[CLUE-Tech] Cracked! Mailog entries that tipped me off FYI

ian iguy at ionsphere.org
Sat Mar 24 08:50:35 MST 2001 

So they have both their own registered domain AND someone in Romaina that is
either working with them or been hacked as a jumping point also.

Its common if you don't have a ton of things turned on in ipchains or iptables
for nothing to show up in the messages log.  The only thing you might see
is someone logged in??

ian

On Sat, Mar 24, 2001 at 03:41:43PM +0000, Jim Intriglia wrote:
> Greetings,
> 
> For those of you that might be interested in logfile info that showed my PC 
> was compromised, the mailog file follows. Nothing showed up in messages 
> BTW...
> 
> -Jim
> 
> Mar 19 12:05:08 localhost sendmail[505]: alias database /etc/aliases rebuilt 
> by root
> Mar 19 12:05:08 localhost sendmail[505]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 19 12:05:09 localhost sendmail[519]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> Mar 20 05:08:26 localhost sendmail[2716]: FAA02716: from=root, size=284, 
> class=0, pri=30284, nrcpts=1, 
> msgid=<200103201308.FAA02716 at localhost.localdomain>, relay=root at localhost
> Mar 20 05:08:27 localhost sendmail[2720]: FAA02716: to=becys at becys.org, 
> ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=esmtp, 
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
> unreachable
> Mar 20 06:05:10 localhost sendmail[3000]: FAA02716: to=becys at becys.org, 
> ctladdr=root (0/0), delay=00:56:46, xdelay=00:00:00, mailer=esmtp, 
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
> unreachable
> Mar 20 07:05:11 localhost sendmail[3107]: FAA02716: to=becys at becys.org, 
> ctladdr=root (0/0), delay=01:56:47, xdelay=00:00:01, mailer=esmtp, 
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is 
> unreachable
> Mar 20 09:33:59 localhost sendmail[532]: alias database /etc/aliases rebuilt 
> by root
> Mar 20 09:33:59 localhost sendmail[532]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 20 09:34:00 localhost sendmail[546]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> Mar 20 09:34:00 localhost sendmail[549]: FAA02716: JAA00549: return to 
> sender: Warning: could not send message for past 4 hours
> Mar 20 09:34:00 localhost sendmail[549]: JAA00549: to=root, delay=00:00:00, 
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: to=becys at becys.org, 
> ctladdr=root (0/0), delay=05:26:01, xdelay=00:00:24, mailer=esmtp, 
> relay=mail.becys.org. [64.176.171.107], stat=Data format error
> Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: KAA01134: return to 
> sender: Data format error
> Mar 20 10:34:25 localhost sendmail[1134]: KAA01134: to=root, delay=00:00:00, 
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 20 13:21:48 localhost sendmail[511]: alias database /etc/aliases rebuilt 
> by root
> Mar 20 13:21:48 localhost sendmail[511]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 20 13:21:48 localhost sendmail[525]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> Mar 22 09:47:17 localhost sendmail[5344]: JAA05344: from=root, size=286, 
> class=0, pri=30286, nrcpts=1, 
> msgid=<200103221747.JAA05344 at localhost.localdomain>, relay=root at localhost
> Mar 22 09:47:18 localhost sendmail[5348]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 10:21:53 localhost sendmail[5405]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=00:34:36, xdelay=00:00:01, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 11:21:53 localhost sendmail[5495]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=01:34:36, xdelay=00:00:02, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 12:21:52 localhost sendmail[5521]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=02:34:35, xdelay=00:00:01, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 13:21:52 localhost sendmail[5574]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=03:34:35, xdelay=00:00:01, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=04:34:37, xdelay=00:00:02, mailer=esmtp, 
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is 
> unreachable
> Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: OAA05721: return to 
> sender: Warning: could not send message for past 4 hours
> Mar 22 14:21:54 localhost sendmail[5721]: OAA05721: to=root, delay=00:00:00, 
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 22 14:38:42 localhost sendmail[518]: alias database /etc/aliases rebuilt 
> by root
> Mar 22 14:38:43 localhost sendmail[518]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 22 14:38:43 localhost sendmail[532]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> Mar 22 15:38:49 localhost sendmail[1292]: JAA05344: to=granstone at go.ro, 
> ctladdr=root (0/0), delay=05:51:32, xdelay=00:00:04, mailer=esmtp, 
> relay=relay1.go.ro. [193.231.236.42], stat=Data format error
> Mar 22 15:38:50 localhost sendmail[1292]: JAA05344: PAA01292: return to 
> sender: Data format error
> Mar 22 15:38:50 localhost sendmail[1292]: PAA01292: to=root, delay=00:00:00, 
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 23 05:23:31 localhost sendmail[517]: alias database /etc/aliases rebuilt 
> by root
> Mar 23 05:23:31 localhost sendmail[517]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 23 05:23:32 localhost sendmail[531]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> Mar 23 07:27:32 localhost sendmail[516]: alias database /etc/aliases rebuilt 
> by root
> Mar 23 07:27:32 localhost sendmail[516]: /etc/aliases: 14 aliases, longest 
> 10 bytes, 152 bytes total
> Mar 23 07:27:32 localhost sendmail[530]: starting daemon (8.9.3): 
> SMTP+queueing at 01:00:00
> 
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list