saya perna mengalami sperti itu. 1. coba cek masing2 pc di client (trojan,virus) 2 sementara blok dulu port 25 khusus komputer yang sudah terdeteksi mengirim email tersebut. 3. perhatikan log mail anda, amati sewaktu waktu.
smoga membantu ----- Original Message ----- From: "dodo" <[EMAIL PROTECTED]> To: <tanya-jawab@linux.or.id> Sent: Monday, July 03, 2006 11:49 AM Subject: [tanya-jawab] Serangan Apa ini namanya ? - pls help | Hi all, | | Hari ini saya dapat email banyak sekali (+- 10.000) email terhitung | dari hari jum'at malam (30 Juni 2006) sampai pagi ini (3 Juli 2006). | Isi email spt yg saya attach dibawah ini. Ada yang tau jenis serangan | apa ini ?. | Kalo kemaren saya sudah ikuti saran Mas Rony untuk block di ssh-nya | kemudian Mas Fajar dengan utility Denyhosts. | Apakah ini serangan virus ? | Demikian dan terima kasih atas sarannya. | | -dodo- | | | Note : | - User yang di generated oleh email ini selalu berubah-ubah. dan tidak | ada dalam list user maildir. | -------------------------------------------------------------------------- ----------------- | | | Hi. This is the qmail-send program at xxxx.xxxx.co.id. | I tried to deliver a bounce message to this address, but the bounce bounced! | | <[EMAIL PROTECTED]>: | user does not exist, but will deliver to | /home/vpopmail/domains/xxxx.co.id/erna-i/Maildir/ | can not open new email file errno=2 | file=/home/vpopmail/domains/xxxx.co.id/erna-i/Maildir/tmp/1151659930.3123.xx xx.xxxx.co.id,S=9202 | system error | | --- Below this line is the original bounce. | | Return-Path: <> | Received: (qmail 3120 invoked for bounce); 30 Jun 2006 16:32:10 +0700 | Date: 30 Jun 2006 16:32:10 +0700 | From: [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Subject: failure notice | | Hi. This is the qmail-send program at xxxx.xxxx.co.id. | I'm afraid I wasn't able to deliver your message to the following addresses. | This is a permanent error; I've given up. Sorry it didn't work out. | | <[EMAIL PROTECTED]>: | user does not exist, but will deliver to | /home/vpopmail/domains/xxxx.co.id/erna-i/Maildir/ | can not open new email file errno=2 | file=/home/vpopmail/domains/xxxx.co.id/erna-i/Maildir/tmp/1151659930.3119.xx xx.xxxx.co.id,S=8474 | system error | | --- Below this line is a copy of the message. | | Return-Path: <[EMAIL PROTECTED]> | Received: (qmail 3117 invoked from network); 30 Jun 2006 16:32:10 +0700 | Received: from unknown (HELO mercury1) (10.62.220.11) | by xxxx.xxxx.co.id with SMTP; 30 Jun 2006 16:32:10 +0700 | Return-path: <[EMAIL PROTECTED]> | Received: from [16.113.144.21] (port=1896 helo=16.113.144.21) | by xxxx.co.id with esmtp | id ZHFBoI-osP687-61 | for [EMAIL PROTECTED]; Fri, 30 Jun 2006 04:18:46 +0100 | Content-class: urn:content-classes:message | Subject: NEvEr bEttEr cant bE fOund. | MIME-Version: 1.0 | Content-Type: