Wurde ich gehackt??????????

Debian macht sich hervorragend als Web- und Mailserver. Schau auch in den " Tipps und Tricks"-Bereich.
Antworten
Benutzeravatar
walki
Beiträge: 46
Registriert: 24.02.2002 01:12:36
Wohnort: In Hohenlohe
Kontaktdaten:

Wurde ich gehackt??????????

Beitrag von walki » 24.06.2002 10:50:17

Hallo folgende Frage: Wurde ich gehackt???
Habe auf einmal ganz komische emails die aber nicht von mir oder sonstwem sein können der lokalen Zugriff auf meine Rechner hat.
----- The following addresses have delivery notifications -----
<michaelschamens1474@city.ueda.nagano.jp> (failed: Bad destination mailbox address)



Reporting-MTA: dns;gwsv.city.ueda.nagano.jp (TeamWARE Connector for MIME v5.x)
Original-Envelope-Id: E17MGvw-00083p-00@changer.walki.homelinux.org

Original-Recipient: rfc822;michaelschamens1474@city.ueda.nagano.jp
Final-Recipient: rfc822;michaelschamens1474@city.ueda.nagano.jp
Action: failed (Bad destination mailbox address)
Status: 5.1.1

oder z.B.

From - Mon Jun 24 10:43:11 2002
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: Mailer-Daemon@walki.homelinux.org
Received: from mail.hillstrath.on.ca ([24.215.2.200])
by changer.walki.homelinux.org with esmtp (Exim 3.35 #1 (Debian))
id 17MCFg-0005B5-00
for <Mailer-Daemon@walki.homelinux.org>; Sun, 23 Jun 2002 20:38:20 +0200
Message-id: <fc.0066403300271fcb3b9aca00f9f1313b.271fcc@hillstrath.on.ca>
Date: Sun, 23 Jun 2002 14:37:58 -0400
Subject: NDN: Mail delivery failed: returning message to sender
X-FC-Icon-ID: 2031
X-FC-MachineGenerated: true
To: Mailer-Daemon@walki.homelinux.org
From: "Mailer-Daemon" <Mailer-Daemon@hillstrath.on.ca>
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Sorry. Your message could not be delivered to:

willowgld1193,Hillfield Strathallan C (The name was not found at the
remote site. Check that the name has been entered correctly.)

Habe dann auch noch in den logfiles folgendes gefunden:

