[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: [cobalt-security] Weird user on my SMTP

Hi

Could anyone please tell me how and where I can:  (Make sure that he's
listed in the
GUI for not being able to connect also.) I need to totally banned some IP
that is causing me trouble. I do have a raq3i and raq4r. The raq3 was
hacked. I have this conection that almost always is there:
error log
[Sun Oct 29 04:15:09 2000] [error] [client 127.0.0.1] Directory index
forbidden by rule: /usr/admserv/html/
[Sun Oct 29 04:30:05 2000] [error] [client 127.0.0.1] Directory index
forbidden by rule: /usr/admserv/html/
------------------------------------>
[Sun Feb 25 17:00:05 2001] [error] [client 127.0.0.1] Directory index
forbidden by rule: /usr/admserv/html/
[Sun Feb 25 17:15:03 2001] [error] [client 127.0.0.1] Directory index
forbidden by rule: /usr/admserv/html/


 I allso find this ip on netstat allways
and the Ip:127.0.0.1  is not in use as I understand. So I need to stop him.
It has been contacting for months

Hope sombody can help me how to banned some IP.

Ha en fin dag.../best regards

Kai R Schantz
euroweb as

> When I use Netstat -a to see what's happening on my box i keep
seeing this
> user on my smtp port.
> tcp        0      0 128.242.221.53:smtp     213.201.148.18:62702
> TIME_WAIT

After you added him to your hosts.deny file, did you try turning off
email so that he'd be disconnected, then turning it back on?
You might also want to check your email parameters and make sure this
IP isn't allowed to send out mail; could be that he's hooked up to you
and using you for a spam machine. (Make sure that he's listed in the
GUI for not being able to connect also.) How recently have you done a
check to see if you've been haqd?

CarrieB

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security