[CLUE-Tech] Cracked! Mailog entries that tipped me off FYI

Jim Intriglia jimintriglia at hotmail.com
Sat Mar 24 15:41:43 MST 2001 

Greetings,

For those of you that might be interested in logfile info that showed my PC 
was compromised, the mailog file follows. Nothing showed up in messages 
BTW...

-Jim

Mar 19 12:05:08 localhost sendmail[505]: alias database /etc/aliases rebuilt 
by root
Mar 19 12:05:08 localhost sendmail[505]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 19 12:05:09 localhost sendmail[519]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00
Mar 20 05:08:26 localhost sendmail[2716]: FAA02716: from=root, size=284, 
class=0, pri=30284, nrcpts=1, 
msgid=<200103201308.FAA02716 at localhost.localdomain>, relay=root at localhost
Mar 20 05:08:27 localhost sendmail[2720]: FAA02716: to=becys at becys.org, 
ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=esmtp, 
relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
unreachable
Mar 20 06:05:10 localhost sendmail[3000]: FAA02716: to=becys at becys.org, 
ctladdr=root (0/0), delay=00:56:46, xdelay=00:00:00, mailer=esmtp, 
relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
unreachable
Mar 20 07:05:11 localhost sendmail[3107]: FAA02716: to=becys at becys.org, 
ctladdr=root (0/0), delay=01:56:47, xdelay=00:00:01, mailer=esmtp, 
relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
unreachable
Mar 20 09:33:59 localhost sendmail[532]: alias database /etc/aliases rebuilt 
by root
Mar 20 09:33:59 localhost sendmail[532]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 20 09:34:00 localhost sendmail[546]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00
Mar 20 09:34:00 localhost sendmail[549]: FAA02716: JAA00549: return to 
sender: Warning: could not send message for past 4 hours
Mar 20 09:34:00 localhost sendmail[549]: JAA00549: to=root, delay=00:00:00, 
xdelay=00:00:00, mailer=local, stat=Sent
Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: to=becys at becys.org, 
ctladdr=root (0/0), delay=05:26:01, xdelay=00:00:24, mailer=esmtp, 
relay=mail.becys.org. [64.176.171.107], stat=Data format error
Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: KAA01134: return to 
sender: Data format error
Mar 20 10:34:25 localhost sendmail[1134]: KAA01134: to=root, delay=00:00:00, 
xdelay=00:00:00, mailer=local, stat=Sent
Mar 20 13:21:48 localhost sendmail[511]: alias database /etc/aliases rebuilt 
by root
Mar 20 13:21:48 localhost sendmail[511]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 20 13:21:48 localhost sendmail[525]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00
Mar 22 09:47:17 localhost sendmail[5344]: JAA05344: from=root, size=286, 
class=0, pri=30286, nrcpts=1, 
msgid=<200103221747.JAA05344 at localhost.localdomain>, relay=root at localhost
Mar 22 09:47:18 localhost sendmail[5348]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 10:21:53 localhost sendmail[5405]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=00:34:36, xdelay=00:00:01, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 11:21:53 localhost sendmail[5495]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=01:34:36, xdelay=00:00:02, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 12:21:52 localhost sendmail[5521]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=02:34:35, xdelay=00:00:01, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 13:21:52 localhost sendmail[5574]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=03:34:35, xdelay=00:00:01, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=04:34:37, xdelay=00:00:02, mailer=esmtp, 
relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
unreachable
Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: OAA05721: return to 
sender: Warning: could not send message for past 4 hours
Mar 22 14:21:54 localhost sendmail[5721]: OAA05721: to=root, delay=00:00:00, 
xdelay=00:00:00, mailer=local, stat=Sent
Mar 22 14:38:42 localhost sendmail[518]: alias database /etc/aliases rebuilt 
by root
Mar 22 14:38:43 localhost sendmail[518]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 22 14:38:43 localhost sendmail[532]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00
Mar 22 15:38:49 localhost sendmail[1292]: JAA05344: to=granstone at go.ro, 
ctladdr=root (0/0), delay=05:51:32, xdelay=00:00:04, mailer=esmtp, 
relay=relay1.go.ro. [193.231.236.42], stat=Data format error
Mar 22 15:38:50 localhost sendmail[1292]: JAA05344: PAA01292: return to 
sender: Data format error
Mar 22 15:38:50 localhost sendmail[1292]: PAA01292: to=root, delay=00:00:00, 
xdelay=00:00:00, mailer=local, stat=Sent
Mar 23 05:23:31 localhost sendmail[517]: alias database /etc/aliases rebuilt 
by root
Mar 23 05:23:31 localhost sendmail[517]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 23 05:23:32 localhost sendmail[531]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00
Mar 23 07:27:32 localhost sendmail[516]: alias database /etc/aliases rebuilt 
by root
Mar 23 07:27:32 localhost sendmail[516]: /etc/aliases: 14 aliases, longest 
10 bytes, 152 bytes total
Mar 23 07:27:32 localhost sendmail[530]: starting daemon (8.9.3): 
SMTP+queueing at 01:00:00


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

More information about the clue-tech mailing list