Jun 16 11:24:59 changer proftpd[18803]: connect from 211.22.104.253
Jun 16 11:25:00 changer proftpd[18803]: No certificate files found!
Jun 16 11:25:02 changer proftpd[18803]: changer.walki.homelinux.org (211.22.104.253[211.22.104.253]) - FTP session opened.
Jun 16 11:25:02 changer proftpd[18803]: changer.walki.homelinux.org (211.22.104.253[211.22.104.253]) - FTP session closed.
Jun 16 11:31:06 changer proftpd[18963]: connect from 211.22.104.253
Jun 16 11:31:06 changer proftpd[18963]: No certificate files found!
Jun 16 11:31:06 changer proftpd[18963]: changer.walki.homelinux.org (211.22.104.253[211.22.104.253]) - FTP session opened.
Jun 16 11:31:15 changer proftpd[18963]: changer.walki.homelinux.org (211.22.104.253[211.22.104.253]) - FTP session closed.
Jun 16 12:39:52 changer proftpd[19938]: connect from 62.211.196.193
Jun 16 12:39:52 changer proftpd[19938]: No certificate files found!
Jun 16 12:39:53 changer proftpd[19938]: changer.walki.homelinux.org (r-rm200-6a193.tin.it[62.211.196.193]) - FTP session opened.
Jun 16 12:39:58 changer proftpd[19938]: changer.walki.homelinux.org (r-rm200-6a193.tin.it[62.211.196.193]) - FTP session closed.
Jun 16 12:52:11 changer imapd[20244]: connect from 192.168.237.70
Jun 16 12:52:47 changer imapd[20247]: connect from 192.168.237.70
Jun 16 12:52:49 changer imapd[20250]: connect from 192.168.237.70
Jun 16 12:53:30 changer imapd[20257]: connect from 192.168.237.70
Jun 16 12:53:32 changer imapd[20260]: connect from 192.168.237.70
Jun 16 12:54:34 changer imapd[20274]: connect from 192.168.237.70
Jun 16 14:24:40 changer proftpd[21722]: connect from 213.93.167.24
Jun 16 14:24:40 changer proftpd[21722]: No certificate files found!
Jun 16 14:24:44 changer proftpd[21722]: changer.walki.homelinux.org (e167024.upc-e.chello.nl[213.93.167.24]) - FTP session opened.
Jun 16 14:24:44 changer proftpd[21722]: changer.walki.homelinux.org (e167024.upc-e.chello.nl[213.93.167.24]) - FTP session closed.
Jun 16 21:33:28 changer imapd[28607]: connect from 192.168.237.70
Jun 16 21:33:35 changer imapd[28610]: connect from 192.168.237.70
Jun 17 22:27:55 changer proftpd[20637]: connect from 61.104.110.61
Jun 17 22:27:56 changer proftpd[20637]: No certificate files found!
Jun 17 22:27:56 changer proftpd[20637]: changer.walki.homelinux.org (61.104.110.61[61.104.110.61]) - FTP session opened.
Jun 17 22:27:57 changer proftpd[20637]: changer.walki.homelinux.org (61.104.110.61[61.104.110.61]) - FTP session closed.
Jun 18 13:37:14 changer rpc.statd[226]: Version 1.0 Starting
Jun 18 20:40:22 changer imapd[7008]: connect from 192.168.237.70
Jun 18 20:40:23 changer imapd[7009]: connect from 192.168.237.70
Jun 18 20:40:23 changer imapd[7010]: connect from 192.168.237.70
Jun 18 20:41:03 changer imapd[7017]: connect from 192.168.237.70
Jun 18 20:42:33 changer imapd[7018]: connect from 192.168.237.70
Jun 18 20:42:51 changer imapd[7025]: connect from 192.168.237.70
Jun 18 20:42:53 changer imapd[7028]: connect from 192.168.237.70
Jun 18 20:42:55 changer imapd[7031]: connect from 192.168.237.70
Jun 18 20:42:57 changer imapd[7034]: connect from 192.168.237.70
Jun 18 20:42:59 changer imapd[7035]: connect from 192.168.237.70
Jun 18 23:47:33 changer init: Switching to runlevel: 6
Jun 18 23:47:48 changer rpc.statd[227]: Caught signal 15, un-registering and exiting.
Jun 18 23:49:00 changer rpc.statd[209]: Version 1.0 Starting
Jun 19 00:05:02 changer in.telnetd[692]: connect from 192.168.237.70
Jun 19 11:11:24 changer proftpd[12048]: connect from 212.105.202.66
Jun 19 11:11:24 changer proftpd[12048]: No certificate files found!
Jun 19 11:11:25 changer proftpd[12048]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - FTP session opened.
Jun 19 11:11:25 changer proftpd[12048]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - Refused PORT 192,168,0,23,7,35 (address mismatch).
Jun 19 11:12:14 changer proftpd[12048]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - FTP session closed.
Jun 19 11:12:41 changer proftpd[12049]: connect from 212.105.202.66
Jun 19 11:12:41 changer proftpd[12049]: No certificate files found!
Jun 19 11:12:41 changer proftpd[12049]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - FTP session opened.
Jun 19 11:13:03 changer proftpd[12049]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - Refused PORT 192,168,0,23,7,42 (address mismatch).
Jun 19 11:22:42 changer proftpd[12049]: changer.walki.homelinux.org (gate1.mediatransfer.de[212.105.202.66]) - FTP no transfer timeout, disconnected.
Jun 19 13:03:03 changer proftpd[13809]: connect from 61.104.110.61
Jun 19 13:03:03 changer proftpd[13809]: No certificate files found!
Jun 19 13:03:03 changer proftpd[13809]: changer.walki.homelinux.org (61.104.110.61[61.104.110.61]) - FTP session opened.
Jun 19 13:03:04 changer proftpd[13809]: changer.walki.homelinux.org (61.104.110.61[61.104.110.61]) - FTP session closed.
Jun 19 22:06:35 changer imapd[22471]: connect from 192.168.237.70
Jun 19 22:07:12 changer imapd[22474]: connect from 192.168.237.70
Jun 20 19:48:08 changer imapd[11453]: connect from 192.168.237.70
Jun 20 19:48:08 changer imapd[11454]: connect from 192.168.237.70
Jun 20 19:48:09 changer imapd[11455]: connect from 192.168.237.70
Jun 20 19:48:27 changer imapd[11464]: connect from 192.168.237.70
Jun 20 19:50:40 changer imapd[11481]: connect from 192.168.237.70
Jun 20 22:13:32 changer in.telnetd[13738]: connect from 192.168.237.70
Jun 21 18:43:07 changer proftpd[1529]: connect from 213.97.30.37
Jun 21 18:43:07 changer proftpd[1529]: No certificate files found!
Jun 21 18:43:08 changer proftpd[1529]: changer.walki.homelinux.org (213-97-30-37.uc.nombres.ttd.es[213.97.30.37]) - FTP session opened.
Jun 21 18:43:08 changer proftpd[1529]: changer.walki.homelinux.org (213-97-30-37.uc.nombres.ttd.es[213.97.30.37]) - FTP session closed.
Jun 21 18:45:08 changer proftpd[1537]: connect from 213.97.30.37
Jun 21 18:45:08 changer proftpd[1537]: No certificate files found!
Jun 21 18:45:18 changer proftpd[1537]: changer.walki.homelinux.org (213-97-30-37.uc.nombres.ttd.es[213.97.30.37]) - FTP session opened.
Jun 21 18:45:18 changer proftpd[1537]: changer.walki.homelinux.org (213-97-30-37.uc.nombres.ttd.es[213.97.30.37]) - FTP session closed.
Jun 21 18:58:57 changer imapd[1838]: connect from 192.168.237.70
Jun 21 18:58:58 changer imapd[1839]: connect from 192.168.237.70
Jun 21 18:58:58 changer imapd[1840]: connect from 192.168.237.70
Jun 21 19:00:17 changer imapd[1859]: connect from 192.168.237.70
Jun 21 19:00:20 changer imapd[1861]: connect from 192.168.237.70
Jun 21 19:00:24 changer imapd[1862]: connect from 192.168.237.70
Jun 21 19:01:08 changer imapd[1880]: connect from 192.168.237.70
Jun 21 19:01:14 changer imapd[1883]: connect from 192.168.237.70
Jun 21 19:01:17 changer imapd[1886]: connect from 192.168.237.70
Jun 21 19:01:20 changer imapd[1889]: connect from 192.168.237.70
Jun 21 19:01:22 changer imapd[1892]: connect from 192.168.237.70
Jun 21 19:02:16 changer imapd[1905]: connect from 192.168.237.70
Jun 22 00:39:00 changer in.telnetd[7288]: connect from 192.168.237.70
Jun 22 00:39:52 changer in.telnetd[7298]: connect from 192.168.237.70
Jun 22 00:45:17 changer imapd[7314]: connect from 192.168.237.70
Jun 22 00:50:17 changer imapd[7463]: connect from 192.168.237.70
Jun 22 20:49:34 changer in.telnetd[26948]: connect from 192.168.237.70
Jun 22 22:55:02 changer in.telnetd[28939]: connect from 192.168.237.70