multipart/related; | boundary="----_=_NextPart_001_01C69139.68151542"; | Date: Fri, 30 Jun 2006 04:18:46 +0100 | X-MimeOLE: Produced By Microsoft Exchange V6.5 | Message-ID: <[EMAIL PROTECTED]> | X-MS-Has-Attach: yes | X-MS-TNEF-Correlator: | Thread-Topic: NEvEr bEttEr cant bE fOund. | Thread-Index: eL3wCbEEsTeBvWREGUVaePrfkniI8U== | From: "Tamika" <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED] | X-Return-Path: [EMAIL PROTECTED] | X-MDaemon-Deliver-To: [EMAIL PROTECTED] | X-MDAV-Processed: xxxx.co.id, Fri, 30 Jun 2006 04:18:46 +0100 | X-Spam: Not detected | | ------_=_NextPart_001_01C69139.68151542 | Content-Type: multipart/alternative; | boundary="----_=_NextPart_002_01C69139.68151542" | | | ------_=_NextPart_002_01C69139.68151542 | Content-Type: text/plain; | charset="us-ascii" | Content-Transfer-Encoding: quoted-printable | | <http://gjghts.sevenlegend.com/?35042652>=20 | 69dqPQufvFjS81CueROy0mCvVcA5jlIV1on8Dv4zIj9taSfBAFuVS04pYd3eOb4wFDKZrDolPlzM | 4boIcigrhfK2X9eesMzRFcRzO5uFjOnNh52R3DZxb2UazoxhVBrZxdeGjMbnB7I1VIPITfHWT82m GC1 | i0kEj0pSLkYTI5yfP0UlIcTLr6swhTGLIGShEaCYvnbP1jRCLTFRit5WLQ9QFSnG1hQmCK | U9TCNPhGpgSfD7WmgdCRH9bC6Hjtcs96U4TiukOZkX3wI8UrX7kdHrQB2cJyQmcKF5WoJHt | eHZNKOtt78djNPmdXbwGstKxwRD7McacJ3or9QmlLaUpzxeAo33zgoR80B8srs8w5XyqqjuB | oqis1qEwafc6E3cUf4KCCcNhGUmeFT8JXuVSVwFuDp4g4rZZ7Od23PJC0rkLcFODp1iofXOSd0TC i | 5BDc5KRcF3kyGpUKdYwYPioVMKklAAzAgSo1JXQYFTv3im9lztMIXj3Sv5kBpzAdqPYYPtnkIxn1 Dj | a7alg2EAHVz3EVpIQz0uIRm5GGnM6vwwkQ4EUq1QJyZ1St6ZIBxqu72NITPZfu01oQuNkVGzN | dfzPrgA6DzwlX7buwzBsQKLOKIUpBnIz7yuRdJTzv0TB39ZttwBVpuNnqE98Ayg2NoS9oGfbpw | tyWVePg8uGSq12x2EFHqSRCqcrZXNbcYKEri1l75Y4QrsPjgeM1exwJ8JLimAWsvau6KZ020bBx | | | | | ------_=_NextPart_002_01C69139.68151542 | Content-Type: text/html; | charset="us-ascii" | Content-Transfer-Encoding: quoted-printable | | <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = | xmlns:o=3D"urn:schemas-microsoft-com:office:office" = | xmlns:w=3D"urn:schemas-microsoft-com:office:word" = | xmlns=3D"http://www.w3.org/TR/REC-html40";> | | <head> | <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = | charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word | 11 (filtered medium)"> <!--[if !mso]> <style> | v\:* {behavior:url(#default#VML);} | o\:* {behavior:url(#default#VML);} | w\:* {behavior:url(#default#VML);} | .shape {behavior:url(#default#VML);} | </style> | <![endif]--> | <style> | <!