Mailinglist Archive: opensuse (3138 mails)
| < Previous | Next > |
Re: [SLE] Is this for real?
- From: Mike <mike@xxxxxxxxxxxxx>
- Date: Sat, 25 Dec 2004 11:24:04 +0100
- Message-id: <200412251124.04556.mike@xxxxxxxxxxxxx>
On Saturday 25 December 2004 10:03, Anders Norrbring wrote:
> Do anybody have any ideas on this e-mail? My admin inbox was full of
> these e-mails this morning, I don't know if they're for real, or
> what... Can someone please advice? There is one phpbb running on the
> server...
Are you running phpBB? If so, I'd get it upgraded. There is a worm
running around that attacks a bug in it.
Mike
>
>
> HEADERS:
>
> Return-Path: <wwwrun@iris>
> Received: from mail.the-server.net ([unix socket])
> by iris (Cyrus v2.1.15) with LMTP; Sat, 25 Dec 2004 00:50:24 +0100
> X-Sieve: CMU Sieve 2.2
> Received: from localhost (localhost [127.0.0.1])
> by mail.the-server.net (Postfix) with ESMTP id D8D11CA8E;
> Sat, 25 Dec 2004 00:50:23 +0100 (CET)
> Received: from mail.the-server.net ([127.0.0.1])
> by localhost (iris [127.0.0.1]) (amavisd-new, port 10024) with LMTP
> id 13131-05-2; Sat, 25 Dec 2004 00:48:50 +0100 (CET)
> Received: by mail.the-server.net (Postfix, from userid 30)
> id 00F16C874; Sat, 25 Dec 2004 00:48:48 +0100 (CET)
> Date: Sat, 25 Dec 2004 00:48:48 +0100
> To: postmaster, hostmaster, abuse, admin, root
> Subject: YOUR SERVER HAS BEEN HACKED
> Message-ID: <41CCAAE0.mailC4S112L68@xxxxxxxxxxxxxxxxxxx>
> User-Agent: nail 10.5 4/27/03
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> From: wwwrun (WWW daemon apache)
> X-Virus-Scanned: by Kaspersky, NOD32 & F-Secure at the-server.net
>
>
> MESSAGE BODY:
>
> YOUR SERVER HAS BEEN OWNED VIA PHPBB, PLEASE UPGRADE PHP AND PHPBB
> IMMEDIATELY
--
Powered by SuSE 9.2 Kernel 2.6.8 KDE 3.3.0 Kmail 1.7.1
For Mondo/Mindi backup support go to
http://www.mikenjane.net/~mike
11:23am up 1:28, 3 users, load average: 2.75, 3.30, 3.38
> Do anybody have any ideas on this e-mail? My admin inbox was full of
> these e-mails this morning, I don't know if they're for real, or
> what... Can someone please advice? There is one phpbb running on the
> server...
Are you running phpBB? If so, I'd get it upgraded. There is a worm
running around that attacks a bug in it.
Mike
>
>
> HEADERS:
>
> Return-Path: <wwwrun@iris>
> Received: from mail.the-server.net ([unix socket])
> by iris (Cyrus v2.1.15) with LMTP; Sat, 25 Dec 2004 00:50:24 +0100
> X-Sieve: CMU Sieve 2.2
> Received: from localhost (localhost [127.0.0.1])
> by mail.the-server.net (Postfix) with ESMTP id D8D11CA8E;
> Sat, 25 Dec 2004 00:50:23 +0100 (CET)
> Received: from mail.the-server.net ([127.0.0.1])
> by localhost (iris [127.0.0.1]) (amavisd-new, port 10024) with LMTP
> id 13131-05-2; Sat, 25 Dec 2004 00:48:50 +0100 (CET)
> Received: by mail.the-server.net (Postfix, from userid 30)
> id 00F16C874; Sat, 25 Dec 2004 00:48:48 +0100 (CET)
> Date: Sat, 25 Dec 2004 00:48:48 +0100
> To: postmaster, hostmaster, abuse, admin, root
> Subject: YOUR SERVER HAS BEEN HACKED
> Message-ID: <41CCAAE0.mailC4S112L68@xxxxxxxxxxxxxxxxxxx>
> User-Agent: nail 10.5 4/27/03
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> From: wwwrun (WWW daemon apache)
> X-Virus-Scanned: by Kaspersky, NOD32 & F-Secure at the-server.net
>
>
> MESSAGE BODY:
>
> YOUR SERVER HAS BEEN OWNED VIA PHPBB, PLEASE UPGRADE PHP AND PHPBB
> IMMEDIATELY
--
Powered by SuSE 9.2 Kernel 2.6.8 KDE 3.3.0 Kmail 1.7.1
For Mondo/Mindi backup support go to
http://www.mikenjane.net/~mike
11:23am up 1:28, 3 users, load average: 2.75, 3.30, 3.38
| < Previous | Next > |