Hello tanya-jawab, Hari ini saya dapat email dari mailer-daemon yang tidak bisa dimengerti, kenapa laporan LogWatch server saya yang dikirim oleh root ke root nyasar ke email orang? Saya jadi curiga, masalahnya server ini pernah kebobolan lewat scripts php yang gak secure. Walaupun pada saat itu tidak berhasil di exploit lebih dalam (dapat access root).
Berikut cuplikannya: ==== Start of Cuplikan ===== Hi. This is the qmail-send program at rr.com.au. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <pointer'[EMAIL PROTECTED]>: 193.252.22.141 failed after I sent the message. Remote host said: 550 Error: Message content rejected <cc40629b8352bf2f65dc6c663f26ffb5> --- Below this line is a copy of the message. Return-Path: <[EMAIL PROTECTED]> Received: (qmail 7624 invoked by uid 0); 26 Dec 2006 04:02:06 -0800 Date: 26 Dec 2006 04:02:06 -0800 Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: LogWatch for www.rr.com.au ################### LogWatch 4.3.2 (02/18/03) #################### Processing Initiated: Tue Dec 26 04:02:03 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: www.rr.com.au ################################################################ --------------------- Named Begin ------------------------ ==== Selesai of Cuplikan ==== Email tersebut dikirim oleh mailer-daemon, berikut envelopenya: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Ada yang bisa menjelaskan kenapa ini bisa terjadi ? Thanks, Nyoman.
pgpw3R4k8tpze.pgp
Description: PGP signature