Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th November 2009, 11:30
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default DK*CERT Abuse Team??? Why??

Dear Administrator,

We recieved a complaint about networkscan from IP 000.000.000.000.
Please see the attached set of logs from the security software.

It might be that your host has been taken over by intruders.
Please disconnect this host IMMEDIATELY and investigate its security status.

Otherwise please identify your customer operating from the above
address at the time mentioned, and immediately terminate his hacking
activities. Please prevent him from continuing this kind of activity
in the future as well.


This incident has been assigned the following number:

DK*CERT#454546

For future reference, please include this number in the subject line of your e-mail.


Best regards,
DK*CERT Abuse Team,

DK*CERT
UNI*C,
DTU, Centrifugevej, bygning 356
2800 Kgs. Lyngby

Email: cert@cert.dk
Telefon: +45 3587 8887
Web: www.cert.dk

If nothing else mentioned below, timezone is believed to be UTC+0100(CET)
Destination address(es): Adresser i nettene 130.225.16.0/22 og 130.225.2.128/25

Security logs:

#Nov 25 04:00:15 2009 .. Nov 25 04:39:57 2009
# Scan from 000.000.000.000 affecting at least
# 64 addresses targeting TCP:1024, TCP:3072.
Reply With Quote
Sponsored Links
  #2  
Old 25th November 2009, 13:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,333 Times in 4,184 Posts
Default

Check your system with rkhunter.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 25th November 2009, 13:32
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default

This is the log file.
Can you help me to understand it and fix the problem ?

have I consider the email previously received as a fake email?

How have I protect my postfix server?
http://ubuntuforums.org/showthread.php?t=990582

thanks
Attached Files
File Type: gz rkhunter.log.tar.gz (21.7 KB, 153 views)

Last edited by vaio1; 25th November 2009 at 16:14.
Reply With Quote
  #4  
Old 27th November 2009, 23:34
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
 
Default

The problem has been solved thanks
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setup 2 network adapter in a team Paladinemishakal Installation/Configuration 0 2nd November 2009 14:15
PHP "Resource Limits" Abuse? domino Server Operation 2 19th February 2008 11:59
Server Abuse godsdog General 7 3rd October 2006 07:26
Postmaster and Abuse Global addresses bluethunder82 Installation/Configuration 4 1st October 2006 19:21


All times are GMT +2. The time now is 19:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.