.0.0.1 Nov 26 08:30:05 www in.qpopper[21866]: connect from 127.0.0.1 Nov 26 08:22:01 www amavis[21508]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002 Nov 26 08:24:32 www amavis[21615]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002 Nov 26 08:30:04 www imapd[21846]: imap service init from 127.0.0.1 Nov 26 08:30:04 www imapd[21846]: Logout user=??? host=localhost [127.0.0.1] Nov 26 08:30:05 www sendmail[21867]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Nov 26 08:31:33 www amavis[21938]: starting. amavis 0.3.12pre8 Tue Aug 13 12:31:02 EDT 2002
I have been using the UI daily but not 24/7
Am I being hacked or is there a bug in the software.
Alan