-- | /* Style Definitions */ | p.MsoNormal, li.MsoNormal, div.MsoNormal | {margin:0cm; | margin-bottom:.0001pt; | font-size:12.0pt; | font-family:"Times New Roman";} | a:link, span.MsoHyperlink | {color:blue; | text-decoration:underline;} | a:visited, span.MsoHyperlinkFollowed | {color:purple; | text-decoration:underline;} | span.EmailStyle17 | {mso-style-type:personal-compose; | font-family:Arial; | color:windowtext;} | @page Section1 | {size:595.3pt 841.9pt; | margin:2.0cm 42.5pt 2.0cm 3.0cm;} | div.Section1 | {page:Section1;} | --> | </style> | | </head> | | <body lang=3DEN link=3Dblue vlink=3Dpurple> | | <div class=3DSection1> | | <p class=3DMsoNormal><font size=3D2 face=3DArial><span = | style=3D'font-size:10.0pt; font-family:Arial'><a | href=3D"http://gjghts.sevenlegend.com/?35042652";><font = | color=3Dblack><span | style=3D'color:windowtext;text-decoration:none'><img border=3D0 = | id=3D"_x0000_i1025" = | src=3D"cid:image687.gif@wh53QK9L.Gz1qOiW"></span></font></a><o:p></o:p><= | /span></font></p> | <font style=3D'color:#F0F0F0'> | 69dqPQufvFjS81CueROy0mCvVcA5jlIV1on8Dv4zIj9taSfBAFuVS04pYd3eOb4wFDKZrDolPlzM <br> | 4boIcigrhfK2X9eesMzRFcRzO5uFjOnNh52R3DZxb2UazoxhVBrZxdeGjMbnB7I1VIPITfHWT82m GC1<br> | i0kEj0pSLkYTI5yfP0UlIcTLr6swhTGLIGShEaCYvnbP1jRCLTFRit5WLQ9QFSnG1hQmCK<br> | U9TCNPhGpgSfD7WmgdCRH9bC6Hjtcs96U4TiukOZkX3wI8UrX7kdHrQB2cJyQmcKF5WoJHt<br> | eHZNKOtt78djNPmdXbwGstKxwRD7McacJ3or9QmlLaUpzxeAo33zgoR80B8srs8w5XyqqjuB<br> | oqis1qEwafc6E3cUf4KCCcNhGUmeFT8JXuVSVwFuDp4g4rZZ7Od23PJC0rkLcFODp1iofXOSd0TC i<br> | 5BDc5KRcF3kyGpUKdYwYPioVMKklAAzAgSo1JXQYFTv3im9lztMIXj3Sv5kBpzAdqPYYPtnkIxn1 Dj<br> | a7alg2EAHVz3EVpIQz0uIRm5GGnM6vwwkQ4EUq1QJyZ1St6ZIBxqu72NITPZfu01oQuNkVGzN<br > | dfzPrgA6DzwlX7buwzBsQKLOKIUpBnIz7yuRdJTzv0TB39ZttwBVpuNnqE98Ayg2NoS9oGfbpw<b r> | tyWVePg8uGSq12x2EFHqSRCqcrZXNbcYKEri1l75Y4QrsPjgeM1exwJ8JLimAWsvau6KZ020bBx | </font> | </div> | | </body> | | </html> | | ------_=_NextPart_002_01C69139.68151542-- | | ------_=_NextPart_001_01C69139.68151542 | Content-Type: image/gif; | name="image687.gif" | Content-ID: <[EMAIL PROTECTED]> | Content-Description: image687.gif | Content-Location: image687.gif | Content-Transfer-Encoding: base64 | | R0lGODdhpgSAACIAACwAAAAApgSAAIIAAAD4+PgAAAAAAAAAAAAAAAAAAAAAAAAD/xi63P4w | ykmrvTjrzbv/YCiOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ikcslsOp/QqHRKrVqv | 2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIWGh4iJiouMjY6PkJGS | k5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfI | ycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+ | /wADChxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzbgGgsf+jx49fOEIQCbKkyZM2AKhUoJIk | BZcoY8qcWcIlzAk3aercyRMnA5srR/YcSrRoAJsOcrI0yrQpypYtk0ZQ6rSq1YhIG1ClerWr | 14NZf34dSxarWK0jg5Zdy1Zf1KNBob5dMLet3bt48+rdy7ev37+AAwseTLiw4cOIEytezLix | 48eQa3BdOBlH5QeXU6baqiEzM89G1eoQjRkzaZand9TVCrVF6iyvXWxtzeI0aLpDbtfUXZsu | bxWcM3iOjWV1yt8kQNP2bXy51J/OoauVy3o1ctfX4c6QS7xJ9qM1OwQPovT7BvNTfaAPL2P9 | HPchYI5/bmI+CvtU4H/QL9y06P//Z5WGW1JhLYUWfQcOqOAP3/F3gYOjgQAfcvj1UN52wKnH | IIaNQMiBfOkJdUKF7Al4hYed3XBTgQmCJ6KBYrEIookturighvtpJtxcK4k0nI//pRYdXBwB | SZJx1Q2JZIh1LWkjgjgVCSOP00Ul32srcvdgk0Xa1uOWOS3H3WVf2khlZlZW5592HjSnZZQu | ZhlmmaiVl2adBBJJ4I96Qofnn3tKyVygT0rQpZx59gkoBisqOiZzzvXoZYg0SscmkV52iduZ | 