192.168.237irgendwas ist ok aber der rest?
Mamor Stein und Eisen bricht, nur mein Linuxserver nicht -:)
Ach so
Ich schwädz Hoheloisch ond bin ned schwul ond des isch a gud sou.

Benutzeravatar
glatzor
Beiträge: 1769
Registriert: 03.02.2002 19:01:46
Wohnort: Vierkirchen bei München

Beitrag von glatzor » 24.06.2002 12:52:54

Wenn Du Dienste wie ftp oder imap im Internet anbietest, darfst Du Dich nicht wundern, wenn sich dann auch mal Leute ab und zu an ihnen anmelden - meist wohl aus Versehen oder Zufall.
Ist Dein Exim als Mail Exchanger für Deine Domain walki.homelinux.org oder für alle Domains, welche ihn als MX gesetzt haben konfiguriert?

Benutzeravatar
walki
Beiträge: 46
Registriert: 24.02.2002 01:12:36
Wohnort: In Hohenlohe
Kontaktdaten:

Beitrag von walki » 30.06.2002 13:52:11

Ist nur für meine Domain konfiguriert,
Habe bereits mit dem Webmaster von der Absenderdomain gesprochen.
Sein Server wurde benutzt um mich zu zumüllen hat aber wohl nicht ganz funktioniert
Sein Server ist ein einziges Sicherheitsloch. :lol:
Habe bei mir jetzt ein zusätliches Skript laufen. Einbruch zwecklos.
mfg walki
Mamor Stein und Eisen bricht, nur mein Linuxserver nicht -:)
Ach so
Ich schwädz Hoheloisch ond bin ned schwul ond des isch a gud sou.

Antworten