Re: [tanya-jawab] Mohon Bantuan Analisa Log

Wed, 03 Jan 2007 02:48:19 -0800 

Nyoman D wrote:

Hello tanya-jawab,

  Hari ini saya dapat email dari mailer-daemon yang tidak bisa
  dimengerti, kenapa laporan LogWatch server saya yang dikirim oleh
  root ke root nyasar ke email orang? Saya jadi curiga, masalahnya
  server ini pernah kebobolan lewat scripts php yang gak secure.
  Walaupun pada saat itu tidak berhasil di exploit lebih dalam (dapat
  access root).

  Berikut cuplikannya:

==== Start of Cuplikan =====
Hi. This is the qmail-send program at rr.com.au. 
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<pointer'[EMAIL PROTECTED]>:
193.252.22.141 failed after I sent the message.
Remote host said: 550 Error: Message content rejected 
<cc40629b8352bf2f65dc6c663f26ffb5>

--- Below this line is a copy of the message.

Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 7624 invoked by uid 0); 26 Dec 2006 04:02:06 -0800
Date: 26 Dec 2006 04:02:06 -0800
Message-ID: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: LogWatch for www.rr.com.au
################### LogWatch 4.3.2 (02/18/03) #################### Processing Initiated: Tue Dec 26 04:02:03 2006 
       Date Range Processed: yesterday
     Detail Level of Output: 0
          Logfiles for Host: www.rr.com.au
################################################################ 
 --------------------- Named Begin ------------------------

==== Selesai of Cuplikan ====

Email tersebut dikirim oleh mailer-daemon, berikut envelopenya:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice
From:, To:, Subject: adalah header bukan envelope. envelope MAIL FROM: , RCPT TO: (sewaktu smtp conversation berlangsung setelah HELO/EHLO)
coba liat isi /etc/cron.daily/00-logwatch (biasanya logwatch set crontabnya di situ) 

$Config{'mailto'} = "root";

isinya seperti contoh di atas atau yg lain?


Ada yang bisa menjelaskan kenapa ini bisa terjadi ?

Thanks,

Nyoman.



--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Kirim email ke