我的 postmaster@mydomain.com 刚刚收到以下“未送达邮件”
这是否意味着有人可能试图(或成功)入侵我?
(出于隐私目的,我替换了下面的某些部分,这不是我在这里收到的 100% 原件。)
This is the mail system at host mydomain.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<ubahreasons@yahoo.com>: host mta7.am0.yahoodns.net[98.138.112.35] said: 554
delivery error: dd Sorry your message to ubahreasons@yahoo.com cannot be
delivered. This account has been disabled or discontinued [#102]. -
mta1303.mail.ne1.yahoo.com (in reply to end of DATA command)
Reporting-MTA: dns; mydomain.com
X-Postfix-Queue-ID: 684A933780CC
X-Postfix-Sender: rfc822; root@mydomain.com
Arrival-Date: Tue, 14 Oct 2014 21:16:56 +0200 (CEST)
Final-Recipient: rfc822; ubahreasons@yahoo.com
Original-Recipient: rfc822;ubahreasons@yahoo.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mta7.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd Sorry your message to
ubahreasons@yahoo.com cannot be delivered. This account has been disabled
or discontinued [#102]. - mta1303.mail.ne1.yahoo.com
ForwardedMessage.eml
Subject:
TESTING - 2012
From:
root@mydomain.com (root)
Date:
10/14/2014 9:16 PM
To:
ubahreasons@yahoo.com
#############################iNFOS#############################
#############################FOR YOU#############################
Linux servername 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) context=system_u:system_r:initrc_t
#############################SSH iNFOS#############################
#############################FOR YOU#############################
#UsePAM no
UsePAM yes
PermitRootLogin
#GatewayPorts no
#ListenAddress 0.0.0.0
#ListenAddress ::
#############################SHADOWFILE#############################
#############################SHADOWFILE#############################
root:$1$H4zwKrgL$NA37jPGoTCiPA0mrq/OKq/:15231:0:99999:7:::
bin:*:15431:0:99999:7:::
daemon:*:15431:0:99999:7:::
info:$1$dO1pvRG.$DZUXjGeS4NgDpGNCwX.0b0:14241:0:99999:7::::::
postmaster:$1$gW7jPsgB$dh09VlQ/W0FALpPlR1fPt/:16127:0:99999:7:::
... more stuff like that
#############################iPS#############################
#############################iPS#############################
inet addr:111.11.111.11 Bcast:111.11.111.11 Mask:255.255.255.0
inet6 addr: ff11::11ff:11ff:ffff:1111/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
#############################USERS WITH SHELL#############################
#############################USERS WITH SHELL#############################
root:x:0:0:root:/root:/bin/bash
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
... some more stuff like the first three lines
我不是最有经验的,所以如果有人可以就这意味着什么以及下一步做什么给我建议......谢谢!
更新:
在违规时,我的 httpd 日志文件中有以下内容:
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "POST http://80.65.51.219:6667/ HTTP/1.0" 302 225 "-" "-"
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "CONNECT 80.65.51.219:6667 HTTP/1.0" 302 225 "-" "-"
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "PUT http://80.65.51.219:6667/ HTTP/1.0" 302 225 "-" "-"
否则我找不到任何可疑的东西。
对以前看过类似内容的任何人的任何进一步建议,请发表评论或回答。谢谢!
是否有人使用您的服务器故意向 ubahreasons@yahoo.com 发送电子邮件?如果是这样,那么这只是一份 NDR - 未交付报告。
如果没有,那么你可能被黑了。
/Edit Aha - 出于某种原因,我阅读了这封电子邮件的较低内容作为来自您本地邮件的诊断信息。现在我看到被退回的不成功电子邮件的内容更有可能 - 是的,你已经被骗了。把它烧到地上,然后重新开始。
| 归档时间: |
|
| 查看次数: |
1010 次 |
| 最近记录: |