| 1 |
I posted the following on the weekend and it seems to have been |
| 2 |
overlooked. If no one really has any ideas, I'm sorry for the repost, |
| 3 |
but, I would think that someone here has used vpopmail... I'm really |
| 4 |
hoping that this is something that vpopmail puts in the logs normally! |
| 5 |
|
| 6 |
Here's my previous post: |
| 7 |
|
| 8 |
Finally got around to installing a log monitoring tool (logwatch) this |
| 9 |
morning. I'm not sure why it doesn't give me any output for any services |
| 10 |
other than syslogd (maybe cuz all the other services are dumping into |
| 11 |
/var/log/messages?), but while looking through /var/log/messages for |
| 12 |
stuff that logwatch might find, I saw something that made my heart skip |
| 13 |
a beat. |
| 14 |
|
| 15 |
There are a number of vpopmail entries like this: |
| 16 |
|
| 17 |
Nov 6 10:21:51 munat vpopmail[29101]: vchkpw-smtp: password fail |
| 18 |
postmaster@×××××.com:80.104.163.225 |
| 19 |
Nov 6 10:21:57 munat vpopmail[29103]: vchkpw-smtp: (PLAIN) login |
| 20 |
success postmaster@×××××.com:80.104.163.225 |
| 21 |
|
| 22 |
Always in pairs like that... mostly with different addresses, and |
| 23 |
addresses that I don't recognize. My brother and I are the only people |
| 24 |
who should be able to log into the postmaster account, and we rarely do |
| 25 |
so, so... |
| 26 |
|
| 27 |
The question is, has my vpopmail been hacked or is this somehow a |
| 28 |
typical vpopmail occurrence? Going back through messages, there are |
| 29 |
entries like this every day. So maybe, for some strange reason vpopmail |
| 30 |
prints this entry in the logs periodically? |
| 31 |
|
| 32 |
Ben |
Archives