That doesn't matter. Change the password and make it a hard one.
Saturday, April 14, 2007, 8:42:46 PM, florida.com <[EMAIL PROTECTED]> wrote:
fc>
fc>
fc> Root is disabled as user
fc>
fc>
fc>
fc>
fc>
fc> Change the password for root. It's probably "password"
fc>
fc>
fc>
fc>
fc>
fc>
fc> ----- Original Message -----
fc>
fc> From: florida.com
fc>
fc> To: [EMAIL PROTECTED]
fc>
fc> Sent: Friday, April 13, 2007 4:29 PM
fc>
fc> Subject: [IMail Forum] Some is hijacking my server
fc>
fc>
fc> What is going on here?
fc>
fc>
fc>
fc> My log file is huge-
fc>
fc>
fc>
fc> Relay is set for NO--
fc>
fc>
fc>
fc> It looks like someone logged as ROOT and is sending SPAM
fc>
fc>
fc>
fc> However user ROOT is disabled
fc>
fc>
fc>
fc>
fc>
see ----- >> (90bf089a00005822)
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc>
fc> 04:13 10:16 SMTPD(90bf089a00005822) [209.208.92.68] connect 64.40.84.126
port 1970
fc> 04:13 10:16 SMTPD(90bf089a00005822) [ 64.40.84.126] EHLO User
fc> 04:13 10:16 SMTPD(90bf089a00005822) Authenticated
fc> [EMAIL PROTECTED], session treated as local.
fc> 04:13 10:16 SMTPD(90bf089a00005822) [ 64.40.84.126] MAIL FROM:<[EMAIL
PROTECTED]>
fc> 04:13 10:16 SMTPD(90bf089a00005822) [64.40.84.126] RCPT TO:< [EMAIL
PROTECTED]>
fc> 04:13 10:16 SMTPD(90bf089a00005822) [x] looking up yahoo.com in HOSTS
fc> 04:13 10:16 SMTPD(90bf089a00005822) [64.40.84.126]
fc> d:\IMAIL\spool\D90bf089a00005822.SMD 4409
fc> 04:13 10:16 SMTP-(90bf089a00005822) processing
fc> d:\IMAIL\spool\Q90bf089a00005822.SMD
fc> 04:13 10:16 SMTP-(90bf089a00005822) Authed User root@
fc> 04:13 10:16 SMTP-(90bf089a00005822) sender < [EMAIL PROTECTED]>
fc> 04:13 10:16 SMTP-(90bf089a00005822) recip is <[EMAIL PROTECTED]>
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up yahoo.com in HOSTS
and MX
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up yahoo.com in HOSTS
and MX
fc> 04:13 10:16 SMTP-(90bf089a00005822) closed
fc> d:\IMAIL\spool\_90bf089a00005822.~MD - 1
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up in HOSTS and MX
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up in HOSTS and MX
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up by stack
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] looking up by stack
fc> 04:13 10:16 SMTP-(90bf089a00005822) R<[EMAIL PROTECTED]> - 1
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] doing direct send yahoo.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) Trying yahoo.com (0)
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] Connecting socket to
fc> service <SMTP> on host <yahoo.com > using protocol <tcp>
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] using source IP for
atlanticcity.com [209.208.92.68]
fc> 04:13 10:16 SMTP-(90a9000004a43816) 220
fc> *********************************************************2***0 *****
fc> 04:13 10:16 SMTP-(90a9000004a43816) Connect azfcu.org [64.140.179.115:25]
(1)
fc> 04:13 10:16 SMTP-(90a9000004a43816) >EHLO atlanticcity.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) 220
fc> mta505.mail.mud.yahoo.com ESMTP YSmtp service ready
fc> 04:13 10:16 SMTP-(90bf089a00005822) Connect yahoo.com [209.191.118.103:25]
(1)
fc> 04:13 10:16 SMTP-(90bf089a00005822) >EHLO atlanticcity.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250-mta505.mail.mud.yahoo.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250-8BITMIME
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250-SIZE 31981568
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250 PIPELINING
fc> 04:13 10:16 SMTP-(90bf089a00005822) >MAIL
fc> FROM:<[EMAIL PROTECTED]> SIZE=4409
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250 sender < [EMAIL PROTECTED]> ok
fc> 04:13 10:16 SMTP-(90bf089a00005822) >RCPT To:<[EMAIL PROTECTED]>
fc> 04:13 10:16 SMTP-(90a9000004a43816) 500 Unknown or unimplemented
command
fc> 04:13 10:16 SMTP-(90a9000004a43816) >HELO atlanticcity.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) 250 recipient <[EMAIL PROTECTED] >
ok
fc> 04:13 10:16 SMTP-(90bf089a00005822) >DATA
fc> 04:13 10:16 SMTP-(90bf089a00005822) 354 go ahead
fc> 04:13 10:16 SMTP-(90bf089a00005822) >.
fc> 04:13 10:16 SMTP-(90a9000004a43816) 250 OK
fc> 04:13 10:16 SMTP-(90a9000004a43816) >MAIL FROM:<>
fc> 04:13 10:16 SMTP-(90bf089a00005822) 451 Message temporarily deferred -
[170]
fc> 04:13 10:16 SMTP-(90bf089a00005822) Body of message
fc> generated response from the SMTP server on yahoo.com: 451
fc> Message temporarily deferred - [170]
fc> 04:13 10:16 SMTP-(90bf089a00005822) SMTP_DELIV_FAILED
fc> 04:13 10:16 SMTP-(90bf089a00005822) >QUIT
fc> 04:13 10:16 SMTP-(90a9000004a43816) 250 OK
fc> 04:13 10:16 SMTP-(90a9000004a43816) >RCPT To:< [EMAIL PROTECTED]>
fc> 04:13 10:16 SMTP-(90bf089a00005822) 221 mta505.mail.mud.yahoo.com
fc> 04:13 10:16 SMTP-(90bf089a00005822) [u] closing socket (u)
fc> 04:13 10:16 SMTP-(90bf089a00005822) R< [EMAIL PROTECTED]> - 4
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] doing gatesend
fc> 04:13 10:16 SMTP-(90bf089a00005822) Trying (1)
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] Connecting socket to
fc> service <SMTP> on host < > using protocol <tcp>
fc> 04:13 10:16 SMTP-(90bf089a00005822) [x] using source IP for
atlanticcity.com [209.208.92.68]
fc> 04:13 10:16 SMTP-(90bf089a00005822) ERR no address " "
fc> 04:13 10:16 SMTP-(90bf089a00005822) SMTP connection failed for host
fc> 04:13 10:16 SMTP-(90bf089a00005822) R<[EMAIL PROTECTED]> - 5
fc> 04:13 10:16 SMTP-(90bf089a00005822) R< [EMAIL PROTECTED]> - 5
fc> 04:13 10:16 SMTP-(90bf089a00005822) requeuing
fc> d:\IMAIL\spool\Q90bf089a00005822.SMD R0 T1
fc> 04:13 10:16 SMTP-(90bf089a00005822) finished
fc> d:\IMAIL\spool\Q90bf089a00005822.SMD status=3
fc>
----
Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
(972) 788-2364 Fax: (972) 788-5049
----
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
