作者 主題: LogWatch Message  (閱讀 10590 次)

0 會員 與 1 訪客 正在閱讀本文。

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 於: 2002-12-06 08:54 »
請問如下列訊息被入侵是否成功?
 又可能的漏洞在哪?
--------------------- sendmail Begin ------------------------

2887 bytes transferred
23 messages sent

**Unmatched Entries**

gB5555k03582: ruleset=check_rcpt, arg1=, relay=[218.144.117.89], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [218.144.117.89]
gB5ATso01063: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AU3o01069: ruleset=check_mail, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=553 5.5.4 ... Domain name required for sender address abuse
gB5AUDo01070: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AUKo01071: ruleset=check_mail, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=553 5.5.4 ... Real domain name required for sender address
gB5AUSo01072: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AUco01073: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AUlo01074: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AUvo01075: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AV6o01076: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AVDo01077: ruleset=check_rcpt, arg1=<"spaminator@abuse.earthlink.net">, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 <"spaminator@abuse.earthlink.net">... Relaying denied
gB5AVKo01078: ruleset=check_rcpt, arg1=<"spaminator%abuse.earthlink.net">, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 <"spaminator%abuse.earthlink.net">... Relaying denied
gB5AVSo01079: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AVZo01080: ruleset=check_rcpt, arg1=<"spaminator@abuse.earthlink.net"@[211.20.51.230]>, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 <"spaminator@abuse.earthlink.net"@[211.20.51.230]>... Relaying denied
gB5AVgo01081: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AVpo01082: ruleset=check_rcpt, arg1=<@[211.20.51.230]:spaminator@abuse.earthlink.net>, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 <@[211.20.51.230]:spaminator@abuse.earthlink.net>... Relaying denied
gB5AVvo01083: ruleset=check_rcpt, arg1=<@fd137.adsldns.org:spaminator@abuse.earthlink.net>, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 <@fd137.adsldns.org:spaminator@abuse.earthlink.net>... Relaying denied
gB5AW9o01084: ruleset=check_mail, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=553 5.5.4 ... Domain name required for sender address
gB5AWDo01085: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AWJo01086: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5AWQo01087: ruleset=check_rcpt, arg1=, relay=illuminati.sys.atl.earthlink.net [199.174.117.65], reject=550 5.7.1 ... Relaying denied
gB5Bs0o01202: ruleset=check_rcpt, arg1=, relay=[203.145.27.121], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [203.145.27.121]

 ---------------------- sendmail End -------------------------

sincat

  • 憂鬱的高中生
  • ***
  • 文章數: 102
    • 檢視個人資料
LogWatch Message
« 回覆 #1 於: 2002-12-06 10:01 »
NO

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 回覆 #2 於: 2002-12-06 11:00 »
如果答案是 “NO” 當然是非常高興
但是 ,不知為何我在 post 這段經由mail copy-past 下來的文章時
本站卻出現 “拒絕發文攻擊”字樣

Timmy

  • 可愛的小學生
  • *
  • 文章數: 13
    • 檢視個人資料
LogWatch Message
« 回覆 #3 於: 2002-12-09 06:57 »
引述: "al"
如果答案是 “NO” 當然是非常高興
但是 ,不知為何我在 post 這段經由mail copy-past 下來的文章時
本站卻出現 “拒絕發文攻擊”字樣


這不是被入侵的訊息哦。以下訊息的例子說明:
gB5555k03582: ruleset=check_rcpt, arg1=, relay=[218.144.117.89], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [218.144.117.89]

Relaying denied 的意思是指「拒絕 Relay」,也就是說 218.144.117.89 這台機器想要利用你的 Mail Server 來寄信,但是被拒絕了,如此而已。建議你去看一下 SMTP,應該對你有些幫助囉。 :o

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 回覆 #4 於: 2002-12-15 14:24 »
那再請問為何會一直被要求 Relay ?(每天約30個 relay deny 煩)
網路有明顯變慢! 燈號閃不停
是 DNS or sendmail 設定出錯?
謝謝

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 回覆 #5 於: 2002-12-16 12:29 »
今天 12/16 接到中華電信客服部警告
說有人檢舉這台 mail server 亂發廣告信
趕緊看 Logwatch message 內容還是一樣有很多 deny relay 信息
不同的是要求 relay 的來源從 china 變成 yahoo & china
只好修改 /etc/mail/access 將 yahoo RELAY 給取消掉
可是好像沒改善
不知是否有其他更有效的方法?

netman

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 17465
    • 檢視個人資料
    • http://www.study-area.org
LogWatch Message
« 回覆 #6 於: 2002-12-16 12:40 »
將  access 保留只剩 127.0.0.1  及 localhsot 還有內部網路就好...

其他全改為 AUTH SMTP 吧。搜尋這邊的 sasl 就有...

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 回覆 #7 於: 2002-12-19 09:22 »
經過 5 天Relay deny 終於停止了
卻有新的信息出現 illegal user ---guest,user,www,manager,web
ip 207.99.110.98 ping 不到
是否我的mail 主機還有其他漏洞? 系統是 rh73
--------------------- SSHD Begin ------------------------

Failed logins from these:
   root/password from 207.99.110.98: 2 time(s)

**Unmatched Entries**
input_userauth_request: illegal user guest
input_userauth_request: illegal user user
input_userauth_request: illegal user www
input_userauth_request: illegal user manager
input_userauth_request: illegal user web
Failed none for illegal user guest from 207.99.110.98 port 2070 ssh2
Failed none for illegal user manager from 207.99.110.98 port 2069 ssh2
Failed none for illegal user web from 207.99.110.98 port 2075 ssh2
Failed none for illegal user user from 207.99.110.98 port 2071 ssh2
Failed none for illegal user www from 207.99.110.98 port 2076 ssh2
Failed keyboard-interactive for illegal user guest from 207.99.110.98 port 2070 ssh2
Failed keyboard-interactive for illegal user manager from 207.99.110.98 port 2069 ssh2
Failed keyboard-interactive for illegal user web from 207.99.110.98 port 2075 ssh2
Failed keyboard-interactive for illegal user user from 207.99.110.98 port 2071 ssh2
Failed keyboard-interactive for illegal user www from 207.99.110.98 port 2076 ssh2
Failed password for illegal user manager from 207.99.110.98 port 2069 ssh2
Failed password for illegal user guest from 207.99.110.98 port 2070 ssh2
Failed password for illegal user user from 207.99.110.98 port 2071 ssh2
Failed password for illegal user web from 207.99.110.98 port 2075 ssh2
Failed password for illegal user www from 207.99.110.98 port 2076 ssh2
input_userauth_request: illegal user mysql
Failed none for illegal user mysql from 207.99.110.98 port 2077 ssh2
Failed keyboard-interactive for illegal user mysql from 207.99.110.98 port 2077 ssh2
Failed password for illegal user mysql from 207.99.110.98 port 2077 ssh2


 ---------------------- SSHD End -------------------------

netman

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 17465
    • 檢視個人資料
    • http://www.study-area.org
LogWatch Message
« 回覆 #8 於: 2002-12-19 11:13 »
有人亂槍打鳥,trying to break in 。

al

  • 憂鬱的高中生
  • ***
  • 文章數: 136
    • 檢視個人資料
LogWatch Message
« 回覆 #9 於: 2002-12-19 12:11 »
Sorry,May I ask how to "break in"?

netman

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 17465
    • 檢視個人資料
    • http://www.study-area.org
LogWatch Message
« 回覆 #10 於: 2002-12-19 12:34 »
大題目,我也不會~~~  ^_^