0bWG5p2DWqroqNohaeecmobqG6l6/kjnqGWGSeN8tB7IFYsB+lRjBZ0aKaoFhxKqJoq6Phig | pIUaatuN/wUeeeSuL9I3HIzQUlttWqUyuyCA1nbrbbFPTncsmtpu25mmz+Zq6KoKznhpjpW+ | hO6xCS6LIGlzmvutacxiOWu64frJK8Bm7iltiqzpGy+7hcZWobPRmgmUwi12Ry23DedK8KWN | HjwuvQIHjBqwIROMbMfrqikdvur6SOlSkQ55477RXokynxdrzDCHHw7oMslQjuduwUAHTTKJ | yc6c8s9TqtsylEozqrO1ZF6L60sGhkUuyO1e29/CSzfNdbcov6zw0ClTDLV9Gxvb9dNGS12x | 01FnzKvZVNc8t9p1px23z3DnvKu7hO8tdt91Fx6n1/veOvXhIe98YcJgF+0t2v9mT243Dbe9 | uXjSEdcZs5iGT1vpp0gjLSDTREMKFHXV6ua5yJsrC7voGLvNetsRb+y7CJoDzfSjeQ+O9b2u | W1w8zWUnyaWTyOPOcqDQx9ss3uUevzDmglN8Ne5gBnl71is36bScpI87vtaMN14v+XTHn/jj | mE7/d42OMzp+0sRrP+Xt3HuBct73ubtBLXtoE5TlAqer4FlNbqwDz2R4F7uveS97fsOf/JiU | N9O97YNU440Djze8zK3Nf2frGf1OGDrszQpxsmpT9NzXOwOCLYAyot/WLDjB7r3QeDVk3thA | 90CQ7U5CL/teAGu3wgOakG6/mZHiELeCATLsZx4sXeT/IBYjuXXPgzGsnBUjqMDl0S5qndvi | 45RHu4nxbXUd9CLGCLdEcG0QjmfUWvPMyD8dAut32Jti62jmRww20Y55LOTIQihGSvnrYxcE | YcOadz3KKTJZYWxjJX3IxZ0hUF9HVJYGzahEBkqRgDOz4iLReMcrbkuPlkxB/6J0sloOzE34 | stLr3kXEqeByS6KTnrMAOLu0oAtzxcRU+cTHRmXG5Zm7ZGOvkAWpW5aqjsZ8l6le1Uxhls+a | 1AzmsIw0zSoR01fVPFoun1dOm72ueqFip/OEZcE+yTNJaHGTE3vZqtCB6i33lF6ilknPyKXz | TwAtppJepcx4ik+bp1qnpahZ/5lMrdOi/hlmO7+ZPGxmlGMLlWawVgbRVK3SEMSKQkrxsNJD | MqKlXECR7Fx4wwzqAaaybANOdbHTJfRUDj393iJ+WpwM8cxrRJVCUhGxVFnsjw1PnURU6yOz | SMAzE1eNz+gs2lSfVjUyYA2rWMdK1rKa9axoTata18rWtrq1ctqY0Fvn2olutgmnXZUXcIRk | 1/t0Dpfoq+c8F0jXwtphqggbgeoEiCOjwhU7/DRcIqlow/gY9rJxcI9cW9iexuaUs511Gydd | Klh4Yfa0a5gNqp6TVWN2ilWtdeavvKmy8Pnpl64qo8wWe1uy9TWyl9wkLaknUndaB1S+vNIi | n5cw3P/mFbWN0ZwgC2jagbKvsvYqInA5aTJPJrG72h1YtiRZ2VsOTbgopOz2ala1wzWnX2d7 | LnQZk8lBBmw9teIjaJXmQBGusX3bxSRN8QhI0dJ2tJEkLCEDuV9Hkrd211XvfCc8tenuEnhJ | 7OgfTXXDZLo2dwW2KUHDS8L/IbbBkhWuKgG83g8bS0pXO+8Q5UthxGTFwmfJlxdnaJ49gs6/ | ivQoEZE5YNZC7jw7VnEr4xfFx6oXxmfEYIQXXOMqRxjHZEvsZH34RChe8rtB3iH8TkpD4SHY | wP5TsoR/rEItLlmCcGYlKSHpXTJXea5junBtl0ul8zAXVlmd3SwbStINpyr/odFEHTPZ1L9B | rymchJbXiQtN6YPScquKPi4zu2mykKqMucrl151HXSJSj8jUqI4Bjdu66lS7+tUuhrWsZ03r | Wtv61rjOta53zete+/rXwA62sIdN7GIb+9jITrayl83sZjv72dCOtrSnTe1qW/va2M62trfN | 7W57+9vgDre4x03ucpv73OhOt7rXze52u/vd8I63vOfR6jfP+95Q+K0A6w2D1RoMeA5TEb7v | fabk5Ma8sbWMeIqsZc8O/N1VKvWG0GwECjG8tDzg98NzDWV0siqbNnu0om+bqQCbXJzs+rOh | 46TQgKO4oPwtOaD/evGNj7vjhnTklCVmOTdqcsfY693zkcEMQ5qmMZUMTiEwX25zceP8waf7 | pL2DzGIqd5mBA+4haK/j42+Fcs0ibvq5sTjELmNZ0uaT5IoRzj1Hx7roW9+Rkly4Ow8jWezs | TmCAzy5kGasd6HZsu2Xh3kg0d53NUVYs3vOuQVXOsV7tPekmOZ1kHC7Z71mOu4Gzu0/O48zJ | i/d2waeOp4cabOTQXJQu0R7o1YMPn2wvaKM95/aPQlNMyeQrp0cYennvVOPDAH7vdx1Ufgh/ | +LeeNMATjvzmO//50I++9KdP/epb//rYz772t8/97nv/++APv/jHT/7ym//86IdEAgAAOw== | | ------_=_NextPart_001_01C69139.68151542-- | | -- | FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab | Unsubscribe: kirim email ke [EMAIL PROTECTED] | Arsip dan info milis selengkapnya di http://linux.or.id/milis | | -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
