DK*CERT Abuse Team??? Why??

Discussion in 'General' started by vaio1, Nov 25, 2009.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Dear Administrator,

    We recieved a complaint about networkscan from IP 000.000.000.000.
    Please see the attached set of logs from the security software.

    It might be that your host has been taken over by intruders.
    Please disconnect this host IMMEDIATELY and investigate its security status.

    Otherwise please identify your customer operating from the above
    address at the time mentioned, and immediately terminate his hacking
    activities. Please prevent him from continuing this kind of activity
    in the future as well.


    This incident has been assigned the following number:

    DK*CERT#454546

    For future reference, please include this number in the subject line of your e-mail.


    Best regards,
    DK*CERT Abuse Team,

    DK*CERT
    UNI*C,
    DTU, Centrifugevej, bygning 356
    2800 Kgs. Lyngby

    Email: [email protected]
    Telefon: +45 3587 8887
    Web: www.cert.dk

    If nothing else mentioned below, timezone is believed to be UTC+0100(CET)
    Destination address(es): Adresser i nettene 130.225.16.0/22 og 130.225.2.128/25

    Security logs:

    #Nov 25 04:00:15 2009 .. Nov 25 04:39:57 2009
    # Scan from 000.000.000.000 affecting at least
    # 64 addresses targeting TCP:1024, TCP:3072.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check your system with rkhunter.
     
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    This is the log file.
    Can you help me to understand it and fix the problem ?

    have I consider the email previously received as a fake email?

    How have I protect my postfix server?
    http://ubuntuforums.org/showthread.php?t=990582

    thanks
     

    Attached Files:

    Last edited: Nov 25, 2009
  4. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    The problem has been solved thanks
     

Share This Page