Joe Mc Cool wrote: >Please, > >logwatch is reporting: > > > >> --------------------- IMAP Begin ------------------------ >> >> >>[IMAPd] Connections: >>========================= >> Host | Connections | SSL | Total >>-------------------------------------- | ----------- | -------- | --------- >> 62.194.153.108 | 1 | 0 | 1 >> 69.43.178.11 | 1 | 0 | 1 >>--------------------------------------------------------------------------- >> 2 | 0 | 2 >> >> >> >>**Unmatched Entries** >> Command stream end of file, while reading line user=??? >> host=[69.43.178.11]: 1 Time(s) >> Null command before authentication host=h153108.upc-h.chello.nl >> [62.194.153.108]: 2 Time(s) >> >> ---------------------- IMAP End ------------------------- >> >> > >But, AFAIK, I am not using imap. Certainly ps -ef | grep imap >displays nothing. The reported ip addresses mean nothing to me. > >Is my system being exploited in some way ? > >Thanks > >Joe > > > > Joe ps -ef only show part of the services, others are using via inetd or xinetd. Please check your /etc/inetd.conf our /etc/xinetd.conf and remove:
... service imaps { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd } service pop-3 { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.qpopper server_args = -f /etc/qpopper.conf } ... bye -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]