Hi All. Logged into my server tonight to find a Dr. Watson
message waiting for me about iwebmsg.exe. I went into the spool
directory to check some logs and here are all these strange
files.
D3ced61f.FWD
IWM177.tmp
Q2cbea2d.FWP
Q3ced61f.FWP
Memo # 4 July 182000S4J(2).doc
Memo # 4 July 182000S4J(3).doc
Memo # 4 July 182000S4J(4).doc
IWM178.tmp
Q2cbea2d#1.FWP
Q3ced61f#1.FWP
IWM176.tmp
D2cbea2d.FWD
Q3fe6206.SMP
IWM177.tmp
Q2cbea2d.FWP
Q3ced61f.FWP
Memo # 4 July 182000S4J(2).doc
Memo # 4 July 182000S4J(3).doc
Memo # 4 July 182000S4J(4).doc
IWM178.tmp
Q2cbea2d#1.FWP
Q3ced61f#1.FWP
IWM176.tmp
D2cbea2d.FWD
Q3fe6206.SMP
The IMW.tmp files and Word docs were written at the same time as
Doc Watson by the Event Viewer.
Why is all this stuff in my spool directory? I'm using hksi web
mail. Not the new one that's coming out, and IMail 6.04.
Here is a sample of some of the stuff in the files. I ain't
gonna put it all because theyr are large.
POST
/Xaeb89b9f9a9ccc99cf9995b08065/sendmail.28303.cgi HTTP/1.1
Accept: application/msword, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer: http://216.242.16.196:8383/Xaeb89b9f9a9ccc99cf9995b08065/sendmail.15260.cgi
Accept-Language: en-us
Content-Type: multipart/form-data; boundary=---------------------------7d0be1267c
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; formatpb)
Host: 216.242.16.196:8383
Content-Length: 380410
Connection: Keep-Alive
Extension: Security/Remote-Passphrase
-----------------------------7d0be1267c
Content-Disposition: form-data; name="uid"
louis
-----------------------------7d0be1267c
Content-Disposition: form-data; name="page"
sendmail
-----------------------------7d0be1267c
Accept: application/msword, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer: http://216.242.16.196:8383/Xaeb89b9f9a9ccc99cf9995b08065/sendmail.15260.cgi
Accept-Language: en-us
Content-Type: multipart/form-data; boundary=---------------------------7d0be1267c
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; formatpb)
Host: 216.242.16.196:8383
Content-Length: 380410
Connection: Keep-Alive
Extension: Security/Remote-Passphrase
-----------------------------7d0be1267c
Content-Disposition: form-data; name="uid"
louis
-----------------------------7d0be1267c
Content-Disposition: form-data; name="page"
sendmail
-----------------------------7d0be1267c
Content-Disposition: form-data;
name="mbx"
And another:
QF:\IMail\spool\D2cbea2d.FWD
Hmail.tropicalwebcreations.net
T13
E0,
S<[EMAIL PROTECTED]>
R<[EMAIL PROTECTED]>
Hmail.tropicalwebcreations.net
T13
E0,
S<[EMAIL PROTECTED]>
R<[EMAIL PROTECTED]>
They all seem to be coming and or going out from the same two
guys.
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
