[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SV: [cobalt-security] Weird user on my SMTP

Subject: Re: SV: [cobalt-security] Weird user on my SMTP
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Sun, 25 Mar 2001 23:36:33 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sun, 25 Mar 2001, Kai Schantz, Euroweb wrote:

> Hi
>
> Could anyone please tell me how and where I can:  (Make sure that he's
> listed in the
> GUI for not being able to connect also.) I need to totally banned some IP
> that is causing me trouble. I do have a raq3i and raq4r. The raq3 was
> hacked. I have this conection that almost always is there:
> error log
> [Sun Oct 29 04:15:09 2000] [error] [client 127.0.0.1] Directory index
> forbidden by rule: /usr/admserv/html/
> [Sun Oct 29 04:30:05 2000] [error] [client 127.0.0.1] Directory index
> forbidden by rule: /usr/admserv/html/
> ------------------------------------>
> [Sun Feb 25 17:00:05 2001] [error] [client 127.0.0.1] Directory index
> forbidden by rule: /usr/admserv/html/
> [Sun Feb 25 17:15:03 2001] [error] [client 127.0.0.1] Directory index
> forbidden by rule: /usr/admserv/html/
>
>
>  I allso find this ip on netstat allways
> and the Ip:127.0.0.1  is not in use as I understand. So I need to stop him.
> It has been contacting for months
>
> Hope sombody can help me how to banned some IP.

Eek.  127.0.0.1 = localhost, which is basically the RaQ.  I wouldn't
advise filtering localhost, unless you want an unusable RaQ.

References:
- SV: [cobalt-security] Weird user on my SMTP
  - From: Kai Schantz, Euroweb

Prev by Date: [cobalt-security] Netscape errors SSL or SSH
Next by Date: Re: [cobalt-security] are these worm files?
Previous by thread: SV: [cobalt-security] Weird user on my SMTP
Next by thread: Re: [cobalt-security] Weird user on my SMTP

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index