DK*CERT Abuse Team??? Why??

Discussion in 'General' started by vaio1, Nov 25, 2009.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Dear Administrator,

    We recieved a complaint about networkscan from IP
    Please see the attached set of logs from the security software.

    It might be that your host has been taken over by intruders.
    Please disconnect this host IMMEDIATELY and investigate its security status.

    Otherwise please identify your customer operating from the above
    address at the time mentioned, and immediately terminate his hacking
    activities. Please prevent him from continuing this kind of activity
    in the future as well.

    This incident has been assigned the following number:


    For future reference, please include this number in the subject line of your e-mail.

    Best regards,
    DK*CERT Abuse Team,

    DTU, Centrifugevej, bygning 356
    2800 Kgs. Lyngby

    Email: [email protected]
    Telefon: +45 3587 8887

    If nothing else mentioned below, timezone is believed to be UTC+0100(CET)
    Destination address(es): Adresser i nettene og

    Security logs:

    #Nov 25 04:00:15 2009 .. Nov 25 04:39:57 2009
    # Scan from affecting at least
    # 64 addresses targeting TCP:1024, TCP:3072.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check your system with rkhunter.
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    This is the log file.
    Can you help me to understand it and fix the problem ?

    have I consider the email previously received as a fake email?

    How have I protect my postfix server?


    Attached Files:

    Last edited: Nov 25, 2009
  4. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    The problem has been solved thanks

Share This Page