Date: Thu, 4 Feb 1999 06:52:35 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: <mike@seidata.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: what were these probes? Message-ID: <19990203175238.KHCJ682101.mta1-rme@wocker> In-Reply-To: <Pine.BSF.4.05.9902031021040.15985-100000@ns1.seidata.com> References: <19990202055804.YRQY682101.mta1-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 Feb 99, at 10:29, mike@seidata.com wrote: > > Feb 2 17:34:20 ns telnetd[29665]: refused connect from ns.cvvm.com > > Feb 2 17:34:20 ns telnetd[29667]: refused connect from ns.cvvm.com > > No real exploit here... Looks like tcpd is doing it's job. Did you > have the phf script open to world? What version of Apache are you > running? I'd suggest enabling (access.conf) the automatic logging of > phf attempts. Uncomment the following: > > <Location /cgi-bin/phf*> > deny from all > ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi > </Location> My cgi-bin directory is empty. And I'm running Apache 1.3 with FP extentions. > > Feb 2 17:34:25 ns sendmail[29666]: NOQUEUE: Null connection from > > root@ns.cvvm.com [139.142.106.131] > > Feb 2 17:34:51 ns sendmail[29668]: NOQUEUE: Null connection from > > root@ns.cvvm.com [139.142.106.131] > > As usual, I'd attempt to forward records of these attempts to all > related administrative accounts of cvvm.com (root, hostmaster, names > listed as Whois contacts, etc.). Their system may merely be a hostile > host, or it may be a hacked site being used as a source for more > hacks.... in which case the real admin's may have no clue about > what's going on. This was done. > What version of sendmail are you running? Not sure about the null > connection bit... unless they're just, again, trying to see what > you're running (since older versions were exploit ridden). sendmail 8.9.2 > Good luck... Thanks. > Mike Hoskins FWIW: We have a guy by this name who does our National Radio news. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203175238.KHCJ682101.mta1-rme>