Date: Thu, 4 Oct 2001 12:48:37 -0400 From: "Drew J. Weaver" <drew.weaver@thenap.com> To: 'Shannon Wheeler' <swheeler@mcmurraycomputer.com>, freebsd-isp@FreeBSD.ORG Subject: RE: eggdrop Message-ID: <B1A7D9973EBED3119ADD009027DC86492B15DC@mailman.thenap.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C14CF4.69C1BC00 Content-Type: text/plain Having an eggdrop 'spring up' on one of your servers is a telltale sign of intrusion. The 2 times in 5 years that one of my servers has been compromised they have *always* setup a eggdrop bot on the server. Its kind of stupid really but hey. Whatever right? -----Original Message----- From: Shannon Wheeler [mailto:swheeler@mcmurraycomputer.com] Sent: Thursday, October 04, 2001 11:54 AM To: freebsd-isp@FreeBSD.ORG Subject: eggdrop feel free to come down on me hard about this... yesterday my pop3 was not responding, so I telneted in and saw that something called eggdrop1.4 was running... I killed it right away (shot first, ask questions later), but qpopper still didn't respond so I rebooted. Eventually qpopper started responding again but it seemed to take a long time and I had to start Apache manually. Was eggdrop something to do with CVS that I shouldn't have stopped? yes, I've looked it up. All references I've found refer to an IRC bot. - Someone just guessed or snooped my password? Any suggestions for a secure telnet? thanks, Shannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C14CF4.69C1BC00 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2654.45"> <TITLE>RE: eggdrop</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Having an eggdrop 'spring up' on one of your servers = is a telltale sign of intrusion. The 2 times in 5 years that one of my = servers has been compromised they have *always* setup a eggdrop bot on = the server. Its kind of stupid really but hey. Whatever = right?</FONT></P> <BR> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Shannon Wheeler [<A = HREF=3D"mailto:swheeler@mcmurraycomputer.com">mailto:swheeler@mcmurrayco= mputer.com</A>] </FONT> <BR><FONT SIZE=3D2>Sent: Thursday, October 04, 2001 11:54 AM</FONT> <BR><FONT SIZE=3D2>To: freebsd-isp@FreeBSD.ORG</FONT> <BR><FONT SIZE=3D2>Subject: eggdrop</FONT> </P> <P><FONT SIZE=3D2>feel free to come down on me hard about = this...</FONT> </P> <P><FONT SIZE=3D2>yesterday my pop3 was not responding, so I telneted = in and saw that</FONT> <BR><FONT SIZE=3D2>something called eggdrop1.4 was running...</FONT> </P> <P><FONT SIZE=3D2>I killed it right away (shot first, ask questions = later), but qpopper still</FONT> <BR><FONT SIZE=3D2>didn't respond so I rebooted.</FONT> </P> <P><FONT SIZE=3D2>Eventually qpopper started responding again but it = seemed to take a long</FONT> <BR><FONT SIZE=3D2>time and I had to start Apache manually.</FONT> </P> <P><FONT SIZE=3D2>Was eggdrop something to do with CVS that I shouldn't = have stopped?</FONT> </P> <P><FONT SIZE=3D2>yes, I've looked it up. All references I've found = refer to an IRC bot. -</FONT> <BR><FONT SIZE=3D2>Someone just guessed or snooped my password?</FONT> </P> <P><FONT SIZE=3D2>Any suggestions for a secure telnet?</FONT> </P> <P><FONT SIZE=3D2>thanks,</FONT> <BR><FONT SIZE=3D2>Shannon</FONT> </P> <BR> <BR> <BR> <P><FONT SIZE=3D2>To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>with "unsubscribe freebsd-isp" in the body = of the message</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C14CF4.69C1BC00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B1A7D9973EBED3119ADD009027DC86492B15DC>