www server question
Brian Densmore
DensmoreB at ctbsonline.com
Tue Sep 25 18:41:44 CDT 2001
Checking my mail today, I found several remove requests in my admin
mailbox. This I found quite odd as I don't maintain a newsletter, or
spam anyone from my server.
checking my logs I discovered this:
Sep 19 11:30:30 dunsmuir named[356]: Lame server on
'137.208.92.198.in-addr.arpa' (in '208.92.198.IN-ADDR.ARPA'?):
[207.112.196.69].53 'ns3.anet.com'
Sep 19 11:30:30 dunsmuir named[356]: Lame server on
'137.208.92.198.in-addr.arpa' (in '208.92.198.IN-ADDR.ARPA'?):
[207.7.4.66].53
'ns1.anet.com'
Sep 19 11:30:30 dunsmuir named[356]: Lame server on
'137.208.92.198.in-addr.arpa' (in '208.92.198.IN-ADDR.ARPA'?):
[207.7.4.67].53
'ns2.anet.com'
What is this?
And this one (happened five times, as noted in second message):
Sep 19 23:05:33 dunsmuir named[356]: bad referral
(243.17.198.in-addr.arpa !< 188.243.17.198.IN-ADDR.ARPA) from
[129.250.35.32].53
Sep 19 23:05:33 dunsmuir last message repeated 4 times
AND THIS ONE!
Sep 20 02:42:07 dunsmuir sendmail[22719]: CAA22719:
from=<owner-nolist-136_1*BOB**AMASON*-NET at LISTSERV.NETWORKPROMOTION.COM>
, size=0, class=0, pri=0, nrcpts=0, bodytype=8BITMIME, proto=ESMTP,
relay=glmail4.networkpromotion.com [142.166.168.174]
Did someone crack into my mail-server to spam?!
Any help on how to stop these crackers would be appreciated.
Brian Densmore
Associate
mailto:densmoreb at ctbsonline.com
CompuTech Business Solutions, Inc.
http://www.ctbsonline.com/
More information about the Kclug
mailing list